6ce71adc8e2734162f41f13d068e9eacc6b544c23e5a4327ce756bc537a7ea19

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71729e02c8688cdc3d73b080c74db6bb.exe
Size

168KB
MD5

71729e02c8688cdc3d73b080c74db6bb
SHA1

ea1fc1ef7dcd8ec18441f9277ee06c39ac0c0632
SHA256

6ce71adc8e2734162f41f13d068e9eacc6b544c23e5a4327ce756bc537a7ea19
SHA512

1e891afd2ee28ae8e3f6109fc8e6dea22e40facbf5bcc1b85a512798d7bdcb6f4536efe58392c63edeefe05a1406c8bd83e311961c029e5e963ee01378e0a797
SSDEEP

3072:tfnDkFW2ipynr7iNxP4XqQuXxo5/uxr/lv85jBi/ON+aZ3UxdE5FmTixuxaH/EPP:ZnD5yyNxwte4+/Zwf3UxdOsTixu4M3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1300	whboy.exe
4464	whboy.exe
4280	whboy.exe
4540	whboy.exe
2732	whboy.exe
4628	whboy.exe
2408	whboy.exe
4880	whboy.exe
684	whboy.exe
3096	whboy.exe
3420	whboy.exe
5076	whboy.exe
1412	whboy.exe
2036	whboy.exe
1224	whboy.exe
4084	whboy.exe
2928	whboy.exe
2476	whboy.exe
4756	whboy.exe
2400	whboy.exe
2284	whboy.exe
1760	whboy.exe
1560	whboy.exe
3204	whboy.exe
4448	whboy.exe
4644	whboy.exe
3380	whboy.exe
912	whboy.exe
3388	whboy.exe
3052	whboy.exe
4944	whboy.exe
1496	whboy.exe
4440	whboy.exe
4980	whboy.exe
3356	whboy.exe
1884	whboy.exe
1896	whboy.exe
448	whboy.exe
4536	whboy.exe
3956	whboy.exe
404	whboy.exe
1656	whboy.exe
4736	whboy.exe
4504	whboy.exe
888	whboy.exe
4864	whboy.exe
1488	whboy.exe
4336	whboy.exe
3992	whboy.exe
208	whboy.exe
2876	whboy.exe
5020	whboy.exe
3692	whboy.exe
112	whboy.exe
1360	whboy.exe
3792	whboy.exe
4664	whboy.exe
4340	whboy.exe
5012	whboy.exe
4452	whboy.exe
1508	whboy.exe
4748	whboy.exe
4560	whboy.exe
1784	whboy.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	whboy.exe
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File opened for modification	C:\Windows\SysWOW64\whboy.txt	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File opened for modification	C:\Windows\SysWOW64\whboy.txt	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	Process not Found
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe
File opened for modification	C:\Windows\SysWOW64\whboy.txt	whboy.exe
File created	C:\Windows\SysWOW64\whboy.exe	whboy.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	Process not Found
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	whboy.exe
File opened for modification	C:\Windows\bak.exe	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 1300	396	71729e02c8688cdc3d73b080c74db6bb.exe	37
PID 396 wrote to memory of 1300	396	71729e02c8688cdc3d73b080c74db6bb.exe	37
PID 396 wrote to memory of 1300	396	71729e02c8688cdc3d73b080c74db6bb.exe	37
PID 1300 wrote to memory of 4464	1300	whboy.exe	39
PID 1300 wrote to memory of 4464	1300	whboy.exe	39
PID 1300 wrote to memory of 4464	1300	whboy.exe	39
PID 4464 wrote to memory of 4280	4464	whboy.exe	354
PID 4464 wrote to memory of 4280	4464	whboy.exe	354
PID 4464 wrote to memory of 4280	4464	whboy.exe	354
PID 4280 wrote to memory of 4540	4280	whboy.exe	353
PID 4280 wrote to memory of 4540	4280	whboy.exe	353
PID 4280 wrote to memory of 4540	4280	whboy.exe	353
PID 4540 wrote to memory of 2732	4540	whboy.exe	352
PID 4540 wrote to memory of 2732	4540	whboy.exe	352
PID 4540 wrote to memory of 2732	4540	whboy.exe	352
PID 2732 wrote to memory of 4628	2732	whboy.exe	351
PID 2732 wrote to memory of 4628	2732	whboy.exe	351
PID 2732 wrote to memory of 4628	2732	whboy.exe	351
PID 4628 wrote to memory of 2408	4628	whboy.exe	348
PID 4628 wrote to memory of 2408	4628	whboy.exe	348
PID 4628 wrote to memory of 2408	4628	whboy.exe	348
PID 2408 wrote to memory of 4880	2408	whboy.exe	347
PID 2408 wrote to memory of 4880	2408	whboy.exe	347
PID 2408 wrote to memory of 4880	2408	whboy.exe	347
PID 4880 wrote to memory of 684	4880	whboy.exe	346
PID 4880 wrote to memory of 684	4880	whboy.exe	346
PID 4880 wrote to memory of 684	4880	whboy.exe	346
PID 684 wrote to memory of 3096	684	whboy.exe	40
PID 684 wrote to memory of 3096	684	whboy.exe	40
PID 684 wrote to memory of 3096	684	whboy.exe	40
PID 3096 wrote to memory of 3420	3096	whboy.exe	344
PID 3096 wrote to memory of 3420	3096	whboy.exe	344
PID 3096 wrote to memory of 3420	3096	whboy.exe	344
PID 3420 wrote to memory of 5076	3420	whboy.exe	343
PID 3420 wrote to memory of 5076	3420	whboy.exe	343
PID 3420 wrote to memory of 5076	3420	whboy.exe	343
PID 5076 wrote to memory of 1412	5076	whboy.exe	342
PID 5076 wrote to memory of 1412	5076	whboy.exe	342
PID 5076 wrote to memory of 1412	5076	whboy.exe	342
PID 1412 wrote to memory of 2036	1412	whboy.exe	341
PID 1412 wrote to memory of 2036	1412	whboy.exe	341
PID 1412 wrote to memory of 2036	1412	whboy.exe	341
PID 2036 wrote to memory of 1224	2036	whboy.exe	339
PID 2036 wrote to memory of 1224	2036	whboy.exe	339
PID 2036 wrote to memory of 1224	2036	whboy.exe	339
PID 1224 wrote to memory of 4084	1224	whboy.exe	41
PID 1224 wrote to memory of 4084	1224	whboy.exe	41
PID 1224 wrote to memory of 4084	1224	whboy.exe	41
PID 4084 wrote to memory of 2928	4084	whboy.exe	338
PID 4084 wrote to memory of 2928	4084	whboy.exe	338
PID 4084 wrote to memory of 2928	4084	whboy.exe	338
PID 2928 wrote to memory of 2476	2928	whboy.exe	337
PID 2928 wrote to memory of 2476	2928	whboy.exe	337
PID 2928 wrote to memory of 2476	2928	whboy.exe	337
PID 2476 wrote to memory of 4756	2476	whboy.exe	336
PID 2476 wrote to memory of 4756	2476	whboy.exe	336
PID 2476 wrote to memory of 4756	2476	whboy.exe	336
PID 4756 wrote to memory of 2400	4756	whboy.exe	335
PID 4756 wrote to memory of 2400	4756	whboy.exe	335
PID 4756 wrote to memory of 2400	4756	whboy.exe	335
PID 2400 wrote to memory of 2284	2400	whboy.exe	42
PID 2400 wrote to memory of 2284	2400	whboy.exe	42
PID 2400 wrote to memory of 2284	2400	whboy.exe	42
PID 2284 wrote to memory of 1760	2284	whboy.exe	334

C:\Users\Admin\AppData\Local\Temp\71729e02c8688cdc3d73b080c74db6bb.exe
"C:\Users\Admin\AppData\Local\Temp\71729e02c8688cdc3d73b080c74db6bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4280

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3420

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2928

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:1760

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4440
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:4980

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:1884
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:1896

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4536
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:3956

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:1656
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:4736

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4864
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:1488

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:208
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:2876

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3692
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:112
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    - Executes dropped EXE
    PID:1360

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4340
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:5012

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:1508
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Executes dropped EXE
  PID:4748

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1864
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:4168

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:3532
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:4508

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4648
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:2416

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:3624
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:1476
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:4004

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1112

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4416
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:3644

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1188
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:3424

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:2260
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in System32 directory
  PID:3456

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:2052
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5124

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5184
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5204

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5224
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5244

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5308
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5328
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:5348

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5288

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5408
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5428

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5520
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5540

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5600
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5620

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5640
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5660

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5720
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in Windows directory
  PID:5740

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5820
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5840

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5920
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5940

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5980
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6000

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6024
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6044

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6124
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:1108

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1984
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:2020

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5448
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5464

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5816
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5896

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5716

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5696
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:5220

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6196
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6216

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6296
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6316

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6376
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6396

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6456
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6476

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6556
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6576

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6636
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6656

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6676
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6696

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6756
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6776

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6856
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6876

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6916
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6936

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6956
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6976
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:6996

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7016
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7036

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7076
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7096
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7116

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7056

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7136
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7156
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:6192

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6292
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6392
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:6492

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6592
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:6692
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:6792
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:6892
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:6992

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6896

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in Windows directory
PID:7092
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in Windows directory
  PID:6272

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6836

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6816

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6796

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6872
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7172

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6736

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6716

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7192
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7212
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7232

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6616

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7292
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7316
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7356
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:7376
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:7396
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:7556

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7252

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6596

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6536

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6516

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6496

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6436

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6416

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6356

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6336

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6276

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6256

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6236

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6176

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6156

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5304

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6080

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in Windows directory
PID:5996

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5596

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1420

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6104

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6084

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7576
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7596
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7616

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:6064

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5960

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5900

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5880

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5860

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5800

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5780

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5760

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7636
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7656
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7676
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:7696

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5700

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5680

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5580

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5560

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7776
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7796
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7816
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:7836
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:7856
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:7896

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7756

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7736

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7716

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5500

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5480

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5452

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5388

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5368

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5264

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:5152

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7916
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7936

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4444

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4040

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:3696

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7956
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in Windows directory
  PID:7976
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7996

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4556

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:2948

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1652

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8016
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8036
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8056

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4596

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8076
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8096
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8116
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:8136
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:8156

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
PID:2616

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:3752

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4576

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:3048

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:3860

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:1784

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4560

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4452

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4664

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3792

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8176
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7188

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:5020

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3992

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7284
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7412
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7512
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      Drops file in System32 directory
      PID:7612
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:7712
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        Drops file in System32 directory
        
        PID:7912

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4336

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:888

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4504

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:404

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:448

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3356

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:1496

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4944

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3052

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8012
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8112

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7692
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8208

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8228
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8248
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8268

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8288
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8308
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8328

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8348
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in System32 directory
  PID:8368

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7792

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7280

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8388
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8408
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8428

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3388

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8468
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8488

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8448

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8508
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8528
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8548

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8568
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8588

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:912

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8628
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8648

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8608

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8688
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8708

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8668

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3380

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8728
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8748
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8768

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:4644

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4448

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:3204

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
PID:1560

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4756

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1224

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1412

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5076

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:684

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4880

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:8788
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:8808
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:8844
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:8864
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:8884
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        14⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        15⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        16⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        17⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        18⤵
        Drops file in System32 directory
        
        PID:8484
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        19⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        20⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        21⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        22⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        23⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        24⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        25⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        26⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        27⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        28⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        29⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        30⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        31⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        32⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        33⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        34⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        35⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        36⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        37⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        38⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        39⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        40⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        41⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        42⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        43⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        44⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        45⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        46⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        47⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        48⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        49⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        50⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        51⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        52⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        53⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:9788
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        54⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        55⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        56⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        57⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        58⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        59⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        60⤵
        Drops file in Windows directory
        
        PID:9932
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        61⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        62⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        63⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        64⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        65⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        66⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        67⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        68⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        69⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        70⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        71⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        72⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        73⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        74⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        75⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        76⤵
        
        PID:468
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        77⤵
        Drops file in Windows directory
        
        PID:556
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        78⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        79⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        80⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        81⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        82⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        83⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        84⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        85⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        86⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        87⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        88⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        89⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        90⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        91⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        92⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        93⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        94⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        95⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        96⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        97⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        98⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        99⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        100⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        101⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        102⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        103⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        104⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        105⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        106⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        107⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        108⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        109⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        110⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        111⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        112⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        113⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        114⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        115⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        116⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        117⤵
        Drops file in Windows directory
        
        PID:10816
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        118⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        119⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        120⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        121⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        122⤵
        
        PID:10972

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4540

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11016
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11032
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11060
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:11088
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:11112

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11192
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11212
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11232
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:11260
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:10352
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:10748

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11172

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11152

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11132

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
PID:10788
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11028
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11148
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:11256
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:10720
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:10636

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11300
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11320
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11340

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11280

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11360
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11380

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11420
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11440

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11400

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11520
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in Windows directory
  PID:11540
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11560
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:11580
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:11600
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:11620

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11500

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11480

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11460

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11660
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11680

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11640

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11720
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11740
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11760

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in Windows directory
PID:11700

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11780
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11800

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11840
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11860
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11880
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:11900

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11820

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11920
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11944

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11964
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11984
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12004

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12024
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12044
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12064

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12084
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12104

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12144
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12164
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12184
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:12204
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:12224

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12124

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12244
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12264
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12284
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:11356

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11456
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11556
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11656

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11756
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:11856

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12120
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12220
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:11436
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      Drops file in System32 directory
      PID:11940
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:11836
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:12324

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12020

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:11960

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12348
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12368
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12388
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:12408
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:12428
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:12528

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12548
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12568
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12588

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12608
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12628
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12648
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:12668

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12688
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12708

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12748
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12768
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12788
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:12808
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:12828

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12728

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12848
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12868
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:12888
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:12908
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:12932
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:12952

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:12972
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:12992
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13012
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:13032

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13052
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13072
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13092
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:13112
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        Drops file in System32 directory
        
        PID:13132
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:13172

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13192
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13212
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13232
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:13252
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:13272
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        14⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        15⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        16⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        17⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        18⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        19⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        20⤵
        Drops file in System32 directory
        
        PID:13324
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        21⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        22⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        23⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        24⤵
        
        PID:13404
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        25⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        26⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        27⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        28⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        29⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        30⤵
        
        PID:13524

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13544
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13564
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13584
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:13604
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:13624

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13644
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13668
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13688

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13708
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13728
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13748

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13772
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13792
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:13812

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13832
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13852

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13972
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14000
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:14020

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14052
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14072
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:14096

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14156
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14180

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14280
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14316

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13764
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:4292

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13928
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13920

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14228
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:13340

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in Windows directory
PID:13808
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14132

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13956

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14364
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14384

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14444
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14464

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14504
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14524

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14584
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14604

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14664
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14684

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14764
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14784

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14864
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14884

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14844

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14964
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14984

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
PID:15024
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15044

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15124
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15144

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15224
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15244

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15284
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15304

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15344
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14240

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14440
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14108

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14400

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15324

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14780
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:14860
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:14920

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15160
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15260

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14840
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15240

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:2168

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15340

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15400
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15420

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
PID:15440
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15468

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15488
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15508

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15568
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15588

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15652
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  - Drops file in Windows directory
  PID:15672

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15732
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15752

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15772
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15792

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15812
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15832
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:15852
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:15872
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:15892
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:15912

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15712

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15692

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15628

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15932
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15952
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:15972

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15608

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15548

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15992
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16012
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16032

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15528

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16116
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16136
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16156
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:16176
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:16196
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:16216
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:16236
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:16256

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16096

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16072

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16052

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15380

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15140

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15080

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13460

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14032

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16276
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16296
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16316

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:14144

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14580

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15264

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16336
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16356
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16376

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15204

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15184

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15164

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15104

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15084

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15064

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15416
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:7340
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:7332

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15004

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14944

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14924

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14904

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14824

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14804

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:7324
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:4572
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:436
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:15648

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14744

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14724

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
PID:14704

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15748
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:15828
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    - Drops file in Windows directory
    PID:15928

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14644

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16028
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16132
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16232
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:16332

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14624

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14564

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:8828
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:3132
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:544

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14544

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16396
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16416

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16496
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16516

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16556
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16576
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16596
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:16616
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:16636
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:16656

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16536

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16716
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16736
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16756

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16696

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16676

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16776
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16796

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16476

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16456

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16436

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:15624

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16836
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16856

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16816

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14484

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16896
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16916

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16876

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16936
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16956
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16976
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:16996
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:17016
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:17036

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14424

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17096
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:17116

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17076

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17156
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:17176

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17256
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:17276
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:17296
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:17316
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:17336
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:17356
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:17376

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17236

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17216

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
- Drops file in Windows directory
PID:17196

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17136

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17056

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14404

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14344

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14008

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13828

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14208

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14152

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13848

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13768

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13724

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:2576

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13500

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13360

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14256

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14232

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14212

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:14120

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13932

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13912

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13892

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:13872

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17396
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16432
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16532

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16632
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16732

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:1040
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:16812
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:16892

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:4392

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:16992
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:17092
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:17192
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:17292
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:17392
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        Drops file in System32 directory
        
        PID:17072
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:16712
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:17420
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:17440
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:17460
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:17484
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:17504
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        14⤵
        
        PID:17524
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        15⤵
        
        PID:17544
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        16⤵
        
        PID:17564
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        17⤵
        
        PID:17580
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        18⤵
        
        PID:17604
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        19⤵
        
        PID:17624
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        20⤵
        
        PID:17644
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        21⤵
        
        PID:17660
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        22⤵
        
        PID:17684
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        23⤵
        
        PID:17704
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        24⤵
        
        PID:17724
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        25⤵
        
        PID:17744
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        26⤵
        
        PID:17760
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        27⤵
        
        PID:17784
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        28⤵
        
        PID:17804
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        29⤵
        
        PID:17824
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        30⤵
        
        PID:17848
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        31⤵
        
        PID:17880
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        32⤵
        
        PID:17900
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        33⤵
        
        PID:17920
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        34⤵
        
        PID:17940
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        35⤵
        
        PID:17960
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        36⤵
        
        PID:17980
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        37⤵
        
        PID:17996
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        38⤵
        
        PID:18016
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        39⤵
        
        PID:18036
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        40⤵
        
        PID:18060
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        41⤵
        
        PID:18080
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        42⤵
        
        PID:18100
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        43⤵
        
        PID:18120
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        44⤵
        
        PID:18148
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        45⤵
        
        PID:18168
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        46⤵
        
        PID:18188
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        47⤵
        
        PID:18208
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        48⤵
        
        PID:18228
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        49⤵
        
        PID:18248
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        50⤵
        
        PID:18268
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        51⤵
        
        PID:18292
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        52⤵
        
        PID:18316
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        53⤵
        
        PID:18336
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        54⤵
        
        PID:18356
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        55⤵
        
        PID:18376
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        56⤵
        
        PID:18396
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        57⤵
        
        PID:18416
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        58⤵
        
        PID:17436
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        59⤵
        
        PID:17540
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        60⤵
        
        PID:17640
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        61⤵
        
        PID:17740
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        62⤵
        
        PID:17844

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:17956
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:18056
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:18128
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:18204
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        Drops file in Windows directory
        
        PID:18288
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:18352
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:18412
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:17820
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:18264
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:18456
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:18476
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:18496
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        14⤵
        
        PID:18516
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        15⤵
        
        PID:18536
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        16⤵
        
        PID:18556
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        17⤵
        
        PID:18576
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        18⤵
        
        PID:18596
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        19⤵
        
        PID:18616
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        20⤵
        
        PID:18636
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        21⤵
        
        PID:18656
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        22⤵
        Drops file in System32 directory
        
        PID:18676
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        23⤵
        
        PID:18696
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        24⤵
        
        PID:18716
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        25⤵
        
        PID:18736
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        26⤵
        
        PID:18756
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        27⤵
        
        PID:18776
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        28⤵
        
        PID:18796
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        29⤵
        
        PID:18816
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        30⤵
        
        PID:18840
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        31⤵
        
        PID:18860
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        32⤵
        
        PID:18880
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        33⤵
        
        PID:18900
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        34⤵
        
        PID:18920
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        35⤵
        
        PID:18940
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        36⤵
        
        PID:18960
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        37⤵
        
        PID:18980
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        38⤵
        
        PID:19000

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19020
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19040
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    - Drops file in Windows directory
    PID:19060
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:19080

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19100
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19120
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19140
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:19160
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:19180
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:19200
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:19220
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:19240
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:19260
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:19280
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:19300
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:19320
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:19340
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        14⤵
        
        PID:19360

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19380
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19404
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19424

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19444
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:18492
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:18592
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:18692
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:18772
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:18876
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:18976
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:19076
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:19156

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19236
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19336
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19440
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:18856
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:19316
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:19464
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:19484
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:19504
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:19524
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:19544

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19564
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19584
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19604

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19624
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19644
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19664
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:19684
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:19704
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:19724
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:19744

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19764
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19784
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19804
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:19824
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:19844
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:19864

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19884
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19904
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19924

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:19944
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:19964
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:19984
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:20004
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:20024
      - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        6⤵
        
        PID:20044
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        7⤵
        
        PID:20064
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        8⤵
        
        PID:20084
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        9⤵
        
        PID:20104
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        10⤵
        
        PID:20124
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        11⤵
        
        PID:20144
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        12⤵
        
        PID:20164
        
        C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        13⤵
        
        PID:20184

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:20204
- C:\Windows\SysWOW64\whboy.exe
  C:\Windows\system32\whboy.exe
  2⤵
  PID:20224
- - C:\Windows\SysWOW64\whboy.exe
    C:\Windows\system32\whboy.exe
    3⤵
    PID:20244
  - - C:\Windows\SysWOW64\whboy.exe
      C:\Windows\system32\whboy.exe
      4⤵
      PID:20264
    - - C:\Windows\SysWOW64\whboy.exe
        
        C:\Windows\system32\whboy.exe
        5⤵
        
        PID:20284

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:20384

C:\Windows\SysWOW64\whboy.exe
C:\Windows\system32\whboy.exe
1⤵
PID:20364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\whboy.exe

Filesize
168KB

MD5
71729e02c8688cdc3d73b080c74db6bb

SHA1
ea1fc1ef7dcd8ec18441f9277ee06c39ac0c0632

SHA256
6ce71adc8e2734162f41f13d068e9eacc6b544c23e5a4327ce756bc537a7ea19

SHA512
1e891afd2ee28ae8e3f6109fc8e6dea22e40facbf5bcc1b85a512798d7bdcb6f4536efe58392c63edeefe05a1406c8bd83e311961c029e5e963ee01378e0a797

Download Submit
C:\Windows\SysWOW64\whboy.exe

Filesize
144KB

MD5
4a3ccb2f6bfbaaa7aab25ac2acd6006c

SHA1
8c2c22750136585169668685f19bb6e17a738a0f

SHA256
1e5bcb3777996276de1f9b34e5146da4a1b1c5b3540099dd74153d834a9a1e76

SHA512
2300c6612d91b9728812e5d3b9310a36d1fdf7a892fc5b54c21647c3aa7a74e7aa12d348c73377f4d47049493d882d30c672ad7d2c24a9b03de91ce5d0aa90ed

Download Submit
C:\Windows\bak.exe

Filesize
64KB

MD5
d1d89e0662734c1a92b7f726b24de023

SHA1
ee2d3178e5382fcd29095421ce27457c71d94925

SHA256
b6e082188fde84fb25d79e951049c4ab15cafa653b0ab536f8e9e60e94b24fbe

SHA512
c789ce038fc803c34d9c9010379d88f8e3a9590cfcf12df1b4d9067e04b9a19fa7b594db596449045d028f5f5c137bd2809326bd06f124a34a303c1208249d28

Download Submit
C:\Windows\bak.exe

Filesize
168KB

MD5
31ea444e8d40a0e23bbb1d7978d1214b

SHA1
f668548644fdfc43cf1c76278e86c006151e3851

SHA256
a3da5ec522daa46e79edcae208adc33345db1ca763299a9f1839bc04b1b567d6

SHA512
3a681c45047c383c94d050fcbaf355b7cdd8f4c7b0f8d1bff3132dd873712fb065bdb6899be2f12a54b2f83abc4e9c828db2bf4549b7fff2473f90bc1fe3b7ec

Download Submit
C:\Windows\bak.exe

Filesize
27KB

MD5
fe02d8ab6234835a844ae840f8d0f8a5

SHA1
62d8eb6038c37c1aa5f4316be9ead38ee1948ad7

SHA256
f63d40eefc4346c04cc5a54792842e2901e13b51382682b14020fda58ebdf7bb

SHA512
796bc551947aea18545a5aebf42a03e96dc4e33506e66dde85a543f68e00edbb62e5fd6bf34d2fce2967c600bc10c98c9dc53013f5963b694e4ff039a2776861

Download Submit
C:\Windows\bak.exe

Filesize
128KB

MD5
acbab2d40aac7a29b471a70c5ac8b9fd

SHA1
d3aaaefa1bfa9b65c8259b7efd869ca0ccab88fd

SHA256
e7af014605d2e0c5f36582ab5d661da156b936dafc22a8a723ef5ea0ba0567a8

SHA512
f5f247f782a184b0cbf069353dd5d150ad08bc9ee02fa81cc0565abdc4fe096dd88841096ffa825329a7d1e693826ab5d958834cab38bf8947730abfcf0bf289

Download Submit
C:\Windows\bak.exe

Filesize
168KB

MD5
67b2fa5b8bf3cda20c0db98d8ae45e71

SHA1
d2e833a2f9dbd6a916083189afca5b622c8f0411

SHA256
765d70cb20a070cd89461db8a28d556ec649f4fb3f82ac3c4dc0f5abf0b7bb6c

SHA512
9b67a94920f2c6d1885f04449cc0b362cfe2b8bac7897e7ee2d67cbbf52f11aa981c1db6f47768aaef3e86ce479d46876135a2c68ad04ae60c415308915103cd

Download Submit
memory/396-679-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/684-693-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/912-723-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1224-703-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1300-681-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1412-700-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1560-716-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1760-715-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2036-701-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2284-713-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2400-711-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2408-690-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2476-707-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2732-686-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2928-706-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3052-726-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3096-695-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3204-717-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3380-722-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3388-725-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3420-697-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4084-704-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4280-683-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4448-719-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4464-682-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4540-685-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4628-688-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4644-720-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4756-709-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4880-691-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4944-727-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/5076-699-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads