Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
ReversingLabs: Detection: 18% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 86.3% probability |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: jC:\Users\Sleepy\Documents\coding\Roblox\registry-callbacks-master\UserMode\.pdb?? source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Source: |
Binary string: C:\Users\Sleepy\Documents\coding\Roblox\registry-callbacks-master\UserMode\.pdb source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
String found in binary or memory: https://www.dearimgui.com/faq/ |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
String found in binary or memory: https://www.dearimgui.com/faq/Set |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process Stats: CPU usage > 49% |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f |
Source: classification engine |
Classification label: mal56.winEXE@24/7@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:120:WilError_03 |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
ReversingLabs: Detection: 18% |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c bcdedit /set hypervisorlaunchtype off >NUL |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\bcdedit.exe bcdedit /set hypervisorlaunchtype off |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f > NUL |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c copy "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.71KernelMode.sys" "C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" > NUL |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" > NUL |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binpath=C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys>NUL |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binpath=C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc start sPdzrFj5MyJVEO29Rs0hjwD7Npia8S>NUL |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc start sPdzrFj5MyJVEO29Rs0hjwD7Npia8S |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c bcdedit /set hypervisorlaunchtype off >NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f > NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c copy "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.71KernelMode.sys" "C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" > NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" > NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binpath=C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys>NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc start sPdzrFj5MyJVEO29Rs0hjwD7Npia8S>NUL |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\bcdedit.exe bcdedit /set hypervisorlaunchtype off |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binpath=C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc start sPdzrFj5MyJVEO29Rs0hjwD7Npia8S |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: d3dcompiler_47.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: xinput1_4.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: inputhost.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\bcdedit.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: jC:\Users\Sleepy\Documents\coding\Roblox\registry-callbacks-master\UserMode\.pdb?? source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Source: |
Binary string: C:\Users\Sleepy\Documents\coding\Roblox\registry-callbacks-master\UserMode\.pdb source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c bcdedit /set hypervisorlaunchtype off >NUL |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\bcdedit.exe bcdedit /set hypervisorlaunchtype off |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c bcdedit /set hypervisorlaunchtype off >NUL |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\bcdedit.exe bcdedit /set hypervisorlaunchtype off |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Window / User API: threadDelayed 3048 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Window / User API: threadDelayed 509 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Window / User API: foregroundWindowGot 762 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Window / User API: foregroundWindowGot 757 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe TID: 7124 |
Thread sleep time: -30480s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c bcdedit /set hypervisorlaunchtype off >NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f > NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c copy "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.71KernelMode.sys" "C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" > NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" > NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binpath=C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys>NUL |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.602488.7106.22030.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c sc start sPdzrFj5MyJVEO29Rs0hjwD7Npia8S>NUL |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\bcdedit.exe bcdedit /set hypervisorlaunchtype off |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ValidateAdminCodeSignatures /t REG_DWORD /d 0 /f |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binPath="C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc create sPdzrFj5MyJVEO29Rs0hjwD7Npia8S type=kernel binpath=C:\Windows\System32\drivers\sPdzrFj5MyJVEO29Rs0hjwD7Npia8S.sys |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc start sPdzrFj5MyJVEO29Rs0hjwD7Npia8S |
Jump to behavior |