Source: 15.2.ybyrikeu.exe.28e0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.2.ybyrikeu.exe.28e0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.2.ybyrikeu.exe.2950000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.2.ybyrikeu.exe.2950000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.2.ybyrikeu.exe.2950000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.2.ybyrikeu.exe.2950000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 2.3.igvdwmhd.exe.2af0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 2.3.igvdwmhd.exe.2af0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 2.2.igvdwmhd.exe.29b0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 2.2.igvdwmhd.exe.29b0e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 21.2.svchost.exe.2b80000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 21.2.svchost.exe.2b80000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 2.3.igvdwmhd.exe.2af0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 2.3.igvdwmhd.exe.2af0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.3.ybyrikeu.exe.2910000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.3.ybyrikeu.exe.2910000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.2.ybyrikeu.exe.28e0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.2.ybyrikeu.exe.28e0e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.2.ybyrikeu.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.2.ybyrikeu.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 2.2.igvdwmhd.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 2.2.igvdwmhd.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 2.2.igvdwmhd.exe.29b0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 2.2.igvdwmhd.exe.29b0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.2.ybyrikeu.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.2.ybyrikeu.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 21.2.svchost.exe.2b80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 21.2.svchost.exe.2b80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.3.ybyrikeu.exe.2910000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 15.3.ybyrikeu.exe.2910000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 2.2.igvdwmhd.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 2.2.igvdwmhd.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000002.00000002.1349305263.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000002.00000002.1349305263.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000002.00000002.1350570395.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 00000002.00000002.1350570395.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000F.00000002.1367995778.0000000002950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000F.00000002.1367995778.0000000002950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000F.00000003.1363366443.0000000002910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000F.00000003.1363366443.0000000002910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000F.00000002.1368074204.00000000029B2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 00000002.00000003.1308349259.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000002.00000003.1308349259.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000002.00000002.1351232837.0000000002BB9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 0000000F.00000002.1366646890.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000F.00000002.1366646890.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000F.00000002.1367922427.00000000028E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 0000000F.00000002.1367922427.00000000028E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000015.00000002.2522813570.0000000002B80000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000015.00000002.2522813570.0000000002B80000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 15.2.ybyrikeu.exe.28e0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.2.ybyrikeu.exe.28e0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.2.ybyrikeu.exe.2950000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.2.ybyrikeu.exe.2950000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.2.ybyrikeu.exe.2950000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.2.ybyrikeu.exe.2950000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 2.3.igvdwmhd.exe.2af0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 2.3.igvdwmhd.exe.2af0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 2.2.igvdwmhd.exe.29b0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 2.2.igvdwmhd.exe.29b0e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 21.2.svchost.exe.2b80000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 21.2.svchost.exe.2b80000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 2.3.igvdwmhd.exe.2af0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 2.3.igvdwmhd.exe.2af0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.3.ybyrikeu.exe.2910000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.3.ybyrikeu.exe.2910000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.2.ybyrikeu.exe.28e0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.2.ybyrikeu.exe.28e0e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.2.ybyrikeu.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.2.ybyrikeu.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 2.2.igvdwmhd.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 2.2.igvdwmhd.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 2.2.igvdwmhd.exe.29b0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 2.2.igvdwmhd.exe.29b0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.2.ybyrikeu.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.2.ybyrikeu.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 21.2.svchost.exe.2b80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 21.2.svchost.exe.2b80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 15.3.ybyrikeu.exe.2910000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 15.3.ybyrikeu.exe.2910000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 2.2.igvdwmhd.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 2.2.igvdwmhd.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000002.00000002.1349305263.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000002.00000002.1349305263.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000002.00000002.1350570395.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000002.00000002.1350570395.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000F.00000002.1367995778.0000000002950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000F.00000002.1367995778.0000000002950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000F.00000003.1363366443.0000000002910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000F.00000003.1363366443.0000000002910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000F.00000002.1368074204.00000000029B2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000002.00000003.1308349259.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000002.00000003.1308349259.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000002.00000002.1351232837.0000000002BB9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 0000000F.00000002.1366646890.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000F.00000002.1366646890.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000F.00000002.1367922427.00000000028E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 0000000F.00000002.1367922427.00000000028E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000015.00000002.2522813570.0000000002B80000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000015.00000002.2522813570.0000000002B80000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Code function: 2_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 2_2_00409A6B |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Code function: 15_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 15_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 21_2_02B89A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 21_2_02B89A6B |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc | |
Source: unknown | Process created: C:\Users\user\Desktop\igvdwmhd.exe "C:\Users\user\Desktop\igvdwmhd.exe" | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\ptcoklzf\ | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user~1\AppData\Local\Temp\ybyrikeu.exe" C:\Windows\SysWOW64\ptcoklzf\ | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create ptcoklzf binPath= "C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe /d\"C:\Users\user\Desktop\igvdwmhd.exe\"" type= own start= auto DisplayName= "wifi support" | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description ptcoklzf "wifi internet conection" | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start ptcoklzf | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe /d"C:\Users\user\Desktop\igvdwmhd.exe" | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul | |
Source: C:\Windows\SysWOW64\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7348 -ip 7348 | |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 1232 | |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7800 -ip 7800 | |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 544 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable | |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\ptcoklzf\ | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user~1\AppData\Local\Temp\ybyrikeu.exe" C:\Windows\SysWOW64\ptcoklzf\ | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create ptcoklzf binPath= "C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe /d\"C:\Users\user\Desktop\igvdwmhd.exe\"" type= own start= auto DisplayName= "wifi support" | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description ptcoklzf "wifi internet conection" | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start ptcoklzf | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7348 -ip 7348 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 1232 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7800 -ip 7800 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 544 | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: w32time.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: logoncli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vmictimeprovider.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wersvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: windowsperformancerecordercontrol.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: weretw.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: faultrep.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanagersvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: clipc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: mpclient.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: wscapi.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Windows Defender\MpCmdRun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\igvdwmhd.exe | Code function: 2_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 2_2_00409A6B |
Source: C:\Windows\SysWOW64\ptcoklzf\ybyrikeu.exe | Code function: 15_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 15_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 21_2_02B89A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 21_2_02B89A6B |