Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:49730 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:49730 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:49730 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:49737 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:49737 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:49737 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62554 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62554 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62554 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62549 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62549 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62562 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62549 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62556 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62556 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62556 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62562 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62562 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62561 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62561 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62561 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62555 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62555 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62547 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62547 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62555 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62547 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62559 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62559 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62559 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62551 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62551 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62543 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62551 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62543 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62548 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62548 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62543 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62548 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62537 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62537 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62537 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2013214 - Severity 1 - ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server : 192.168.2.4:62560 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2016922 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic : 192.168.2.4:62560 -> 115.230.124.27:9026 |
Source: Network traffic |
Suricata IDS: 2021716 - Severity 1 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 : 192.168.2.4:62560 -> 115.230.124.27:9026 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 115.230.124.27 |
Source: 6q0LW5Szsb.dll, type: SAMPLE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services |
Source: dump.pcap, type: PCAP |
Matched rule: gh0st author = https://github.com/jackcr/ |
Source: 7.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE |
Matched rule: GhostDragon_Gh0stRAT date = 2016-04-23, hash4 = b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5, hash3 = 6c7f8ba75889e0021c4616fcbee86ac06cd7f5e1e355e0cbfbbb5110c08bb6df, hash2 = 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2, hash1 = f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197, author = Florian Roth, description = Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report, reference = https://blog.cylance.com/the-ghost-dragon, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 28.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE |
Matched rule: GhostDragon_Gh0stRAT date = 2016-04-23, hash4 = b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5, hash3 = 6c7f8ba75889e0021c4616fcbee86ac06cd7f5e1e355e0cbfbbb5110c08bb6df, hash2 = 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2, hash1 = f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197, author = Florian Roth, description = Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report, reference = https://blog.cylance.com/the-ghost-dragon, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 13.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE |
Matched rule: GhostDragon_Gh0stRAT date = 2016-04-23, hash4 = b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5, hash3 = 6c7f8ba75889e0021c4616fcbee86ac06cd7f5e1e355e0cbfbbb5110c08bb6df, hash2 = 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2, hash1 = f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197, author = Florian Roth, description = Detects Gh0st RAT mentioned in Cylance\' Ghost Dragon Report, reference = https://blog.cylance.com/the-ghost-dragon, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 28.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services |
Source: 13.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services |
Source: 7.2.rundll32.exe.10000000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services |
Source: 0000001C.00000002.2925657952.0000000003E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: gh0st author = https://github.com/jackcr/ |
Source: 0000001C.00000003.2821969948.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: gh0st author = https://github.com/jackcr/ |
Source: 0000001C.00000003.2719359677.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: gh0st author = https://github.com/jackcr/ |
Source: C:\Program Files (x86)\Iefg\Nefghijkl.pic, type: DROPPED |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,CanUnloadNow |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",#1 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k imgsvc |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,DarkAngle |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6572 -ip 6572 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 720 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,GetClassObject |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",CanUnloadNow |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",DarkAngle |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",GetClassObject |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",UnregisterServer |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",RegisterServer |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5856 -ip 5856 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 724 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3228 -ip 3228 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1712 -ip 1712 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k imgsvc |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,CanUnloadNow |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,DarkAngle |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,GetClassObject |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",CanUnloadNow |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",DarkAngle |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k imgsvc |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",UnregisterServer |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",RegisterServer |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6572 -ip 6572 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 720 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5856 -ip 5856 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 724 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3228 -ip 3228 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1712 -ip 1712 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: msvcp60.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wersvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: windowsperformancerecordercontrol.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: weretw.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: msvcp60.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.10.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.10.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.10.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.10.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.10.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.10.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: svchost.exe, 0000001C.00000002.2925161438.0000000003212000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.10.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.10.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.10.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.10.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.10.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: rundll32.exe, rundll32.exe, 00000007.00000002.2012377877.000000001001E000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.2000337667.000000001001E000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001C.00000002.2926026622.000000001001E000.00000004.00000001.01000000.00000004.sdmp, Nefghijkl.pic.3.dr |
Binary or memory string: kxetray.exe |
Source: rundll32.exe, rundll32.exe, 00000007.00000002.2012377877.000000001001E000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.2000337667.000000001001E000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001C.00000002.2926026622.000000001001E000.00000004.00000001.01000000.00000004.sdmp, Nefghijkl.pic.3.dr |
Binary or memory string: KSafeTray.exe |
Source: rundll32.exe, rundll32.exe, 00000007.00000002.2012377877.000000001001E000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.2000337667.000000001001E000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001C.00000002.2926026622.000000001001E000.00000004.00000001.01000000.00000004.sdmp, Nefghijkl.pic.3.dr |
Binary or memory string: avp.exe |
Source: Amcache.hve.10.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.10.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.10.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: rundll32.exe, rundll32.exe, 00000007.00000002.2012377877.000000001001E000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.2000337667.000000001001E000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001C.00000002.2926026622.000000001001E000.00000004.00000001.01000000.00000004.sdmp, Nefghijkl.pic.3.dr |
Binary or memory string: 360tray.exe |
Source: rundll32.exe, rundll32.exe, 00000007.00000002.2012377877.000000001001E000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.2000337667.000000001001E000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001C.00000002.2926026622.000000001001E000.00000004.00000001.01000000.00000004.sdmp, Nefghijkl.pic.3.dr |
Binary or memory string: avgnt.exe |
Source: rundll32.exe, rundll32.exe, 00000007.00000002.2012377877.000000001001E000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.2000337667.000000001001E000.00000004.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001C.00000002.2926026622.000000001001E000.00000004.00000001.01000000.00000004.sdmp, Nefghijkl.pic.3.dr |
Binary or memory string: RavMonD.exe |
Source: Amcache.hve.10.dr |
Binary or memory string: MsMpEng.exe |