Windows Analysis Report
Gulvmaattens.exe

Compliance

Source: Gulvmaattens.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Gulvmaattens.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: sqmapi.pdbUGP source: sqmapi.dll.0.dr
Source:	Binary string: sqmapi.pdb source: sqmapi.dll.0.dr

Spreading

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_0040676F FindFirstFileW,FindClose,		0_2_0040676F
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405B23
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_00402902 FindFirstFileW,		0_2_00402902

Networking

Source: Gulvmaattens.exe	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: Gulvmaattens.exe	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: Gulvmaattens.exe	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: Gulvmaattens.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Gulvmaattens.exe	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: Gulvmaattens.exe	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: Gulvmaattens.exe	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: Gulvmaattens.exe	String found in binary or memory: http://subca.ocsp-certum.com01
Source: Gulvmaattens.exe	String found in binary or memory: http://subca.ocsp-certum.com02
Source: Gulvmaattens.exe	String found in binary or memory: http://subca.ocsp-certum.com05
Source: Gulvmaattens.exe	String found in binary or memory: http://www.certum.pl/CPS0

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_004055B8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004055B8

DDoS

Source: Conhost.exe

Process created: 92

System Summary

Source: Gulvmaattens.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Gulvmaattens.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Gulvmaattens.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004034C5

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_00407458		0_2_00407458
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_00406C81		0_2_00406C81
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_6F6A1B5F		0_2_6F6A1B5F

Source: Gulvmaattens.exe

Static PE information: invalid certificate

Source: vfslog.dll.0.dr

Static PE information: Number of sections : 19 > 10

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\Gulvmaattens.exe

File read: C:\Users\user\Desktop\Gulvmaattens.exe

Jump to behavior

Source: Gulvmaattens.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Gulvmaattens.exe "C:\Users\user\Desktop\Gulvmaattens.exe"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x52^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x47^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x72^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1B^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x43^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x4B^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x47^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x72^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x4B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004034C5

Source: C:\Users\user\Desktop\Gulvmaattens.exe

File created: C:\Users\user\Falder99

Jump to behavior

Source: C:\Users\user\Desktop\Gulvmaattens.exe

File created: C:\Users\user\AppData\Local\Temp\nsp6DDB.tmp

Jump to behavior

Source: classification engine

Classification label: mal60.troj.evad.winEXE@412/8@0/0

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_004021A2 CoCreateInstance,

0_2_004021A2

Source: C:\Users\user\Desktop\Gulvmaattens.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_00404858 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404858

Source: Gulvmaattens.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: sqmapi.pdbUGP source: sqmapi.dll.0.dr
Source:	Binary string: sqmapi.pdb source: sqmapi.dll.0.dr

Data Obfuscation

Source: Yara match

File source: 00000000.00000002.626525207.0000000000760000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x52^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x47^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x72^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1B^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x43^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x4B^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x47^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x72^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x4B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior

Source: vfslog.dll.0.dr	Static PE information: section name: .xdata
Source: vfslog.dll.0.dr	Static PE information: section name: /4
Source: vfslog.dll.0.dr	Static PE information: section name: /19
Source: vfslog.dll.0.dr	Static PE information: section name: /31
Source: vfslog.dll.0.dr	Static PE information: section name: /45
Source: vfslog.dll.0.dr	Static PE information: section name: /57
Source: vfslog.dll.0.dr	Static PE information: section name: /70
Source: vfslog.dll.0.dr	Static PE information: section name: /81
Source: vfslog.dll.0.dr	Static PE information: section name: /92

Source: sqmapi.dll.0.dr

Static PE information: 0xCBF26285 [Sun Jun 5 13:03:01 2078 UTC]

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_6F6A1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6F6A1B5F

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\Gulvmaattens.exe	File created: C:\Users\user\Falder99\Interelectrode\Overvejendes\sqmapi.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Gulvmaattens.exe	File created: C:\Users\user\AppData\Local\Temp\nso786B.tmp\nsExec.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Gulvmaattens.exe	File created: C:\Users\user\Falder99\Interelectrode\Overvejendes\vfslog.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Gulvmaattens.exe	File created: C:\Users\user\AppData\Local\Temp\nso786B.tmp\System.dll			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7F^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"

Source: C:\Users\user\Desktop\Gulvmaattens.exe

RDTSC instruction interceptor: First address: 000000000076281A second address: 000000000076281A instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FF438CD5F9Ch 0x00000006 test dh, bh 0x00000008 inc ebp 0x00000009 jmp 00007FF438CD603Ah 0x0000000b test edx, edx 0x0000000d inc ebx 0x0000000e rdtsc

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Dropped PE file which has not been started: C:\Users\user\Falder99\Interelectrode\Overvejendes\sqmapi.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Dropped PE file which has not been started: C:\Users\user\Falder99\Interelectrode\Overvejendes\vfslog.dll			Jump to dropped file

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_0040676F FindFirstFileW,FindClose,		0_2_0040676F
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405B23
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Code function: 0_2_00402902 FindFirstFileW,		0_2_00402902

Source: C:\Users\user\Desktop\Gulvmaattens.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Gulvmaattens.exe	API call chain: ExitProcess graph end node

Anti Debugging

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_6F6A1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6F6A1B5F

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x47^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x56^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x76^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x01^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x72^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x41^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x4B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x75^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x00^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x7D^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x13^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x61^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x09^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5E^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x78^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x07^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x1F^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x0B^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x5A^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c set /a "0x03^51"			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Users\user\Desktop\Gulvmaattens.exe	Process created: unknown unknown			Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\Gulvmaattens.exe

Code function: 0_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004034C5