Source: 0.3.bEsOrli29K.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.bEsOrli29K.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.bEsOrli29K.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.bEsOrli29K.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.3.pwdgvjcm.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.3.pwdgvjcm.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.bEsOrli29K.exe.540e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.bEsOrli29K.exe.540e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.pwdgvjcm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.pwdgvjcm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 19.2.svchost.exe.4c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 19.2.svchost.exe.4c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.pwdgvjcm.exe.5f0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.pwdgvjcm.exe.5f0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.pwdgvjcm.exe.5f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.pwdgvjcm.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.pwdgvjcm.exe.5f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.pwdgvjcm.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 19.2.svchost.exe.4c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 19.2.svchost.exe.4c0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.bEsOrli29K.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.bEsOrli29K.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 12.3.pwdgvjcm.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 12.3.pwdgvjcm.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.bEsOrli29K.exe.540e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.bEsOrli29K.exe.540e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.bEsOrli29K.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.bEsOrli29K.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000003.2140290785.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000003.2140290785.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000002.2281554914.0000000000623000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 00000000.00000002.2181457601.0000000000540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 00000000.00000002.2181457601.0000000000540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.2180995386.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.2180995386.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000003.2279300378.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000003.2279300378.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000002.2281478494.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 0000000C.00000002.2281478494.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000013.00000002.3293035872.00000000004C0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000013.00000002.3293035872.00000000004C0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000C.00000002.2281500674.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000002.2281500674.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000002.2181701002.000000000069A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 0000000C.00000002.2281311296.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000C.00000002.2281311296.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.bEsOrli29K.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.bEsOrli29K.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.bEsOrli29K.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.bEsOrli29K.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.3.pwdgvjcm.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.3.pwdgvjcm.exe.5f0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.bEsOrli29K.exe.540e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.bEsOrli29K.exe.540e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.pwdgvjcm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.pwdgvjcm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 19.2.svchost.exe.4c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 19.2.svchost.exe.4c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.pwdgvjcm.exe.5f0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.pwdgvjcm.exe.5f0000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.pwdgvjcm.exe.5f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.pwdgvjcm.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.pwdgvjcm.exe.5f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.pwdgvjcm.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 19.2.svchost.exe.4c0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 19.2.svchost.exe.4c0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.bEsOrli29K.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.bEsOrli29K.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.2.pwdgvjcm.exe.5d0e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 12.3.pwdgvjcm.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 12.3.pwdgvjcm.exe.5f0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.bEsOrli29K.exe.540e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.bEsOrli29K.exe.540e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.bEsOrli29K.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.bEsOrli29K.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000003.2140290785.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000003.2140290785.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000002.2281554914.0000000000623000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.2181457601.0000000000540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000000.00000002.2181457601.0000000000540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.2180995386.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.2180995386.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000003.2279300378.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000003.2279300378.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000002.2281478494.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 0000000C.00000002.2281478494.00000000005D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000013.00000002.3293035872.00000000004C0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000013.00000002.3293035872.00000000004C0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000C.00000002.2281500674.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000002.2281500674.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000002.2181701002.000000000069A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 0000000C.00000002.2281311296.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000C.00000002.2281311296.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 0_2_00409A6B |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Code function: 12_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 12_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 19_2_004C9A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 19_2_004C9A6B |
Source: unknown | Process created: C:\Users\user\Desktop\bEsOrli29K.exe "C:\Users\user\Desktop\bEsOrli29K.exe" | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\edgikboy\ | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\pwdgvjcm.exe" C:\Windows\SysWOW64\edgikboy\ | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create edgikboy binPath= "C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe /d\"C:\Users\user\Desktop\bEsOrli29K.exe\"" type= own start= auto DisplayName= "wifi support" | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description edgikboy "wifi internet conection" | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start edgikboy | |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe /d"C:\Users\user\Desktop\bEsOrli29K.exe" | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul | |
Source: C:\Windows\SysWOW64\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5344 -ip 5344 | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 1032 | |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5496 -ip 5496 | |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 392 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager | |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\edgikboy\ | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\pwdgvjcm.exe" C:\Windows\SysWOW64\edgikboy\ | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create edgikboy binPath= "C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe /d\"C:\Users\user\Desktop\bEsOrli29K.exe\"" type= own start= auto DisplayName= "wifi support" | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description edgikboy "wifi internet conection" | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start edgikboy | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5344 -ip 5344 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 1032 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5496 -ip 5496 | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 392 | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wersvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: windowsperformancerecordercontrol.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: weretw.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: faultrep.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanagersvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: clipc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\bEsOrli29K.exe | Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 0_2_00409A6B |
Source: C:\Windows\SysWOW64\edgikboy\pwdgvjcm.exe | Code function: 12_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 12_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 19_2_004C9A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, | 19_2_004C9A6B |