Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1522709
MD5: 02407819cc6ae6260f0f7e8e2a7114f6
SHA1: 51a9dd65f885d60f14fe63e0a223959888ce4a8a
SHA256: 1e17ccbc9b53289a0999d820132c9615ad6618a83ccd2b5b6f1ac48bddc9f6cc
Tags: exex64user-jstrosch
Infos:

Detection

Xmrig
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Drops executables to the windows directory (C:\Windows) and starts them
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
xmrig According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for dropped file
Source: C:\Windows\System32\CnslmiL.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\AMuEAdw.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\DidVzfl.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\CtGCMUU.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BxDaCaN.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\DUFctGh.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\AtsENTD.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\DFzhsjf.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BtVojZD.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\ACOyQko.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\EIuVwIR.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\AOQhxsp.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BzqtleM.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\DqaetZp.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\ByCTYRH.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\ApNtYXM.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BSAmgMR.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\EAmedTr.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\DTtAXtk.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\AEbmgKr.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BVyPfAG.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\AlmQZUd.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\DkxEByF.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\CSPmMtl.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\CvjsAYd.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BihslAp.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\CpJNBhW.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BxIGjlT.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BYyVCgg.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\BDQRaAY.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Source: C:\Windows\System32\CJKkuDs.exe Avira: detection malicious, Label: PUA/CoinMiner.Gen
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 92%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.7% probability
Machine Learning detection for dropped file
Source: C:\Windows\System32\CnslmiL.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\AMuEAdw.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\DidVzfl.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\CtGCMUU.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BxDaCaN.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\DUFctGh.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\AtsENTD.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\DFzhsjf.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BtVojZD.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\ACOyQko.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\EIuVwIR.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\AOQhxsp.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BzqtleM.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\DqaetZp.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\ByCTYRH.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\ApNtYXM.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BSAmgMR.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\EAmedTr.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\DTtAXtk.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\AEbmgKr.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BVyPfAG.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\AlmQZUd.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\DkxEByF.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\CSPmMtl.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\CvjsAYd.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BihslAp.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\CpJNBhW.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BxIGjlT.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BYyVCgg.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\BDQRaAY.exe Joe Sandbox ML: detected
Source: C:\Windows\System32\CJKkuDs.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected

Bitcoin Miner
barindex
Yara detected Xmrig cryptocurrency miner
Source: Yara match File source: 19.2.purtHeQ.exe.7ff63f3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.QsDlHSI.exe.7ff744930000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.tlKeaSH.exe.7ff7d1f50000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.OeidtHB.exe.7ff732ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.bIkaAuF.exe.7ff79d830000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.VnYfUNA.exe.7ff66b700000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.2.tizhzLm.exe.7ff7ab880000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.iXrmqoo.exe.7ff6547f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.khzlYlB.exe.7ff73f460000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.bRMguRb.exe.7ff7130e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.CtGCMUU.exe.7ff780b90000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.kcOtUgS.exe.7ff7da520000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.bpKoOax.exe.7ff6269f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.2.PerkPVz.exe.7ff7f6520000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.2.dnULvmA.exe.7ff6c8290000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.kCmzHfG.exe.7ff6c80b0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.ulxEuWR.exe.7ff73c120000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.2.YfdxMIy.exe.7ff732fe0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.NyQTRVw.exe.7ff721130000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.dgZNHyj.exe.7ff6f31b0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.jTZhWqf.exe.7ff7bd7f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.2.TVvGYeO.exe.7ff64f610000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.EAmedTr.exe.7ff7f63c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.2.qfZMSiS.exe.7ff6bfc90000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.2.leQcUpZ.exe.7ff6ea6f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.dNcZNsO.exe.7ff6af790000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.BDQRaAY.exe.7ff6ce2b0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.WFQtidM.exe.7ff6b6580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ODcBTbU.exe.7ff6c1a50000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.kWmKVbB.exe.7ff72d920000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.jcnyUWd.exe.7ff738f40000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.2.EIuVwIR.exe.7ff6aae10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.urnxCEN.exe.7ff795c50000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.yjwCZgI.exe.7ff7bb050000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 40.2.onkloSd.exe.7ff63d530000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.NUQghJW.exe.7ff706e90000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.YrgSOdx.exe.7ff6fc1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.NaIzQZQ.exe.7ff787350000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.1491009389.00007FF7130E1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000002.1530111875.00007FF6AAE11000.00000040.00000001.01000000.00000024.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.1505239783.00007FF780B91000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.1534105233.00007FF64F611000.00000040.00000001.01000000.00000028.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1487464272.00007FF79D831000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.1531762604.00007FF6F31B1000.00000040.00000001.01000000.00000026.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1500954717.00007FF744931000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.1520206441.00007FF7AB881000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1489866046.00007FF721131000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1512308219.00007FF787351000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1489087059.00007FF738F41000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1528592393.00007FF6547F1000.00000040.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1486696175.00007FF66B701000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000002.1532732025.00007FF6EA6F1000.00000040.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.1506564947.00007FF73F461000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1516688558.00007FF6269F1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.1502343200.00007FF706E91000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000028.00000002.1535061619.00007FF63D531000.00000040.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.1493994329.00007FF795C51000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.1512588672.00007FF6CE2B1000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.1497070858.00007FF6C1A51000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.1503261478.00007FF6B6581000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.1514677050.00007FF732EC1000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.1509555221.00007FF63F3F1000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000002.1516196193.00007FF73C121000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1518939971.00007FF7BD7F1000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1510602848.00007FF6FC1C1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.1493458824.00007FF7BB051000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000002.1525011603.00007FF6C8291000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.1530752170.00007FF732FE1000.00000040.00000001.01000000.00000025.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.1508262292.00007FF7D1F51000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.1507803340.00007FF6AF791000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.1521977087.00007FF6BFC91000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.1504643914.00007FF7DA521000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.1518173894.00007FF6C80B1000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.1514375763.00007FF7F63C1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1523000811.00007FF7F6521000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1520709853.00007FF72D921000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 3_2_00007FF66B76EBF0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D89EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 4_2_00007FF79D89EBF0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738FAEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 5_2_00007FF738FAEBF0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72119EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 6_2_00007FF72119EBF0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF71314EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 7_2_00007FF71314EBF0
Source: C:\Windows\System32\urnxCEN.exe Code function: 8_2_00007FF795CBEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 8_2_00007FF795CBEBF0
Source: C:\Windows\System32\yjwCZgI.exe Code function: 9_2_00007FF7BB0BEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 9_2_00007FF7BB0BEBF0
Found strings related to Crypto-Mining
Source: VnYfUNA.exe String found in binary or memory: stratum+ssl://
Source: VnYfUNA.exe String found in binary or memory: cryptonight/double
Source: VnYfUNA.exe String found in binary or memory: stratum+tcp://
Source: file.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.dr String found in binary or memory: http://abakus-biuro.net//a9zqemm
Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.dr String found in binary or memory: http://bemnyc.com/u8erijeq
Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.dr String found in binary or memory: http://eastend.jp/bl5kfa
Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.dr String found in binary or memory: http://fenett2018.com/dobgx
Source: file.exe, igBUVJa.exe.0.dr, dTtlbMT.exe.0.dr, NismUEF.exe.0.dr, dgZNHyj.exe.0.dr, kQWzsiZ.exe.0.dr, zStyRhG.exe.0.dr, SStjyeF.exe.0.dr, MHLbrud.exe.0.dr, tizhzLm.exe.0.dr, xOFVnEt.exe.0.dr, VWmArRG.exe.0.dr, WUYZgKx.exe.0.dr, HJHKyUH.exe.0.dr, gnGUQzq.exe.0.dr, fiQoDpS.exe.0.dr, NKHpvXf.exe.0.dr, raQtysG.exe.0.dr, rZgavmv.exe.0.dr, rKjUVqd.exe.0.dr, Owwdyfl.exe.0.dr String found in binary or memory: http://habarimoto24.com/nh

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 19.2.purtHeQ.exe.7ff63f3f0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 11.2.QsDlHSI.exe.7ff744930000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.2.tlKeaSH.exe.7ff7d1f50000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 24.2.OeidtHB.exe.7ff732ec0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 4.2.bIkaAuF.exe.7ff79d830000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 3.2.VnYfUNA.exe.7ff66b700000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 29.2.tizhzLm.exe.7ff7ab880000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 34.2.iXrmqoo.exe.7ff6547f0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 16.2.khzlYlB.exe.7ff73f460000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 7.2.bRMguRb.exe.7ff7130e0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 15.2.CtGCMUU.exe.7ff780b90000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 14.2.kcOtUgS.exe.7ff7da520000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 26.2.bpKoOax.exe.7ff6269f0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 32.2.PerkPVz.exe.7ff7f6520000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 33.2.dnULvmA.exe.7ff6c8290000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 27.2.kCmzHfG.exe.7ff6c80b0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 25.2.ulxEuWR.exe.7ff73c120000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 36.2.YfdxMIy.exe.7ff732fe0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 6.2.NyQTRVw.exe.7ff721130000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 37.2.dgZNHyj.exe.7ff6f31b0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 28.2.jTZhWqf.exe.7ff7bd7f0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 39.2.TVvGYeO.exe.7ff64f610000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 23.2.EAmedTr.exe.7ff7f63c0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 31.2.qfZMSiS.exe.7ff6bfc90000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 38.2.leQcUpZ.exe.7ff6ea6f0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 17.2.dNcZNsO.exe.7ff6af790000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 22.2.BDQRaAY.exe.7ff6ce2b0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 13.2.WFQtidM.exe.7ff6b6580000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 10.2.ODcBTbU.exe.7ff6c1a50000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 30.2.kWmKVbB.exe.7ff72d920000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 5.2.jcnyUWd.exe.7ff738f40000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 35.2.EIuVwIR.exe.7ff6aae10000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 8.2.urnxCEN.exe.7ff795c50000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 9.2.yjwCZgI.exe.7ff7bb050000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 40.2.onkloSd.exe.7ff63d530000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 12.2.NUQghJW.exe.7ff706e90000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 20.2.YrgSOdx.exe.7ff6fc1c0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 21.2.NaIzQZQ.exe.7ff787350000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Creates files inside the system directory
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VnYfUNA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bIkaAuF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jcnyUWd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NyQTRVw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bRMguRb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\urnxCEN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yjwCZgI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ODcBTbU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QsDlHSI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NUQghJW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WFQtidM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kcOtUgS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CtGCMUU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\khzlYlB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dNcZNsO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tlKeaSH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\purtHeQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YrgSOdx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NaIzQZQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BDQRaAY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EAmedTr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OeidtHB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ulxEuWR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bpKoOax.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kCmzHfG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jTZhWqf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tizhzLm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kWmKVbB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qfZMSiS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PerkPVz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dnULvmA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iXrmqoo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EIuVwIR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YfdxMIy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dgZNHyj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\leQcUpZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TVvGYeO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\onkloSd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HJXSYZw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\igBUVJa.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TThpyBV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EvTBMbj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yeTsgVg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sAIFVZs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lFCXyhy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wQLXnvy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZXpXprY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kQWzsiZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ysATWub.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gryDQnK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DTtAXtk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YqZAYCh.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sckivUs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WUTESmb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kJKNrrq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dTtlbMT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GGwjxCd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RCMKsbF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gVpsUlM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zNwklTy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fwrTqiM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nyJnahZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rjIteOz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NmGXkLf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zwUwyun.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CJKkuDs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pywYtWb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\biRfUfo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gnGUQzq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bXuGBXO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dyGPlqF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ptxhrCA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wzMhfwL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GSZfKir.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sUyqMdO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wmqBXvH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qrkVtmd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CvjsAYd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EkRQFxJ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tPjVJkZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WUYZgKx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rHbibYS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BtVojZD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mmNbuQQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rwdjFzY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KknUyhA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZGJJqgk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\toxqCjT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YbGAwak.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dmaafTQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ztldFeA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ktUKQGB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NARJDKG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MpWfXty.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PXeZCvc.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YfQtiGn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lcXqCuq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vVNNzfk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vvYHGgY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NKHpvXf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WlFpFEG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rvtKXyI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nOEJStF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YPwRGWN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\scdQUOw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nthnzIV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\avakYZH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Njsquvm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EXWDvEz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TPGgdFl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nyzFIdo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OVKsVjk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iVbMnbu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qQQgXXK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WXYWrDV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AEbmgKr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RrXxnLK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YlGorhY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YQVsEch.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ryWIDGN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fEoaLTP.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZbhesDT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MjTkVAq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EKOSilO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\StNdznI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FTfxEHA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fbsOELi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\phjebwL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IUOOQRj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Owwdyfl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LVOAoyf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FhlszaQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oNkODZX.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dDtDLHD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uolcsKh.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IFmsxdu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SRAKIgS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XODUUPe.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\twdmntG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yfBRNjZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hlaiAXN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mYmXotx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dGceAQD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BSAmgMR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lhUuhgW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NREQyWy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LViLDgE.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GEIpOYd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BxIGjlT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PsPYQIL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FejCdzl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WzZvjXk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qLFpkyL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WqXimyX.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gJfLIkn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eURhaaq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LalIpAN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fEsjqCF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CSPmMtl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fcTuRbs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AMuEAdw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GclqrUY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tawwJws.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XdPyZTm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MHLbrud.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hLZDZXQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\huDYzjy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LoQJpKn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HPQHWRf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qnwzIYG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NOZziQl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YuukKJw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rSTdbqi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\raQtysG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OEUrUQd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YGfIDfV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fiQoDpS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MGzbrnO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VYQDcrW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eysETzm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VKffrdq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cpzBcQW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZNTnROi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AOQhxsp.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lJCJVli.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MqKVuGv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\juRRbWT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Ofjsurf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wwYZKEK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FbYGtmf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pdDIOxl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dhauwZm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pbrsmwX.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cfnMrSt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EhgZFQv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GMzJhGN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QlrrAWr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BihslAp.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MSMdCif.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uWhVEOL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uenbslS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wLaokfk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iFNQXDN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mrWQLEP.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ApNtYXM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zscTvPp.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fcuxjwf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hOtQuIc.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BxDaCaN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KcRJXPZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\auNdheo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mVeLdBO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jfozzXV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lEZxRNn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ThUbzwp.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nDxtiiw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NyaqMPu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HnFkqxU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FKiQFhm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NqtVQAf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ltytQGi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gCwOtYl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WQfkGca.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YSdFoTl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\USJJelL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QAiGqNb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\urlTnoj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ufXvwcd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KpKSjOq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wBTsLgc.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wVETfuw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dFVXJJP.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ACOyQko.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RiXVDoR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wlFgCWZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lzyiWde.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OvMacMA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FXlfLgD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HJHKyUH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aBFaHyB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uxEhkcb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pBCoAZz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DidVzfl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aTbWXFt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZHbbuyV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WAadpRI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\buTLxRn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZPbxJBg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VWmArRG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ySISxgi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qaosjzf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yOOmCzV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZDInXvu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rvjDyvL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NbfFUBN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pWpMupI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NeDxvFE.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GQbhKtv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mzTefuh.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QdIDwgP.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\UKSFPqC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nklGrbU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YCtLpfR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AtsENTD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vzQsfTD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lxNZCSl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HbtcKta.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\caCYhXO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SStjyeF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FvcymNb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bUzrJhf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RLkhMKB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bosjKmA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TYjzunq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ERQoRPm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\heSposr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NismUEF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BzqtleM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CnslmiL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EduFCUz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ipSPLpG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XtYrgrE.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iwtHoSn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eHQNumx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eaIIdzi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\arGCgTC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xOFVnEt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WCxbejU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vcZfLey.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qJwMNFF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\npKAqbE.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DkxEByF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sFCsFSy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gnfhVHJ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xbNnfWz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ysGrSzS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eIXVBZJ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PveCbOn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HWVrnQY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DUFctGh.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BYyVCgg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gIkBMuV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CpJNBhW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LQcSNEY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bUGCwZs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iSmQsnc.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FpKaoqH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XbREdEh.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EdoJevv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tLZVeAL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DqaetZp.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pxyqeBW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TiJXIOW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lbvtdts.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NugSADC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wVcAZEf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LccHBBJ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SFNNXcc.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KwHrtOt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gXRpWMk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uDxTgCB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wCvATWl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ipKMruV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rKjUVqd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wFCiUxj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PFPbAGj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uuEcvKg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZozZouR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SCUtGmI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZQREVkQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gKWutyC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nJsAjeN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hYxTNod.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mNauFZd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FgKqoCT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AlmQZUd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aGskKzf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wBJLquS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VpreOML.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BVyPfAG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ibxPLHw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vZKJapN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XNKaYQF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MnoIUSg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YiUcCIC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DFzhsjf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\moNzgxD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wDdVPes.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nrbVMPg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KTkxDDL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ByCTYRH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zStyRhG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mhFlPMp.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kAvcvMe.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fTvMnGo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pQKRLhi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RCmnkEl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TsvTSDe.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TUEKfLK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fggtuAI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lJqkWee.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Jtfotww.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FMSBKwx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jQvONnt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OHlpuMI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uUCONsL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SFSInIN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oFzAISt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RSMPQOu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fwzttYD.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GlEZGgb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aCNewAK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TAZaUOv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RUWymnC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lZYCJzL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FUOWxsn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OdXSJgr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SNbeoeM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rZgavmv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HKkeYCO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HmxqcfL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eLGbTft.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tEZdSza.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TzFLQWr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ooexJtv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aIIttDk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LsasdiQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wOtJPek.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HAKFCDP.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YGrYdLP.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\JJriMNs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GIfoEBK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\btWqxiq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VdCGeBm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cafrTqt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XmZUkiV.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CXSdyVU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gLnOzOH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IXsxZGR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vYCRjRI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DHultxg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FjoGAAA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PRcexDr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ywPWptN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HQXGweR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DGYuaZz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CJHoRMr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cDKkUOr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sylZhdr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HRjhxrB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GRRqKAR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Mylhgiv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sxCtJKa.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fCvNBss.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aqFNBwX.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DQFIhzu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cxHzEgq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ifymaKl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EQOBNTm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\JLBrUFz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ikLRdOu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WXJcTYo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TgBaihG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\UFWxfBg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DuAXfxs.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zoMFJtT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PKUIisR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MjAMXWy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gyAEwDN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZnGMtvm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Ibdmwrk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oHLoNex.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FnHQfRA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zistvYd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jyKxKVn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ycApKVj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qcbgnNO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gJhypTL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hzANoJm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\twPTRuC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vzPJSrc.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EAvNYpv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sUVYEIu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QTzYPqq.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EliKOUk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gohZjvn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hQynOqQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\JHaUAgd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VntnNZy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zopMtOf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vhTmABy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TJyTvWn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NYchaxO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bNPeiID.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SaMMymA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HyEdeTC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xbLLjrh.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cOLuUOa.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DcxdWdi.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yXBVYUa.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YEQUJWR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oHDKNMG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\JNQUPCn.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tVqILdt.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ykPWwlk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\JqULrat.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rrMUCCS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SaYojjk.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\UHpcGoe.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\setTVeS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GhjuuCG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ggVzJmu.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aWdOriN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KPTQYzx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GujjqWa.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\adPKdcX.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MRNCjwd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\icmBSTH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uZcXlXr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sTjnXod.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XRoZkoL.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mciynve.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zhRBVsb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bKfpVKI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uvgREfG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YahmPDr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RsiKeda.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dXZPqwv.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KZEfjJT.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IolcmoB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xrOmMag.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rdXKyvf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BXgRYBK.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dhOqAwl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\clbqhMI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AqDqECg.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OTWxyBM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fuyznPl.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MRGsLNI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\khCvPEB.exe Jump to behavior
Detected potential crypto function
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F94D0 3_2_00007FF66B7F94D0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B803CE0 3_2_00007FF66B803CE0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7634B4 3_2_00007FF66B7634B4
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B718CF0 3_2_00007FF66B718CF0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FED00 3_2_00007FF66B7FED00
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7DBD00 3_2_00007FF66B7DBD00
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B731500 3_2_00007FF66B731500
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71CD10 3_2_00007FF66B71CD10
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71DD10 3_2_00007FF66B71DD10
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7D9D20 3_2_00007FF66B7D9D20
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7C6D1C 3_2_00007FF66B7C6D1C
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7BAD30 3_2_00007FF66B7BAD30
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B730530 3_2_00007FF66B730530
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B730C40 3_2_00007FF66B730C40
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7ED450 3_2_00007FF66B7ED450
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FFC50 3_2_00007FF66B7FFC50
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B721C50 3_2_00007FF66B721C50
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B720460 3_2_00007FF66B720460
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F8C70 3_2_00007FF66B7F8C70
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B746C70 3_2_00007FF66B746C70
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B722C80 3_2_00007FF66B722C80
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B8054A0 3_2_00007FF66B8054A0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FE4A0 3_2_00007FF66B7FE4A0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F4BD0 3_2_00007FF66B7F4BD0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B719BE0 3_2_00007FF66B719BE0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F3410 3_2_00007FF66B7F3410
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B724410 3_2_00007FF66B724410
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F3C20 3_2_00007FF66B7F3C20
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B707350 3_2_00007FF66B707350
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FA420 3_2_00007FF66B7FA420
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7C9C20 3_2_00007FF66B7C9C20
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B721420 3_2_00007FF66B721420
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7B6B44 3_2_00007FF66B7B6B44
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B80F340 3_2_00007FF66B80F340
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B736B80 3_2_00007FF66B736B80
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71FB80 3_2_00007FF66B71FB80
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7C9388 3_2_00007FF66B7C9388
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7473A0 3_2_00007FF66B7473A0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7E4BB0 3_2_00007FF66B7E4BB0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B8062C0 3_2_00007FF66B8062C0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B732AC0 3_2_00007FF66B732AC0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7092E0 3_2_00007FF66B7092E0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B738B10 3_2_00007FF66B738B10
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7CCB20 3_2_00007FF66B7CCB20
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71BA40 3_2_00007FF66B71BA40
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B805A60 3_2_00007FF66B805A60
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B800A60 3_2_00007FF66B800A60
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B728A70 3_2_00007FF66B728A70
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7459C0 3_2_00007FF66B7459C0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FA9D0 3_2_00007FF66B7FA9D0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B80C9F0 3_2_00007FF66B80C9F0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B80E1F0 3_2_00007FF66B80E1F0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F59F0 3_2_00007FF66B7F59F0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B800200 3_2_00007FF66B800200
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B807210 3_2_00007FF66B807210
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B748A20 3_2_00007FF66B748A20
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FB230 3_2_00007FF66B7FB230
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B730230 3_2_00007FF66B730230
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F6940 3_2_00007FF66B7F6940
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B763165 3_2_00007FF66B763165
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F3970 3_2_00007FF66B7F3970
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FC180 3_2_00007FF66B7FC180
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B80C190 3_2_00007FF66B80C190
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71C980 3_2_00007FF66B71C980
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F5190 3_2_00007FF66B7F5190
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B8019B0 3_2_00007FF66B8019B0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7E58C0 3_2_00007FF66B7E58C0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B737120 3_2_00007FF66B737120
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B738120 3_2_00007FF66B738120
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B72D860 3_2_00007FF66B72D860
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7ED070 3_2_00007FF66B7ED070
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B73A870 3_2_00007FF66B73A870
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7070F0 3_2_00007FF66B7070F0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B80F890 3_2_00007FF66B80F890
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71D0A0 3_2_00007FF66B71D0A0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B8077C0 3_2_00007FF66B8077C0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7197E0 3_2_00007FF66B7197E0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B702F80 3_2_00007FF66B702F80
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B74CFF0 3_2_00007FF66B74CFF0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B72A810 3_2_00007FF66B72A810
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B747010 3_2_00007FF66B747010
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B808020 3_2_00007FF66B808020
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B748020 3_2_00007FF66B748020
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B73B830 3_2_00007FF66B73B830
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B70D030 3_2_00007FF66B70D030
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B734740 3_2_00007FF66B734740
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F7760 3_2_00007FF66B7F7760
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B808F70 3_2_00007FF66B808F70
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B801F70 3_2_00007FF66B801F70
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71C770 3_2_00007FF66B71C770
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FCF90 3_2_00007FF66B7FCF90
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B739F90 3_2_00007FF66B739F90
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B74B790 3_2_00007FF66B74B790
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B8027B0 3_2_00007FF66B8027B0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B74A7B0 3_2_00007FF66B74A7B0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F36C0 3_2_00007FF66B7F36C0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FDEE0 3_2_00007FF66B7FDEE0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F6F00 3_2_00007FF66B7F6F00
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B803700 3_2_00007FF66B803700
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71E700 3_2_00007FF66B71E700
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7FC730 3_2_00007FF66B7FC730
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B72B730 3_2_00007FF66B72B730
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B71EE40 3_2_00007FF66B71EE40
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B729E70 3_2_00007FF66B729E70
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7F86B0 3_2_00007FF66B7F86B0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B728EB0 3_2_00007FF66B728EB0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B749EB0 3_2_00007FF66B749EB0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7D1DF4 3_2_00007FF66B7D1DF4
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7AFDEC 3_2_00007FF66B7AFDEC
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7E2E10 3_2_00007FF66B7E2E10
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B733610 3_2_00007FF66B733610
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B761E20 3_2_00007FF66B761E20
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B729540 3_2_00007FF66B729540
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B804550 3_2_00007FF66B804550
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B736D90 3_2_00007FF66B736D90
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B70ED90 3_2_00007FF66B70ED90
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B710D90 3_2_00007FF66B710D90
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B731DA0 3_2_00007FF66B731DA0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9236C0 4_2_00007FF79D9236C0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D858EB0 4_2_00007FF79D858EB0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D879EB0 4_2_00007FF79D879EB0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9286B0 4_2_00007FF79D9286B0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D926F00 4_2_00007FF79D926F00
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D933700 4_2_00007FF79D933700
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92DEE0 4_2_00007FF79D92DEE0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84E700 4_2_00007FF79D84E700
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D891E20 4_2_00007FF79D891E20
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84EE40 4_2_00007FF79D84EE40
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D859E70 4_2_00007FF79D859E70
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D861DA0 4_2_00007FF79D861DA0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D901DF4 4_2_00007FF79D901DF4
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8DFDEC 4_2_00007FF79D8DFDEC
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D912E10 4_2_00007FF79D912E10
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D863610 4_2_00007FF79D863610
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8EAD30 4_2_00007FF79D8EAD30
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D860530 4_2_00007FF79D860530
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D934550 4_2_00007FF79D934550
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D909D20 4_2_00007FF79D909D20
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D859540 4_2_00007FF79D859540
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D83ED90 4_2_00007FF79D83ED90
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D840D90 4_2_00007FF79D840D90
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D866D90 4_2_00007FF79D866D90
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9158C0 4_2_00007FF79D9158C0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84D0A0 4_2_00007FF79D84D0A0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8370F0 4_2_00007FF79D8370F0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D83D030 4_2_00007FF79D83D030
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D86B830 4_2_00007FF79D86B830
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D878020 4_2_00007FF79D878020
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D938020 4_2_00007FF79D938020
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D86A870 4_2_00007FF79D86A870
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D93F890 4_2_00007FF79D93F890
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D85D860 4_2_00007FF79D85D860
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D91D070 4_2_00007FF79D91D070
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9377C0 4_2_00007FF79D9377C0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D87A7B0 4_2_00007FF79D87A7B0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9327B0 4_2_00007FF79D9327B0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D87CFF0 4_2_00007FF79D87CFF0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8497E0 4_2_00007FF79D8497E0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D85A810 4_2_00007FF79D85A810
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D877010 4_2_00007FF79D877010
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D85B730 4_2_00007FF79D85B730
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92C730 4_2_00007FF79D92C730
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D864740 4_2_00007FF79D864740
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84C770 4_2_00007FF79D84C770
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92CF90 4_2_00007FF79D92CF90
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D927760 4_2_00007FF79D927760
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D87B790 4_2_00007FF79D87B790
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D869F90 4_2_00007FF79D869F90
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D938F70 4_2_00007FF79D938F70
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D832F80 4_2_00007FF79D832F80
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D931F70 4_2_00007FF79D931F70
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9362C0 4_2_00007FF79D9362C0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D862AC0 4_2_00007FF79D862AC0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8392E0 4_2_00007FF79D8392E0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D868B10 4_2_00007FF79D868B10
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D860230 4_2_00007FF79D860230
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D878A20 4_2_00007FF79D878A20
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92B230 4_2_00007FF79D92B230
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84BA40 4_2_00007FF79D84BA40
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D858A70 4_2_00007FF79D858A70
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D935A60 4_2_00007FF79D935A60
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D930A60 4_2_00007FF79D930A60
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92A9D0 4_2_00007FF79D92A9D0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9319B0 4_2_00007FF79D9319B0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8759C0 4_2_00007FF79D8759C0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D930200 4_2_00007FF79D930200
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D937210 4_2_00007FF79D937210
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9259F0 4_2_00007FF79D9259F0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D93C9F0 4_2_00007FF79D93C9F0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D93E1F0 4_2_00007FF79D93E1F0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8F41F8 4_2_00007FF79D8F41F8
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D926940 4_2_00007FF79D926940
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D867120 4_2_00007FF79D867120
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D868120 4_2_00007FF79D868120
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92C180 4_2_00007FF79D92C180
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D893165 4_2_00007FF79D893165
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D925190 4_2_00007FF79D925190
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D93C190 4_2_00007FF79D93C190
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D923970 4_2_00007FF79D923970
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84C980 4_2_00007FF79D84C980
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9294D0 4_2_00007FF79D9294D0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D9354A0 4_2_00007FF79D9354A0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92E4A0 4_2_00007FF79D92E4A0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D90BD00 4_2_00007FF79D90BD00
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8934B4 4_2_00007FF79D8934B4
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92ED00 4_2_00007FF79D92ED00
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D848CF0 4_2_00007FF79D848CF0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D933CE0 4_2_00007FF79D933CE0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84CD10 4_2_00007FF79D84CD10
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84DD10 4_2_00007FF79D84DD10
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D861500 4_2_00007FF79D861500
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8F9C20 4_2_00007FF79D8F9C20
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D91D450 4_2_00007FF79D91D450
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92FC50 4_2_00007FF79D92FC50
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D851420 4_2_00007FF79D851420
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D923C20 4_2_00007FF79D923C20
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D92A420 4_2_00007FF79D92A420
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D851C50 4_2_00007FF79D851C50
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D860C40 4_2_00007FF79D860C40
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D876C70 4_2_00007FF79D876C70
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D850460 4_2_00007FF79D850460
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D928C70 4_2_00007FF79D928C70
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D852C80 4_2_00007FF79D852C80
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D924BD0 4_2_00007FF79D924BD0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8773A0 4_2_00007FF79D8773A0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D914BB0 4_2_00007FF79D914BB0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D923410 4_2_00007FF79D923410
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D849BE0 4_2_00007FF79D849BE0
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D854410 4_2_00007FF79D854410
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D93F340 4_2_00007FF79D93F340
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8FCB20 4_2_00007FF79D8FCB20
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D837350 4_2_00007FF79D837350
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8E6B44 4_2_00007FF79D8E6B44
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8F9388 4_2_00007FF79D8F9388
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D866B80 4_2_00007FF79D866B80
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D84FB80 4_2_00007FF79D84FB80
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F88A20 5_2_00007FF738F88A20
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903B230 5_2_00007FF73903B230
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F70230 5_2_00007FF738F70230
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5BA40 5_2_00007FF738F5BA40
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739045A60 5_2_00007FF739045A60
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739040A60 5_2_00007FF739040A60
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F68A70 5_2_00007FF738F68A70
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F72AC0 5_2_00007FF738F72AC0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390462C0 5_2_00007FF7390462C0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F492E0 5_2_00007FF738F492E0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F78B10 5_2_00007FF738F78B10
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F78120 5_2_00007FF738F78120
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F77120 5_2_00007FF738F77120
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739036940 5_2_00007FF739036940
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738FA3165 5_2_00007FF738FA3165
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739033970 5_2_00007FF739033970
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739035190 5_2_00007FF739035190
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5C980 5_2_00007FF738F5C980
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73904C190 5_2_00007FF73904C190
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903C180 5_2_00007FF73903C180
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390419B0 5_2_00007FF7390419B0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903A9D0 5_2_00007FF73903A9D0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F859C0 5_2_00007FF738F859C0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390359F0 5_2_00007FF7390359F0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73904C9F0 5_2_00007FF73904C9F0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73904E1F0 5_2_00007FF73904E1F0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739047210 5_2_00007FF739047210
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390041F8 5_2_00007FF7390041F8
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739040200 5_2_00007FF739040200
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F61420 5_2_00007FF738F61420
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903A420 5_2_00007FF73903A420
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739033C20 5_2_00007FF739033C20
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903FC50 5_2_00007FF73903FC50
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73902D450 5_2_00007FF73902D450
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F70C40 5_2_00007FF738F70C40
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F61C50 5_2_00007FF738F61C50
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739038C70 5_2_00007FF739038C70
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F60460 5_2_00007FF738F60460
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F86C70 5_2_00007FF738F86C70
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F62C80 5_2_00007FF738F62C80
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390454A0 5_2_00007FF7390454A0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903E4A0 5_2_00007FF73903E4A0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390394D0 5_2_00007FF7390394D0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739043CE0 5_2_00007FF739043CE0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738FA34B4 5_2_00007FF738FA34B4
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F58CF0 5_2_00007FF738F58CF0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F71500 5_2_00007FF738F71500
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73901BD00 5_2_00007FF73901BD00
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903ED00 5_2_00007FF73903ED00
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5CD10 5_2_00007FF738F5CD10
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5DD10 5_2_00007FF738F5DD10
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F47350 5_2_00007FF738F47350
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73904F340 5_2_00007FF73904F340
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5FB80 5_2_00007FF738F5FB80
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F76B80 5_2_00007FF738F76B80
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739024BB0 5_2_00007FF739024BB0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F873A0 5_2_00007FF738F873A0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739034BD0 5_2_00007FF739034BD0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F59BE0 5_2_00007FF738F59BE0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739033410 5_2_00007FF739033410
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F64410 5_2_00007FF738F64410
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738FA1E20 5_2_00007FF738FA1E20
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5EE40 5_2_00007FF738F5EE40
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F69E70 5_2_00007FF738F69E70
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390386B0 5_2_00007FF7390386B0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F89EB0 5_2_00007FF738F89EB0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F68EB0 5_2_00007FF738F68EB0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390336C0 5_2_00007FF7390336C0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903DEE0 5_2_00007FF73903DEE0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5E700 5_2_00007FF738F5E700
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739043700 5_2_00007FF739043700
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739036F00 5_2_00007FF739036F00
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739019D20 5_2_00007FF739019D20
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F70530 5_2_00007FF738F70530
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739044550 5_2_00007FF739044550
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F69540 5_2_00007FF738F69540
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F4ED90 5_2_00007FF738F4ED90
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F50D90 5_2_00007FF738F50D90
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F76D90 5_2_00007FF738F76D90
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F71DA0 5_2_00007FF738F71DA0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739022E10 5_2_00007FF739022E10
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F73610 5_2_00007FF738F73610
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F88020 5_2_00007FF738F88020
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739048020 5_2_00007FF739048020
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F4D030 5_2_00007FF738F4D030
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F7B830 5_2_00007FF738F7B830
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73902D070 5_2_00007FF73902D070
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F6D860 5_2_00007FF738F6D860
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F7A870 5_2_00007FF738F7A870
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73904F890 5_2_00007FF73904F890
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5D0A0 5_2_00007FF738F5D0A0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390258C0 5_2_00007FF7390258C0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F470F0 5_2_00007FF738F470F0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903C730 5_2_00007FF73903C730
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F6B730 5_2_00007FF738F6B730
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F74740 5_2_00007FF738F74740
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739041F70 5_2_00007FF739041F70
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739048F70 5_2_00007FF739048F70
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF739037760 5_2_00007FF739037760
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F5C770 5_2_00007FF738F5C770
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F42F80 5_2_00007FF738F42F80
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF73903CF90 5_2_00007FF73903CF90
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F8B790 5_2_00007FF738F8B790
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F79F90 5_2_00007FF738F79F90
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390427B0 5_2_00007FF7390427B0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F8A7B0 5_2_00007FF738F8A7B0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF7390477C0 5_2_00007FF7390477C0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F597E0 5_2_00007FF738F597E0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F8CFF0 5_2_00007FF738F8CFF0
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F87010 5_2_00007FF738F87010
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F6A810 5_2_00007FF738F6A810
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114BA40 6_2_00007FF72114BA40
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122B230 6_2_00007FF72122B230
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721178A20 6_2_00007FF721178A20
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721160230 6_2_00007FF721160230
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721235A60 6_2_00007FF721235A60
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721230A60 6_2_00007FF721230A60
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721158A70 6_2_00007FF721158A70
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721162AC0 6_2_00007FF721162AC0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212362C0 6_2_00007FF7212362C0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721168B10 6_2_00007FF721168B10
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211392E0 6_2_00007FF7211392E0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721226940 6_2_00007FF721226940
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721167120 6_2_00007FF721167120
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721168120 6_2_00007FF721168120
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721225190 6_2_00007FF721225190
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72123C190 6_2_00007FF72123C190
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114C980 6_2_00007FF72114C980
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122C180 6_2_00007FF72122C180
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721193165 6_2_00007FF721193165
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721223970 6_2_00007FF721223970
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122A9D0 6_2_00007FF72122A9D0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211759C0 6_2_00007FF7211759C0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212319B0 6_2_00007FF7212319B0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721237210 6_2_00007FF721237210
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211F41F8 6_2_00007FF7211F41F8
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721230200 6_2_00007FF721230200
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212259F0 6_2_00007FF7212259F0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72123C9F0 6_2_00007FF72123C9F0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72123E1F0 6_2_00007FF72123E1F0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72121D450 6_2_00007FF72121D450
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122FC50 6_2_00007FF72122FC50
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721160C40 6_2_00007FF721160C40
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721151C50 6_2_00007FF721151C50
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211F9C20 6_2_00007FF7211F9C20
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721151420 6_2_00007FF721151420
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721223C20 6_2_00007FF721223C20
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122A420 6_2_00007FF72122A420
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721152C80 6_2_00007FF721152C80
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721228C70 6_2_00007FF721228C70
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721150460 6_2_00007FF721150460
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721176C70 6_2_00007FF721176C70
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212294D0 6_2_00007FF7212294D0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212354A0 6_2_00007FF7212354A0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122E4A0 6_2_00007FF72122E4A0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721161500 6_2_00007FF721161500
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72120BD00 6_2_00007FF72120BD00
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122ED00 6_2_00007FF72122ED00
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114CD10 6_2_00007FF72114CD10
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114DD10 6_2_00007FF72114DD10
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211934B4 6_2_00007FF7211934B4
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721233CE0 6_2_00007FF721233CE0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721148CF0 6_2_00007FF721148CF0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211E6B44 6_2_00007FF7211E6B44
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72123F340 6_2_00007FF72123F340
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721137350 6_2_00007FF721137350
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211FCB20 6_2_00007FF7211FCB20
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721166B80 6_2_00007FF721166B80
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114FB80 6_2_00007FF72114FB80
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211F9388 6_2_00007FF7211F9388
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721224BD0 6_2_00007FF721224BD0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721214BB0 6_2_00007FF721214BB0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211773A0 6_2_00007FF7211773A0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721223410 6_2_00007FF721223410
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721154410 6_2_00007FF721154410
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721149BE0 6_2_00007FF721149BE0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114EE40 6_2_00007FF72114EE40
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721191E20 6_2_00007FF721191E20
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721159E70 6_2_00007FF721159E70
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212236C0 6_2_00007FF7212236C0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212286B0 6_2_00007FF7212286B0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721158EB0 6_2_00007FF721158EB0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721179EB0 6_2_00007FF721179EB0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114E700 6_2_00007FF72114E700
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721226F00 6_2_00007FF721226F00
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721233700 6_2_00007FF721233700
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122DEE0 6_2_00007FF72122DEE0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721234550 6_2_00007FF721234550
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721159540 6_2_00007FF721159540
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211EAD30 6_2_00007FF7211EAD30
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721209D20 6_2_00007FF721209D20
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721160530 6_2_00007FF721160530
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72113ED90 6_2_00007FF72113ED90
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721140D90 6_2_00007FF721140D90
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721166D90 6_2_00007FF721166D90
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721161DA0 6_2_00007FF721161DA0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721212E10 6_2_00007FF721212E10
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721163610 6_2_00007FF721163610
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721201DF4 6_2_00007FF721201DF4
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211DFDEC 6_2_00007FF7211DFDEC
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721178020 6_2_00007FF721178020
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72113D030 6_2_00007FF72113D030
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721238020 6_2_00007FF721238020
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72116B830 6_2_00007FF72116B830
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72123F890 6_2_00007FF72123F890
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72121D070 6_2_00007FF72121D070
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72115D860 6_2_00007FF72115D860
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72116A870 6_2_00007FF72116A870
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212158C0 6_2_00007FF7212158C0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114D0A0 6_2_00007FF72114D0A0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211370F0 6_2_00007FF7211370F0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721164740 6_2_00007FF721164740
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122C730 6_2_00007FF72122C730
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72115B730 6_2_00007FF72115B730
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721132F80 6_2_00007FF721132F80
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72122CF90 6_2_00007FF72122CF90
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72117B790 6_2_00007FF72117B790
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721169F90 6_2_00007FF721169F90
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721238F70 6_2_00007FF721238F70
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721231F70 6_2_00007FF721231F70
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721227760 6_2_00007FF721227760
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72114C770 6_2_00007FF72114C770
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212377C0 6_2_00007FF7212377C0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7212327B0 6_2_00007FF7212327B0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72117A7B0 6_2_00007FF72117A7B0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72115A810 6_2_00007FF72115A810
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721177010 6_2_00007FF721177010
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211497E0 6_2_00007FF7211497E0
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF72117CFF0 6_2_00007FF72117CFF0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713110C40 7_2_00007FF713110C40
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131DFC50 7_2_00007FF7131DFC50
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131CD450 7_2_00007FF7131CD450
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713101420 7_2_00007FF713101420
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131A9C20 7_2_00007FF7131A9C20
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131DA420 7_2_00007FF7131DA420
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131D3C20 7_2_00007FF7131D3C20
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713101C50 7_2_00007FF713101C50
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713100460 7_2_00007FF713100460
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131D8C70 7_2_00007FF7131D8C70
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713102C80 7_2_00007FF713102C80
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713126C70 7_2_00007FF713126C70
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131D94D0 7_2_00007FF7131D94D0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131E54A0 7_2_00007FF7131E54A0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131DE4A0 7_2_00007FF7131DE4A0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131BBD00 7_2_00007FF7131BBD00
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131DED00 7_2_00007FF7131DED00
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130F8CF0 7_2_00007FF7130F8CF0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713111500 7_2_00007FF713111500
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131E3CE0 7_2_00007FF7131E3CE0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130FCD10 7_2_00007FF7130FCD10
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130FDD10 7_2_00007FF7130FDD10
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131434B4 7_2_00007FF7131434B4
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713196B44 7_2_00007FF713196B44
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131EF340 7_2_00007FF7131EF340
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131ACB20 7_2_00007FF7131ACB20
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130E7350 7_2_00007FF7130E7350
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF713116B80 7_2_00007FF713116B80
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131A9388 7_2_00007FF7131A9388
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130FFB80 7_2_00007FF7130FFB80
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131D4BD0 7_2_00007FF7131D4BD0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131273A0 7_2_00007FF7131273A0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131C4BB0 7_2_00007FF7131C4BB0
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7131D3410 7_2_00007FF7131D3410
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130F9BE0 7_2_00007FF7130F9BE0
Yara signature match
Source: 19.2.purtHeQ.exe.7ff63f3f0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 11.2.QsDlHSI.exe.7ff744930000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 18.2.tlKeaSH.exe.7ff7d1f50000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 24.2.OeidtHB.exe.7ff732ec0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 4.2.bIkaAuF.exe.7ff79d830000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 3.2.VnYfUNA.exe.7ff66b700000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 29.2.tizhzLm.exe.7ff7ab880000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 34.2.iXrmqoo.exe.7ff6547f0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 16.2.khzlYlB.exe.7ff73f460000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 7.2.bRMguRb.exe.7ff7130e0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 15.2.CtGCMUU.exe.7ff780b90000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 14.2.kcOtUgS.exe.7ff7da520000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 26.2.bpKoOax.exe.7ff6269f0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 32.2.PerkPVz.exe.7ff7f6520000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 33.2.dnULvmA.exe.7ff6c8290000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 27.2.kCmzHfG.exe.7ff6c80b0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 25.2.ulxEuWR.exe.7ff73c120000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 36.2.YfdxMIy.exe.7ff732fe0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 6.2.NyQTRVw.exe.7ff721130000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 37.2.dgZNHyj.exe.7ff6f31b0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 28.2.jTZhWqf.exe.7ff7bd7f0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 39.2.TVvGYeO.exe.7ff64f610000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 23.2.EAmedTr.exe.7ff7f63c0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 31.2.qfZMSiS.exe.7ff6bfc90000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 38.2.leQcUpZ.exe.7ff6ea6f0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 17.2.dNcZNsO.exe.7ff6af790000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 22.2.BDQRaAY.exe.7ff6ce2b0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 13.2.WFQtidM.exe.7ff6b6580000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 10.2.ODcBTbU.exe.7ff6c1a50000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 30.2.kWmKVbB.exe.7ff72d920000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 5.2.jcnyUWd.exe.7ff738f40000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 35.2.EIuVwIR.exe.7ff6aae10000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 8.2.urnxCEN.exe.7ff795c50000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 9.2.yjwCZgI.exe.7ff7bb050000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 40.2.onkloSd.exe.7ff63d530000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 12.2.NUQghJW.exe.7ff706e90000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 20.2.YrgSOdx.exe.7ff6fc1c0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 21.2.NaIzQZQ.exe.7ff787350000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: classification engine Classification label: mal100.evad.mine.winEXE@2446/385@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6272:120:WilError_03
Source: C:\Users\user\Desktop\file.exe Mutant created: \Sessions\1\BaseNamedObjects\sfdkjjhgkdsfhgjksd
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe ReversingLabs: Detection: 92%
Source: VnYfUNA.exe String found in binary or memory: --help
Source: VnYfUNA.exe String found in binary or memory: --help
Source: bIkaAuF.exe String found in binary or memory: --help
Source: bIkaAuF.exe String found in binary or memory: --help
Source: jcnyUWd.exe String found in binary or memory: --help
Source: jcnyUWd.exe String found in binary or memory: --help
Source: NyQTRVw.exe String found in binary or memory: --help
Source: NyQTRVw.exe String found in binary or memory: --help
Source: bRMguRb.exe String found in binary or memory: --help
Source: bRMguRb.exe String found in binary or memory: --help
Source: urnxCEN.exe String found in binary or memory: --help
Source: urnxCEN.exe String found in binary or memory: --help
Source: yjwCZgI.exe String found in binary or memory: --help
Source: yjwCZgI.exe String found in binary or memory: --help
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\VnYfUNA.exe C:\Windows\System32\VnYfUNA.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\bIkaAuF.exe C:\Windows\System32\bIkaAuF.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\jcnyUWd.exe C:\Windows\System32\jcnyUWd.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\NyQTRVw.exe C:\Windows\System32\NyQTRVw.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\bRMguRb.exe C:\Windows\System32\bRMguRb.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\urnxCEN.exe C:\Windows\System32\urnxCEN.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\yjwCZgI.exe C:\Windows\System32\yjwCZgI.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\ODcBTbU.exe C:\Windows\System32\ODcBTbU.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\QsDlHSI.exe C:\Windows\System32\QsDlHSI.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\NUQghJW.exe C:\Windows\System32\NUQghJW.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\WFQtidM.exe C:\Windows\System32\WFQtidM.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\kcOtUgS.exe C:\Windows\System32\kcOtUgS.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\CtGCMUU.exe C:\Windows\System32\CtGCMUU.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\khzlYlB.exe C:\Windows\System32\khzlYlB.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\dNcZNsO.exe C:\Windows\System32\dNcZNsO.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\tlKeaSH.exe C:\Windows\System32\tlKeaSH.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\purtHeQ.exe C:\Windows\System32\purtHeQ.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\YrgSOdx.exe C:\Windows\System32\YrgSOdx.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\NaIzQZQ.exe C:\Windows\System32\NaIzQZQ.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\BDQRaAY.exe C:\Windows\System32\BDQRaAY.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\EAmedTr.exe C:\Windows\System32\EAmedTr.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\OeidtHB.exe C:\Windows\System32\OeidtHB.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\ulxEuWR.exe C:\Windows\System32\ulxEuWR.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\bpKoOax.exe C:\Windows\System32\bpKoOax.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\kCmzHfG.exe C:\Windows\System32\kCmzHfG.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\jTZhWqf.exe C:\Windows\System32\jTZhWqf.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\tizhzLm.exe C:\Windows\System32\tizhzLm.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\kWmKVbB.exe C:\Windows\System32\kWmKVbB.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\qfZMSiS.exe C:\Windows\System32\qfZMSiS.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\PerkPVz.exe C:\Windows\System32\PerkPVz.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\dnULvmA.exe C:\Windows\System32\dnULvmA.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\iXrmqoo.exe C:\Windows\System32\iXrmqoo.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\EIuVwIR.exe C:\Windows\System32\EIuVwIR.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\YfdxMIy.exe C:\Windows\System32\YfdxMIy.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\dgZNHyj.exe C:\Windows\System32\dgZNHyj.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\leQcUpZ.exe C:\Windows\System32\leQcUpZ.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\TVvGYeO.exe C:\Windows\System32\TVvGYeO.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\onkloSd.exe C:\Windows\System32\onkloSd.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\VnYfUNA.exe C:\Windows\System32\VnYfUNA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\bIkaAuF.exe C:\Windows\System32\bIkaAuF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\jcnyUWd.exe C:\Windows\System32\jcnyUWd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\NyQTRVw.exe C:\Windows\System32\NyQTRVw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\bRMguRb.exe C:\Windows\System32\bRMguRb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\urnxCEN.exe C:\Windows\System32\urnxCEN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\yjwCZgI.exe C:\Windows\System32\yjwCZgI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\ODcBTbU.exe C:\Windows\System32\ODcBTbU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\QsDlHSI.exe C:\Windows\System32\QsDlHSI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\NUQghJW.exe C:\Windows\System32\NUQghJW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\WFQtidM.exe C:\Windows\System32\WFQtidM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\kcOtUgS.exe C:\Windows\System32\kcOtUgS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\CtGCMUU.exe C:\Windows\System32\CtGCMUU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\khzlYlB.exe C:\Windows\System32\khzlYlB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\dNcZNsO.exe C:\Windows\System32\dNcZNsO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\tlKeaSH.exe C:\Windows\System32\tlKeaSH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\purtHeQ.exe C:\Windows\System32\purtHeQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\YrgSOdx.exe C:\Windows\System32\YrgSOdx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\NaIzQZQ.exe C:\Windows\System32\NaIzQZQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\BDQRaAY.exe C:\Windows\System32\BDQRaAY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\EAmedTr.exe C:\Windows\System32\EAmedTr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\OeidtHB.exe C:\Windows\System32\OeidtHB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\ulxEuWR.exe C:\Windows\System32\ulxEuWR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\bpKoOax.exe C:\Windows\System32\bpKoOax.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\kCmzHfG.exe C:\Windows\System32\kCmzHfG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\jTZhWqf.exe C:\Windows\System32\jTZhWqf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\tizhzLm.exe C:\Windows\System32\tizhzLm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\kWmKVbB.exe C:\Windows\System32\kWmKVbB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\qfZMSiS.exe C:\Windows\System32\qfZMSiS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\PerkPVz.exe C:\Windows\System32\PerkPVz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\dnULvmA.exe C:\Windows\System32\dnULvmA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\iXrmqoo.exe C:\Windows\System32\iXrmqoo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\EIuVwIR.exe C:\Windows\System32\EIuVwIR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\YfdxMIy.exe C:\Windows\System32\YfdxMIy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\dgZNHyj.exe C:\Windows\System32\dgZNHyj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\leQcUpZ.exe C:\Windows\System32\leQcUpZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\TVvGYeO.exe C:\Windows\System32\TVvGYeO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\System32\onkloSd.exe C:\Windows\System32\onkloSd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\VnYfUNA.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\VnYfUNA.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\bIkaAuF.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\bIkaAuF.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\jcnyUWd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\jcnyUWd.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\NyQTRVw.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\NyQTRVw.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\bRMguRb.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\bRMguRb.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\urnxCEN.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\urnxCEN.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\yjwCZgI.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\yjwCZgI.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\ODcBTbU.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\ODcBTbU.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\QsDlHSI.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\QsDlHSI.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\NUQghJW.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\NUQghJW.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WFQtidM.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\WFQtidM.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\kcOtUgS.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\kcOtUgS.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\CtGCMUU.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\CtGCMUU.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\khzlYlB.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\khzlYlB.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\dNcZNsO.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\dNcZNsO.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tlKeaSH.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\tlKeaSH.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\purtHeQ.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\purtHeQ.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\YrgSOdx.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\YrgSOdx.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\NaIzQZQ.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\NaIzQZQ.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\BDQRaAY.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\BDQRaAY.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\EAmedTr.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\EAmedTr.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\OeidtHB.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\OeidtHB.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\ulxEuWR.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\ulxEuWR.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\bpKoOax.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\bpKoOax.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\kCmzHfG.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\kCmzHfG.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\jTZhWqf.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\jTZhWqf.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tizhzLm.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\tizhzLm.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\kWmKVbB.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\kWmKVbB.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\qfZMSiS.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\qfZMSiS.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\PerkPVz.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\PerkPVz.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\dnULvmA.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\dnULvmA.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\iXrmqoo.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\iXrmqoo.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\EIuVwIR.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\EIuVwIR.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\YfdxMIy.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\YfdxMIy.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\dgZNHyj.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\dgZNHyj.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\leQcUpZ.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\leQcUpZ.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\TVvGYeO.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\TVvGYeO.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\onkloSd.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\onkloSd.exe Section loaded: kernel.appcore.dll
Source: file.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: file.exe Static file information: File size 1319576 > 1048576
Source: file.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Contains functionality to dynamically determine API calls
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 3_2_00007FF66B76EBF0
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B718072 push qword ptr [00007FF5F6B9AAF7h]; retf 3_2_00007FF66B718078
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B717FA3 push qword ptr [00007FF5F6B9AA28h]; retf 3_2_00007FF66B717FA9
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D848072 push qword ptr [00007FF728CCAAF7h]; retf 4_2_00007FF79D848078
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D847FA3 push qword ptr [00007FF728CCAA28h]; retf 4_2_00007FF79D847FA9
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F58072 push qword ptr [00007FF6C43DAAF7h]; retf 5_2_00007FF738F58078
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738F57FA3 push qword ptr [00007FF6C43DAA28h]; retf 5_2_00007FF738F57FA9
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721148072 push qword ptr [00007FF6AC5CAAF7h]; retf 6_2_00007FF721148078
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF721147FA3 push qword ptr [00007FF6AC5CAA28h]; retf 6_2_00007FF721147FA9
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130F8072 push qword ptr [00007FF69E57AAF7h]; retf 7_2_00007FF7130F8078
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF7130F7FA3 push qword ptr [00007FF69E57AA28h]; retf 7_2_00007FF7130F7FA9
Source: C:\Windows\System32\urnxCEN.exe Code function: 8_2_00007FF795C68072 push qword ptr [00007FF7210EAAF7h]; retf 8_2_00007FF795C68078
Source: C:\Windows\System32\urnxCEN.exe Code function: 8_2_00007FF795C67FA3 push qword ptr [00007FF7210EAA28h]; retf 8_2_00007FF795C67FA9
Source: C:\Windows\System32\yjwCZgI.exe Code function: 9_2_00007FF7BB068072 push qword ptr [00007FF7464EAAF7h]; retf 9_2_00007FF7BB068078
Source: C:\Windows\System32\yjwCZgI.exe Code function: 9_2_00007FF7BB067FA3 push qword ptr [00007FF7464EAA28h]; retf 9_2_00007FF7BB067FA9
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Persistence and Installation Behavior
barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\kWmKVbB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\BDQRaAY.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\jcnyUWd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\dgZNHyj.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\urnxCEN.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\QsDlHSI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\EIuVwIR.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\ODcBTbU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\NaIzQZQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\TVvGYeO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\tlKeaSH.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\dnULvmA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\EAmedTr.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\iXrmqoo.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\WFQtidM.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\NyQTRVw.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\yjwCZgI.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\kcOtUgS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\bIkaAuF.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\bRMguRb.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\CtGCMUU.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\VnYfUNA.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\NUQghJW.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\YrgSOdx.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\PerkPVz.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\jTZhWqf.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\khzlYlB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\YfdxMIy.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\OeidtHB.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\onkloSd.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\leQcUpZ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\qfZMSiS.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\kCmzHfG.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\bpKoOax.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\dNcZNsO.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\purtHeQ.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\tizhzLm.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Executable created and started: C:\Windows\System32\ulxEuWR.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iVbMnbu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FgKqoCT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AtsENTD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fcuxjwf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BSAmgMR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lxNZCSl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TThpyBV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pywYtWb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mYmXotx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vVNNzfk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bIkaAuF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AOQhxsp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EKOSilO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FhlszaQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wBJLquS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nthnzIV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ltytQGi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Ofjsurf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\urlTnoj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VWmArRG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rZgavmv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nOEJStF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TiJXIOW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\biRfUfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EduFCUz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eIXVBZJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uolcsKh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bRMguRb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ryWIDGN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CJKkuDs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dGceAQD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qQQgXXK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uDxTgCB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZDInXvu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sckivUs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hlaiAXN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uenbslS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EkRQFxJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\StNdznI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kWmKVbB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OEUrUQd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gryDQnK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BDQRaAY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZozZouR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mhFlPMp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mmNbuQQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CtGCMUU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WCxbejU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RCMKsbF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mrWQLEP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gVpsUlM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KwHrtOt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FKiQFhm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BtVojZD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HnFkqxU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wDdVPes.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jcnyUWd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rjIteOz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TYjzunq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qrkVtmd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jfozzXV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dgZNHyj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vcZfLey.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ktUKQGB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nDxtiiw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pbrsmwX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nklGrbU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RSMPQOu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ByCTYRH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nyzFIdo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ibxPLHw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IUOOQRj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FbYGtmf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CpJNBhW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CnslmiL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MGzbrnO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DqaetZp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hYxTNod.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dDtDLHD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VnYfUNA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rSTdbqi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GSZfKir.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MnoIUSg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tLZVeAL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NUQghJW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\igBUVJa.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AMuEAdw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BxIGjlT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gJfLIkn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FMSBKwx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FUOWxsn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YrgSOdx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sAIFVZs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MHLbrud.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gXRpWMk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HKkeYCO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GGwjxCd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GEIpOYd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VYQDcrW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rHbibYS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LoQJpKn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\urnxCEN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZNTnROi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wlFgCWZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bXuGBXO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PFPbAGj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oNkODZX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HWVrnQY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GQbhKtv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fEoaLTP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NARJDKG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YfQtiGn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ERQoRPm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZbhesDT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NmGXkLf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pBCoAZz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AEbmgKr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CvjsAYd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YSdFoTl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cfnMrSt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QsDlHSI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PveCbOn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\juRRbWT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lzyiWde.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fwzttYD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bUGCwZs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qLFpkyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EIuVwIR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\avakYZH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\moNzgxD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NbfFUBN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zscTvPp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KcRJXPZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PerkPVz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pQKRLhi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wQLXnvy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VKffrdq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ODcBTbU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jTZhWqf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aGskKzf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\khzlYlB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YfdxMIy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TzFLQWr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MpWfXty.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GMzJhGN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LccHBBJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sUyqMdO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YQVsEch.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OeidtHB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wVcAZEf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ACOyQko.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\onkloSd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lFCXyhy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eURhaaq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WAadpRI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NismUEF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HPQHWRf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ApNtYXM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OVKsVjk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NaIzQZQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MqKVuGv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yOOmCzV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pWpMupI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vvYHGgY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\caCYhXO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HbtcKta.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BihslAp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lEZxRNn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\UKSFPqC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ysATWub.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ipSPLpG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WUYZgKx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rwdjFzY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nyJnahZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gnGUQzq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KpKSjOq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EdoJevv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZHbbuyV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\leQcUpZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SRAKIgS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SStjyeF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yfBRNjZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\huDYzjy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qaosjzf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BVyPfAG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kJKNrrq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HmxqcfL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KTkxDDL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RUWymnC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XtYrgrE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gIkBMuV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TVvGYeO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZGJJqgk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yeTsgVg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fiQoDpS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DUFctGh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dyGPlqF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\heSposr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ysGrSzS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WqXimyX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XODUUPe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qfZMSiS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tlKeaSH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NKHpvXf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rKjUVqd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sFCsFSy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XbREdEh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dTtlbMT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZXpXprY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZQREVkQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OvMacMA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PsPYQIL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WzZvjXk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xbNnfWz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DkxEByF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DidVzfl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fcTuRbs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\buTLxRn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eHQNumx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rvtKXyI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YCtLpfR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tawwJws.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VpreOML.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YqZAYCh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iwtHoSn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NOZziQl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GlEZGgb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lJqkWee.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cpzBcQW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kCmzHfG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bpKoOax.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iFNQXDN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LQcSNEY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WUTESmb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wzMhfwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lZYCJzL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uuEcvKg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xOFVnEt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dnULvmA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\USJJelL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QdIDwgP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pxyqeBW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MjTkVAq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EhgZFQv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ztldFeA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NeDxvFE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bUzrJhf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fggtuAI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OHlpuMI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TAZaUOv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mNauFZd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XNKaYQF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WlFpFEG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ThUbzwp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\toxqCjT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gnfhVHJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hLZDZXQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RCmnkEl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AlmQZUd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mzTefuh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bosjKmA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NREQyWy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oFzAISt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aBFaHyB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\npKAqbE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GclqrUY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LViLDgE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YlGorhY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NqtVQAf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FejCdzl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YbGAwak.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FXlfLgD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Jtfotww.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EAmedTr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zztfyNw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mVeLdBO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QlrrAWr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RrXxnLK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eLGbTft.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zwUwyun.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iXrmqoo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Owwdyfl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wLaokfk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MSMdCif.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pdDIOxl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lbvtdts.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lJCJVli.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qnwzIYG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DTtAXtk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hOtQuIc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SFNNXcc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\twdmntG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wFCiUxj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dhauwZm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zStyRhG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CSPmMtl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fbsOELi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BxDaCaN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RiXVDoR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BYyVCgg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dFVXJJP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TUEKfLK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\arGCgTC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XdPyZTm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SCUtGmI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EXWDvEz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BzqtleM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\phjebwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gCwOtYl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HJXSYZw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vzQsfTD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dNcZNsO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SFSInIN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wCvATWl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PXeZCvc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OdXSJgr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uWhVEOL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WQfkGca.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LalIpAN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tPjVJkZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FTfxEHA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dmaafTQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lcXqCuq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kAvcvMe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WFQtidM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\auNdheo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wBTsLgc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jQvONnt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kQWzsiZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TsvTSDe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aTbWXFt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KknUyhA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ySISxgi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WXYWrDV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eysETzm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\purtHeQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NugSADC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YGfIDfV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\scdQUOw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ipKMruV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gKWutyC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RLkhMKB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NyQTRVw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DFzhsjf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YuukKJw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZPbxJBg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eaIIdzi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tEZdSza.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uUCONsL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zNwklTy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tizhzLm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SNbeoeM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uxEhkcb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lhUuhgW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wmqBXvH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aCNewAK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YPwRGWN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NyaqMPu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FvcymNb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ptxhrCA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YiUcCIC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HJHKyUH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yjwCZgI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QAiGqNb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IFmsxdu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rvjDyvL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LVOAoyf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vZKJapN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ulxEuWR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qJwMNFF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iSmQsnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FpKaoqH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nrbVMPg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fEsjqCF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TPGgdFl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Njsquvm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fTvMnGo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wVETfuw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ufXvwcd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kcOtUgS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EvTBMbj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\raQtysG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wwYZKEK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fwrTqiM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nJsAjeN.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iVbMnbu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FgKqoCT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AtsENTD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fcuxjwf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BSAmgMR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lxNZCSl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TThpyBV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pywYtWb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mYmXotx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vVNNzfk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bIkaAuF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AOQhxsp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EKOSilO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FhlszaQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wBJLquS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nthnzIV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ltytQGi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Ofjsurf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\urlTnoj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VWmArRG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rZgavmv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nOEJStF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TiJXIOW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\biRfUfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EduFCUz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eIXVBZJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uolcsKh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bRMguRb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ryWIDGN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CJKkuDs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dGceAQD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qQQgXXK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uDxTgCB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZDInXvu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sckivUs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hlaiAXN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uenbslS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EkRQFxJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\StNdznI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kWmKVbB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OEUrUQd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gryDQnK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BDQRaAY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZozZouR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mhFlPMp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mmNbuQQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CtGCMUU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WCxbejU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RCMKsbF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mrWQLEP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gVpsUlM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KwHrtOt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FKiQFhm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BtVojZD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HnFkqxU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wDdVPes.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jcnyUWd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rjIteOz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TYjzunq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qrkVtmd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jfozzXV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dgZNHyj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vcZfLey.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ktUKQGB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nDxtiiw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pbrsmwX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nklGrbU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RSMPQOu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ByCTYRH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nyzFIdo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ibxPLHw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IUOOQRj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FbYGtmf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CpJNBhW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CnslmiL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MGzbrnO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DqaetZp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hYxTNod.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dDtDLHD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VnYfUNA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rSTdbqi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GSZfKir.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MnoIUSg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tLZVeAL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NUQghJW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\igBUVJa.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AMuEAdw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BxIGjlT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gJfLIkn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FMSBKwx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FUOWxsn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YrgSOdx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sAIFVZs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MHLbrud.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gXRpWMk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HKkeYCO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GGwjxCd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GEIpOYd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VYQDcrW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rHbibYS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LoQJpKn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\urnxCEN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZNTnROi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wlFgCWZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bXuGBXO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PFPbAGj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oNkODZX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HWVrnQY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GQbhKtv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fEoaLTP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NARJDKG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YfQtiGn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ERQoRPm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZbhesDT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NmGXkLf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pBCoAZz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AEbmgKr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CvjsAYd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YSdFoTl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cfnMrSt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QsDlHSI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PveCbOn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\juRRbWT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lzyiWde.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fwzttYD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bUGCwZs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qLFpkyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EIuVwIR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\avakYZH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\moNzgxD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NbfFUBN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zscTvPp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KcRJXPZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PerkPVz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pQKRLhi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wQLXnvy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VKffrdq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ODcBTbU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jTZhWqf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aGskKzf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\khzlYlB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YfdxMIy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TzFLQWr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MpWfXty.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GMzJhGN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LccHBBJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sUyqMdO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YQVsEch.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OeidtHB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wVcAZEf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ACOyQko.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\onkloSd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lFCXyhy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eURhaaq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WAadpRI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NismUEF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HPQHWRf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ApNtYXM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OVKsVjk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NaIzQZQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MqKVuGv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yOOmCzV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pWpMupI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vvYHGgY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\caCYhXO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HbtcKta.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BihslAp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lEZxRNn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\UKSFPqC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ysATWub.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ipSPLpG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WUYZgKx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rwdjFzY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nyJnahZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gnGUQzq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KpKSjOq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EdoJevv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZHbbuyV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\leQcUpZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SRAKIgS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SStjyeF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yfBRNjZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\huDYzjy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qaosjzf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BVyPfAG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kJKNrrq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HmxqcfL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KTkxDDL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RUWymnC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XtYrgrE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gIkBMuV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TVvGYeO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZGJJqgk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yeTsgVg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fiQoDpS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DUFctGh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dyGPlqF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\heSposr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ysGrSzS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WqXimyX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XODUUPe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qfZMSiS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tlKeaSH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NKHpvXf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rKjUVqd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\sFCsFSy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XbREdEh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dTtlbMT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZXpXprY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZQREVkQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OvMacMA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PsPYQIL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WzZvjXk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xbNnfWz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DkxEByF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DidVzfl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fcTuRbs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\buTLxRn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eHQNumx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rvtKXyI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YCtLpfR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tawwJws.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\VpreOML.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YqZAYCh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iwtHoSn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NOZziQl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GlEZGgb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lJqkWee.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\cpzBcQW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kCmzHfG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bpKoOax.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iFNQXDN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LQcSNEY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WUTESmb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wzMhfwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lZYCJzL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uuEcvKg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\xOFVnEt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dnULvmA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\USJJelL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QdIDwgP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pxyqeBW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MjTkVAq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EhgZFQv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ztldFeA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NeDxvFE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bUzrJhf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fggtuAI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OHlpuMI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TAZaUOv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mNauFZd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XNKaYQF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WlFpFEG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ThUbzwp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\toxqCjT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gnfhVHJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hLZDZXQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RCmnkEl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\AlmQZUd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mzTefuh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\bosjKmA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NREQyWy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\oFzAISt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aBFaHyB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\npKAqbE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\GclqrUY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LViLDgE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YlGorhY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NqtVQAf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FejCdzl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YbGAwak.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FXlfLgD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Jtfotww.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EAmedTr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zztfyNw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\mVeLdBO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QlrrAWr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RrXxnLK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eLGbTft.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zwUwyun.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iXrmqoo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Owwdyfl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wLaokfk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\MSMdCif.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\pdDIOxl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lbvtdts.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lJCJVli.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qnwzIYG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DTtAXtk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\hOtQuIc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SFNNXcc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\twdmntG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wFCiUxj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dhauwZm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zStyRhG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\CSPmMtl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fbsOELi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BxDaCaN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RiXVDoR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BYyVCgg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dFVXJJP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TUEKfLK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\arGCgTC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\XdPyZTm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SCUtGmI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EXWDvEz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\BzqtleM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\phjebwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gCwOtYl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HJXSYZw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vzQsfTD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dNcZNsO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SFSInIN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wCvATWl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\PXeZCvc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\OdXSJgr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uWhVEOL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WQfkGca.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LalIpAN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tPjVJkZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FTfxEHA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\dmaafTQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lcXqCuq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kAvcvMe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WFQtidM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\auNdheo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wBTsLgc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\jQvONnt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kQWzsiZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TsvTSDe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aTbWXFt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\KknUyhA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ySISxgi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\WXYWrDV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eysETzm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\purtHeQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NugSADC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YGfIDfV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\scdQUOw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ipKMruV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\gKWutyC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\RLkhMKB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NyQTRVw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\DFzhsjf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YuukKJw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ZPbxJBg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\eaIIdzi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tEZdSza.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uUCONsL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\zNwklTy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\tizhzLm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\SNbeoeM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\uxEhkcb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\lhUuhgW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wmqBXvH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\aCNewAK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YPwRGWN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\NyaqMPu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FvcymNb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ptxhrCA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\YiUcCIC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\HJHKyUH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\yjwCZgI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\QAiGqNb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\IFmsxdu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\rvjDyvL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\LVOAoyf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\vZKJapN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ulxEuWR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\qJwMNFF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\iSmQsnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\FpKaoqH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nrbVMPg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fEsjqCF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\TPGgdFl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\Njsquvm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fTvMnGo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wVETfuw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\ufXvwcd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\kcOtUgS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\EvTBMbj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\raQtysG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\wwYZKEK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\fwrTqiM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\System32\nJsAjeN.exe Jump to dropped file
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 3_2_00007FF66B76EBF0
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\iVbMnbu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\kJKNrrq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FgKqoCT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HmxqcfL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\KTkxDDL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\AtsENTD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fcuxjwf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RUWymnC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\XtYrgrE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BSAmgMR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gIkBMuV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZGJJqgk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lxNZCSl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\yeTsgVg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fiQoDpS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\DUFctGh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TThpyBV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pywYtWb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mYmXotx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dyGPlqF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\heSposr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\vVNNzfk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ysGrSzS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WqXimyX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\XODUUPe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\AOQhxsp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EKOSilO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FhlszaQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wBJLquS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ltytQGi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nthnzIV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\Ofjsurf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NKHpvXf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\urlTnoj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rZgavmv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\VWmArRG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nOEJStF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TiJXIOW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rKjUVqd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\biRfUfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EduFCUz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\eIXVBZJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\sFCsFSy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\XbREdEh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uolcsKh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dTtlbMT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZXpXprY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZQREVkQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\PsPYQIL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WzZvjXk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\OvMacMA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ryWIDGN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\CJKkuDs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\xbNnfWz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\DkxEByF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\DidVzfl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fcTuRbs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\buTLxRn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\eHQNumx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rvtKXyI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dGceAQD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YCtLpfR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\tawwJws.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\VpreOML.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YqZAYCh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\qQQgXXK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\iwtHoSn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NOZziQl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uDxTgCB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GlEZGgb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lJqkWee.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\cpzBcQW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\iFNQXDN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\sckivUs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZDInXvu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\LQcSNEY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WUTESmb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\hlaiAXN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wzMhfwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lZYCJzL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uenbslS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uuEcvKg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EkRQFxJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\xOFVnEt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\USJJelL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\QdIDwgP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pxyqeBW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MjTkVAq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\StNdznI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ztldFeA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EhgZFQv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NeDxvFE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\OEUrUQd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gryDQnK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\bUzrJhf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fggtuAI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\OHlpuMI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZozZouR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mhFlPMp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mmNbuQQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TAZaUOv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mNauFZd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\XNKaYQF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WCxbejU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WlFpFEG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RCMKsbF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mrWQLEP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\toxqCjT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ThUbzwp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gVpsUlM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\KwHrtOt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FKiQFhm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gnfhVHJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\hLZDZXQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RCmnkEl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BtVojZD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HnFkqxU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wDdVPes.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\AlmQZUd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rjIteOz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mzTefuh.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\qrkVtmd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\bosjKmA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NREQyWy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TYjzunq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\jfozzXV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\vcZfLey.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ktUKQGB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nDxtiiw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\oFzAISt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pbrsmwX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\aBFaHyB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\npKAqbE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GclqrUY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nklGrbU.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RSMPQOu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\LViLDgE.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ByCTYRH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nyzFIdo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\IUOOQRj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ibxPLHw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FbYGtmf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YlGorhY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NqtVQAf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FejCdzl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YbGAwak.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FXlfLgD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\CpJNBhW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\CnslmiL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MGzbrnO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\Jtfotww.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\DqaetZp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dDtDLHD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\hYxTNod.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rSTdbqi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\zztfyNw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\mVeLdBO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GSZfKir.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MnoIUSg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\QlrrAWr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\tLZVeAL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\eLGbTft.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RrXxnLK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\igBUVJa.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\AMuEAdw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\zwUwyun.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BxIGjlT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gJfLIkn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\Owwdyfl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FUOWxsn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FMSBKwx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MSMdCif.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wLaokfk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pdDIOxl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\sAIFVZs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MHLbrud.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lJCJVli.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gXRpWMk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lbvtdts.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GGwjxCd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HKkeYCO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\qnwzIYG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GEIpOYd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\DTtAXtk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\VYQDcrW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\hOtQuIc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\SFNNXcc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\twdmntG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wFCiUxj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rHbibYS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\LoQJpKn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dhauwZm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\zStyRhG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\CSPmMtl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZNTnROi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wlFgCWZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\bXuGBXO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fbsOELi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BxDaCaN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\PFPbAGj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RiXVDoR.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\oNkODZX.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BYyVCgg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HWVrnQY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dFVXJJP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GQbhKtv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NARJDKG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fEoaLTP.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YfQtiGn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ERQoRPm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZbhesDT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TUEKfLK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\arGCgTC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\XdPyZTm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EXWDvEz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\SCUtGmI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NmGXkLf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pBCoAZz.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\AEbmgKr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\CvjsAYd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YSdFoTl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\cfnMrSt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BzqtleM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\phjebwL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gCwOtYl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HJXSYZw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\vzQsfTD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\juRRbWT.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\PveCbOn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lzyiWde.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fwzttYD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\qLFpkyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\bUGCwZs.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wCvATWl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\SFSInIN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\PXeZCvc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\OdXSJgr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uWhVEOL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\avakYZH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NbfFUBN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\moNzgxD.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\zscTvPp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WQfkGca.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\LalIpAN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\tPjVJkZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FTfxEHA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\KcRJXPZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wQLXnvy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\VKffrdq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pQKRLhi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\aGskKzf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\dmaafTQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lcXqCuq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\kAvcvMe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\auNdheo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TzFLQWr.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wBTsLgc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MpWfXty.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\jQvONnt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\kQWzsiZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\GMzJhGN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TsvTSDe.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\aTbWXFt.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\KknUyhA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\LccHBBJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ySISxgi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\sUyqMdO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WXYWrDV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\eysETzm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YQVsEch.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NugSADC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wVcAZEf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YGfIDfV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ACOyQko.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lFCXyhy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\scdQUOw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ipKMruV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gKWutyC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\RLkhMKB.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\eURhaaq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WAadpRI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NismUEF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\DFzhsjf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YuukKJw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\eaIIdzi.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZPbxJBg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HPQHWRf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ApNtYXM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\OVKsVjk.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\tEZdSza.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\MqKVuGv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uUCONsL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\zNwklTy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\yOOmCzV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\SNbeoeM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\pWpMupI.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\uxEhkcb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lhUuhgW.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\vvYHGgY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wmqBXvH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\caCYhXO.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\aCNewAK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YPwRGWN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\NyaqMPu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FvcymNb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HbtcKta.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BihslAp.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\YiUcCIC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ptxhrCA.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\HJHKyUH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\lEZxRNn.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\UKSFPqC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ysATWub.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\QAiGqNb.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\IFmsxdu.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\WUYZgKx.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ipSPLpG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rvjDyvL.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\rwdjFzY.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\LVOAoyf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\vZKJapN.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nyJnahZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\gnGUQzq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\qJwMNFF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EdoJevv.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\KpKSjOq.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\iSmQsnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ZHbbuyV.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\FpKaoqH.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nrbVMPg.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\SRAKIgS.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\SStjyeF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fEsjqCF.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\TPGgdFl.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\Njsquvm.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\yfBRNjZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\huDYzjy.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fTvMnGo.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\qaosjzf.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wVETfuw.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\BVyPfAG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\ufXvwcd.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\EvTBMbj.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\wwYZKEK.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\raQtysG.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\fwrTqiM.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Windows\System32\nJsAjeN.exe Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Windows\System32\VnYfUNA.exe API coverage: 1.8 %
Source: C:\Windows\System32\bIkaAuF.exe API coverage: 1.6 %
Source: C:\Windows\System32\jcnyUWd.exe API coverage: 1.3 %
Source: C:\Windows\System32\NyQTRVw.exe API coverage: 1.6 %
Source: C:\Windows\System32\bRMguRb.exe API coverage: 1.8 %
Source: C:\Windows\System32\urnxCEN.exe API coverage: 1.8 %
Source: C:\Windows\System32\yjwCZgI.exe API coverage: 1.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\VnYfUNA.exe TID: 3200 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System32\bIkaAuF.exe TID: 1236 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System32\jcnyUWd.exe TID: 6988 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System32\NyQTRVw.exe TID: 5572 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System32\bRMguRb.exe TID: 1424 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System32\urnxCEN.exe TID: 4068 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System32\yjwCZgI.exe TID: 4844 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\ODcBTbU.exe TID: 3640 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\QsDlHSI.exe TID: 5424 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\NUQghJW.exe TID: 6228 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\WFQtidM.exe TID: 7164 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\kcOtUgS.exe TID: 5500 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\CtGCMUU.exe TID: 1460 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\khzlYlB.exe TID: 7056 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\dNcZNsO.exe TID: 6968 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\tlKeaSH.exe TID: 4392 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\purtHeQ.exe TID: 336 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\YrgSOdx.exe TID: 920 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\NaIzQZQ.exe TID: 6060 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\BDQRaAY.exe TID: 2376 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\EAmedTr.exe TID: 5792 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\OeidtHB.exe TID: 5756 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\ulxEuWR.exe TID: 3892 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\bpKoOax.exe TID: 4044 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\kCmzHfG.exe TID: 7104 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\jTZhWqf.exe TID: 1820 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\tizhzLm.exe TID: 1944 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\kWmKVbB.exe TID: 1816 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\qfZMSiS.exe TID: 2752 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\PerkPVz.exe TID: 2976 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\dnULvmA.exe TID: 3004 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\iXrmqoo.exe TID: 6888 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\EIuVwIR.exe TID: 6424 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\YfdxMIy.exe TID: 504 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\dgZNHyj.exe TID: 4224 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\leQcUpZ.exe TID: 4612 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\TVvGYeO.exe TID: 6816 Thread sleep time: -41000s >= -30000s
Source: C:\Windows\System32\onkloSd.exe TID: 6872 Thread sleep time: -41000s >= -30000s
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B76B760 CreateEventA,SetErrorMode,RtlInitializeCriticalSection,GetSystemInfo,RtlInitializeCriticalSection,RtlInitializeCriticalSection,SetConsoleCtrlHandler,CreateSemaphoreA,GetLastError,CreateFileW,QueueUserWorkItem,RtlInitializeCriticalSection,QueryPerformanceFrequency,SetEvent,CloseHandle,WaitForSingleObject,GetLastError, 3_2_00007FF66B76B760
Source: C:\Windows\System32\VnYfUNA.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System32\bIkaAuF.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System32\jcnyUWd.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System32\NyQTRVw.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System32\bRMguRb.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System32\urnxCEN.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System32\yjwCZgI.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\ODcBTbU.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\QsDlHSI.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\NUQghJW.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\WFQtidM.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\kcOtUgS.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\CtGCMUU.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\khzlYlB.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\dNcZNsO.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\tlKeaSH.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\purtHeQ.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\YrgSOdx.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\NaIzQZQ.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\BDQRaAY.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\EAmedTr.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\OeidtHB.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\ulxEuWR.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\bpKoOax.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\kCmzHfG.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\jTZhWqf.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\tizhzLm.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\kWmKVbB.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\qfZMSiS.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\PerkPVz.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\dnULvmA.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\iXrmqoo.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\EIuVwIR.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\YfdxMIy.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\dgZNHyj.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\leQcUpZ.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\TVvGYeO.exe Thread delayed: delay time: 41000
Source: C:\Windows\System32\onkloSd.exe Thread delayed: delay time: 41000
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7AD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00007FF66B7AD6D4
Contains functionality to dynamically determine API calls
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B76EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 3_2_00007FF66B76EBF0
Source: C:\Windows\System32\VnYfUNA.exe Code function: 3_2_00007FF66B7AD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00007FF66B7AD6D4
Source: C:\Windows\System32\bIkaAuF.exe Code function: 4_2_00007FF79D8DD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 4_2_00007FF79D8DD6D4
Source: C:\Windows\System32\jcnyUWd.exe Code function: 5_2_00007FF738FED6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 5_2_00007FF738FED6D4
Source: C:\Windows\System32\NyQTRVw.exe Code function: 6_2_00007FF7211DD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FF7211DD6D4
Source: C:\Windows\System32\bRMguRb.exe Code function: 7_2_00007FF71318D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 7_2_00007FF71318D6D4
Source: C:\Windows\System32\urnxCEN.exe Code function: 8_2_00007FF795CFD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 8_2_00007FF795CFD6D4
Source: C:\Windows\System32\yjwCZgI.exe Code function: 9_2_00007FF7BB0FD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FF7BB0FD6D4
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1522709 Sample: file.exe Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 27 Malicious sample detected (through community Yara rule) 2->27 29 Antivirus detection for dropped file 2->29 31 Antivirus / Scanner detection for submitted sample 2->31 33 6 other signatures 2->33 6 file.exe 1002 2->6         started        process3 file4 19 C:\Windows\System32\zztfyNw.exe, PE32+ 6->19 dropped 21 C:\Windows\System32\zwUwyun.exe, PE32+ 6->21 dropped 23 C:\Windows\System32\ztldFeA.exe, PE32+ 6->23 dropped 25 382 other malicious files 6->25 dropped 35 Drops executables to the windows directory (C:\Windows) and starts them 6->35 10 CtGCMUU.exe 6->10         started        13 BDQRaAY.exe 6->13         started        15 EAmedTr.exe 6->15         started        17 36 other processes 6->17 signatures5 process6 signatures7 37 Antivirus detection for dropped file 10->37 39 Machine Learning detection for dropped file 10->39 41 Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners) 17->41
No contacted IP infos