Source: 12.2.irxigvn.exe.3080000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.irxigvn.exe.3080000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.Eduhazqw4u.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.Eduhazqw4u.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.3.irxigvn.exe.3040000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.3.irxigvn.exe.3040000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.irxigvn.exe.2860e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.3.irxigvn.exe.3040000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.irxigvn.exe.2860e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.3.irxigvn.exe.3040000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.irxigvn.exe.2860e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.irxigvn.exe.2860e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 20.2.svchost.exe.2980000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 20.2.svchost.exe.2980000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 20.2.svchost.exe.2980000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 20.2.svchost.exe.2980000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.irxigvn.exe.3080000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.irxigvn.exe.3080000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.irxigvn.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.irxigvn.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.Eduhazqw4u.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.Eduhazqw4u.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.irxigvn.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.irxigvn.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000002.2090526061.000000000297E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 0000000C.00000002.2090729100.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000002.2090729100.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000002.2090423490.0000000002860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 0000000C.00000002.2090423490.0000000002860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000014.00000002.3270381110.0000000002980000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000014.00000002.3270381110.0000000002980000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000003.2035103007.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000003.2035103007.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000002.2072415855.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.2072415855.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000002.2074784475.0000000002AA2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 00000000.00000002.2074381833.00000000029F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 00000000.00000002.2074381833.00000000029F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000003.2084954417.0000000003040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000003.2084954417.0000000003040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000002.2089147267.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000002.2089147267.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.irxigvn.exe.3080000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.irxigvn.exe.3080000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.Eduhazqw4u.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.Eduhazqw4u.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.3.irxigvn.exe.3040000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.3.irxigvn.exe.3040000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.irxigvn.exe.2860e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.3.irxigvn.exe.3040000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.irxigvn.exe.2860e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.3.irxigvn.exe.3040000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.irxigvn.exe.2860e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.irxigvn.exe.2860e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 20.2.svchost.exe.2980000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 20.2.svchost.exe.2980000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.Eduhazqw4u.exe.29f0e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.Eduhazqw4u.exe.2a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 20.2.svchost.exe.2980000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 20.2.svchost.exe.2980000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.irxigvn.exe.3080000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.irxigvn.exe.3080000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.irxigvn.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.irxigvn.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.Eduhazqw4u.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.Eduhazqw4u.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.irxigvn.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.irxigvn.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000002.2090526061.000000000297E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 0000000C.00000002.2090729100.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000002.2090729100.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000002.2090423490.0000000002860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 0000000C.00000002.2090423490.0000000002860000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000014.00000002.3270381110.0000000002980000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000014.00000002.3270381110.0000000002980000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000003.2035103007.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000003.2035103007.0000000002A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000002.2072415855.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.2072415855.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000002.2074784475.0000000002AA2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.2074381833.00000000029F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000000.00000002.2074381833.00000000029F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000003.2084954417.0000000003040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000003.2084954417.0000000003040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000002.2089147267.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000002.2089147267.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 0_2_00409A6B |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Code function: 12_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 12_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 20_2_02989A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 20_2_02989A6B |
Source: unknown | Process created: C:\Users\user\Desktop\Eduhazqw4u.exe "C:\Users\user\Desktop\Eduhazqw4u.exe" | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\zuvmebno\ | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\irxigvn.exe" C:\Windows\SysWOW64\zuvmebno\ | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create zuvmebno binPath= "C:\Windows\SysWOW64\zuvmebno\irxigvn.exe /d\"C:\Users\user\Desktop\Eduhazqw4u.exe\"" type= own start= auto DisplayName= "wifi support" | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description zuvmebno "wifi internet conection" | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start zuvmebno | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe C:\Windows\SysWOW64\zuvmebno\irxigvn.exe /d"C:\Users\user\Desktop\Eduhazqw4u.exe" | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul | |
Source: C:\Windows\SysWOW64\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5788 -ip 5788 | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 636 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5788 -ip 5788 | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 1204 | |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2724 -ip 2724 | |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 556 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2724 -ip 2724 | |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 552 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager | |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\zuvmebno\ | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\irxigvn.exe" C:\Windows\SysWOW64\zuvmebno\ | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create zuvmebno binPath= "C:\Windows\SysWOW64\zuvmebno\irxigvn.exe /d\"C:\Users\user\Desktop\Eduhazqw4u.exe\"" type= own start= auto DisplayName= "wifi support" | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description zuvmebno "wifi internet conection" | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start zuvmebno | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5788 -ip 5788 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 636 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5788 -ip 5788 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 1204 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2724 -ip 2724 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 556 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2724 -ip 2724 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 552 | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wersvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: windowsperformancerecordercontrol.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: weretw.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: faultrep.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanagersvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: clipc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Eduhazqw4u.exe | Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 0_2_00409A6B |
Source: C:\Windows\SysWOW64\zuvmebno\irxigvn.exe | Code function: 12_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 12_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 20_2_02989A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 20_2_02989A6B |