Source: explorer.exe, 00000001.00000000.1779684746.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1777426774.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: explorer.exe, 00000001.00000000.1779684746.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1777426774.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: explorer.exe, 00000001.00000000.1779684746.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1777426774.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: explorer.exe, 00000001.00000000.1779684746.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1777426774.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: explorer.exe, 00000001.00000000.1777426774.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
Source: explorer.exe, 00000001.00000000.1778417663.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1780694925.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1778954174.0000000008720000.00000002.00000001.00040000.00000000.sdmp |
String found in binary or memory: http://schemas.micro |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C964000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.autoitscript.com/autoit3/J |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C893000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe |
Source: explorer.exe, 00000001.00000000.1777426774.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/Vh5j3k |
Source: explorer.exe, 00000001.00000000.1777426774.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/odirmr |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://android.notify.windows.com/iOS |
Source: explorer.exe, 00000001.00000000.1779684746.00000000097D4000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/ |
Source: explorer.exe, 00000001.00000000.1779684746.00000000097D4000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/q |
Source: explorer.exe, 00000001.00000000.1775685561.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1776398835.0000000003700000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: explorer.exe, 00000001.00000000.1779684746.00000000096DF000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?& |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1779684746.00000000097D4000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows? |
Source: explorer.exe, 00000001.00000000.1779684746.00000000096DF000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://arc.msn.comi |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark |
Source: explorer.exe, 00000001.00000000.1777426774.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu |
Source: explorer.exe, 00000001.00000000.1777426774.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://excel.office.com |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img |
Source: explorer.exe, 00000001.00000000.1777426774.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img |
Source: explorer.exe, 0000000C.00000002.2734650053.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2734650053.0000000003446000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2734650053.000000000345A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ninjahallnews.com/ |
Source: explorer.exe, 0000000C.00000002.2734650053.0000000003446000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ninjahallnews.com/application/x-www-form-urlencodedMozilla/5.0 |
Source: explorer.exe, 0000000C.00000002.2734650053.00000000033D0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ninjahallnews.com/earch.php |
Source: explorer.exe, 0000000C.00000002.2734650053.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2734650053.0000000003446000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.2671360392.0000000000828000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4175889505.0000000002E77000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.4175623064.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.4175797278.00000000032F7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.4174637350.0000000000F18000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ninjahallnews.com/search.php |
Source: explorer.exe, 0000000C.00000002.2734650053.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.2671360392.0000000000828000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4175889505.0000000002E77000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.4175623064.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.4175797278.00000000032F7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.4174637350.0000000000F18000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ninjahallnews.com/search.phpMozilla/5.0 |
Source: explorer.exe, 0000000C.00000002.2734650053.00000000033D0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ninjahallnews.com:443/search.phpge |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://outlook.com_ |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://powerpoint.office.comcember |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/ |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C557000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://wns.windows.com/L |
Source: explorer.exe, 00000001.00000000.1783714743.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://word.office.com |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: explorer.exe, 0000000C.00000003.2706066309.0000000003441000.00000004.00000020.00020000.00000000.sdmp, DF4B.tmp.12.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1 |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1777426774.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re- |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow- |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar |
Source: explorer.exe, 00000001.00000000.1777426774.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com:443/en-us/feed |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/ |
Source: explorer.exe, 00000001.00000000.1777426774.0000000007900000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00401514 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401514 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00402F97 RtlCreateUserThread,NtTerminateProcess, |
0_2_00402F97 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00401542 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401542 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00403247 NtTerminateProcess,GetModuleHandleA, |
0_2_00403247 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00401549 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401549 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_0040324F NtTerminateProcess,GetModuleHandleA, |
0_2_0040324F |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00403256 NtTerminateProcess,GetModuleHandleA, |
0_2_00403256 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00401557 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401557 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_0040326C NtTerminateProcess,GetModuleHandleA, |
0_2_0040326C |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00403277 NtTerminateProcess,GetModuleHandleA, |
0_2_00403277 |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_004014FE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_004014FE |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Code function: 0_2_00403290 NtTerminateProcess,GetModuleHandleA, |
0_2_00403290 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00401514 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401514 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00402F97 RtlCreateUserThread,NtTerminateProcess, |
5_2_00402F97 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00401542 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401542 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00403247 NtTerminateProcess,GetModuleHandleA, |
5_2_00403247 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00401549 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401549 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_0040324F NtTerminateProcess,GetModuleHandleA, |
5_2_0040324F |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00403256 NtTerminateProcess,GetModuleHandleA, |
5_2_00403256 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00401557 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401557 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_0040326C NtTerminateProcess,GetModuleHandleA, |
5_2_0040326C |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00403277 NtTerminateProcess,GetModuleHandleA, |
5_2_00403277 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_004014FE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_004014FE |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 5_2_00403290 NtTerminateProcess,GetModuleHandleA, |
5_2_00403290 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00401514 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
6_2_00401514 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00402F97 RtlCreateUserThread,NtTerminateProcess, |
6_2_00402F97 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00401542 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
6_2_00401542 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00403247 NtTerminateProcess,GetModuleHandleA, |
6_2_00403247 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00401549 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
6_2_00401549 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_0040324F NtTerminateProcess,GetModuleHandleA, |
6_2_0040324F |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00403256 NtTerminateProcess,GetModuleHandleA, |
6_2_00403256 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00401557 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
6_2_00401557 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_0040326C NtTerminateProcess,GetModuleHandleA, |
6_2_0040326C |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00403277 NtTerminateProcess,GetModuleHandleA, |
6_2_00403277 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_004032C7 CreateFileW,GetForegroundWindow,NtMapViewOfSection,NtDuplicateObject,NtQuerySystemInformation,NtOpenKey,strstr,wcsstr,tolower,towlower, |
6_2_004032C7 |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_004014FE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
6_2_004014FE |
Source: C:\Users\user\AppData\Roaming\derhswe |
Code function: 6_2_00403290 NtTerminateProcess,GetModuleHandleA, |
6_2_00403290 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_00403103 RtlCreateUserThread,NtTerminateProcess, |
7_2_00403103 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_004014FB LocalAlloc,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
7_2_004014FB |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_00401641 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
7_2_00401641 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_00403257 RtlCreateUserThread,NtTerminateProcess, |
7_2_00403257 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_00401606 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
7_2_00401606 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_00401613 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
7_2_00401613 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_00401627 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
7_2_00401627 |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Code function: 7_2_004015FB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
7_2_004015FB |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 12_2_030F4B92 RtlMoveMemory,NtUnmapViewOfSection, |
12_2_030F4B92 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 12_2_030F33C3 NtQueryInformationFile, |
12_2_030F33C3 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 12_2_030F342B NtQueryObject,NtQueryObject,RtlMoveMemory, |
12_2_030F342B |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 12_2_030F349B CreateFileW,OpenProcess,NtQueryInformationProcess,NtQueryInformationProcess,NtQueryInformationProcess,GetCurrentProcess,DuplicateHandle,lstrcmpiW,NtQueryObject,StrRChrW,StrRChrW,lstrcmpiW,GetFileSize,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,CloseHandle,CloseHandle,CloseHandle, |
12_2_030F349B |
Source: C:\Windows\explorer.exe |
Code function: 13_2_003C38B0 NtUnmapViewOfSection, |
13_2_003C38B0 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 14_2_00581016 RtlMoveMemory,RtlMoveMemory,NtUnmapViewOfSection,GetCurrentProcessId,lstrcmpiA,CreateToolhelp32Snapshot,Process32First,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,Process32Next,CloseHandle,Sleep, |
14_2_00581016 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 14_2_00581819 lstrcmpiA,OpenProcess,NtSetInformationProcess,CloseHandle,NtUnmapViewOfSection,NtUnmapViewOfSection,RtlMoveMemory,RtlMoveMemory,RtlMoveMemory,NtUnmapViewOfSection,CloseHandle,CreateMutexA,GetLastError,CloseHandle,Sleep,GetModuleHandleA,GetProcAddress,ReadProcessMemory,WriteProcessMemory,CreateRemoteThread,CloseHandle,Sleep,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, |
14_2_00581819 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 14_2_00581A80 NtCreateSection,NtMapViewOfSection, |
14_2_00581A80 |
Source: C:\Windows\explorer.exe |
Code function: 17_2_0082355C NtUnmapViewOfSection, |
17_2_0082355C |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 19_2_02F21016 RtlMoveMemory,RtlMoveMemory,NtUnmapViewOfSection,GetCurrentProcessId,wsprintfA,RtlMoveMemory,CreateToolhelp32Snapshot,Process32First,CharLowerA,lstrcmpiA,lstrcmpiA,Process32Next,CloseHandle,Sleep, |
19_2_02F21016 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 19_2_02F218BF OpenProcess,NtSetInformationProcess,CloseHandle,NtUnmapViewOfSection,NtUnmapViewOfSection,RtlMoveMemory,RtlMoveMemory,RtlMoveMemory,NtUnmapViewOfSection,CloseHandle,CreateMutexA,GetLastError,CloseHandle,Sleep,GetModuleHandleA,GetProcAddress,ReadProcessMemory,WriteProcessMemory,CreateRemoteThread,CloseHandle,Sleep,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, |
19_2_02F218BF |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 19_2_02F21B26 NtCreateSection,NtMapViewOfSection, |
19_2_02F21B26 |
Source: C:\Windows\explorer.exe |
Code function: 20_2_00EE370C NtUnmapViewOfSection, |
20_2_00EE370C |
Source: 00000005.00000002.2045303884.000000000050C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000007.00000002.2263785204.0000000000710000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000008.00000002.2520233894.000000000073D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.1799052498.0000000000520000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000005.00000002.2045484809.0000000001FE1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000006.00000002.2106411331.0000000000520000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000006.00000002.2106596720.000000000073F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.1799134235.0000000000540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000005.00000002.2045012210.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000006.00000002.2106729164.0000000002101000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000008.00000002.2520412148.00000000020D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000006.00000002.2106441385.0000000000530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000000.00000002.1799360788.00000000005AD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000007.00000002.2264170490.00000000020E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000008.00000002.2519523064.0000000000700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000007.00000002.2263700057.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000005.00000002.2045088261.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000000.00000002.1799202066.0000000000561000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000007.00000002.2264057033.000000000075D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000008.00000002.2520072402.0000000000710000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: unknown |
Process created: C:\Users\user\Desktop\bCnarg2O62.exe "C:\Users\user\Desktop\bCnarg2O62.exe" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\derhswe C:\Users\user\AppData\Roaming\derhswe |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\derhswe C:\Users\user\AppData\Roaming\derhswe |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Users\user\AppData\Local\Temp\1D0F.exe C:\Users\user\AppData\Local\Temp\1D0F.exe |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\jfrhswe C:\Users\user\AppData\Roaming\jfrhswe |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Users\user\AppData\Local\Temp\9245.exe C:\Users\user\AppData\Local\Temp\9245.exe |
|
Source: unknown |
Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
|
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Process created: C:\Windows\System32\cmd.exe cmd |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /format:csv |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get displayName /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Processor Get Name,DeviceID,NumberOfCores /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Product Get Name,Version /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_NetworkAdapter Where PhysicalAdapter=TRUE Get Name,MACAddress,ProductName,ServiceName,NetConnectionID /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_StartupCommand Get Name,Location,Command /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_OperatingSystem Get Caption,CSDVersion,BuildNumber,Version,BuildType,CountryCode,CurrentTimeZone,InstallDate,LastBootUpTime,Locale,OSArchitecture,OSLanguage,OSProductSuite,OSType,SystemDirectory,Organization,RegisteredUser,SerialNumber /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Process Get Caption,CommandLine,ExecutablePath,ProcessId /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Volume Get Name,Label,FileSystem,SerialNumber,BootVolume,Capacity,DriveType /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_UserAccount Get Name,Domain,AccountType,LocalAccount,Disabled,Status,SID /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_GroupUser Get GroupComponent,PartComponent /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_ComputerSystem Get Caption,Manufacturer,PrimaryOwnerName,UserName,Workgroup /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_PnPEntity Where ClassGuid="{50dd5230-ba8a-11d1-bf5d-0000f805f530}" Get Name,DeviceID,PNPDeviceID,Manufacturer,Description /format:csv |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ipconfig.exe ipconfig /displaydns |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ROUTE.EXE route print |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\netsh.exe netsh firewall show state |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist /v /fo csv |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Users\user\AppData\Local\Temp\1D0F.exe C:\Users\user\AppData\Local\Temp\1D0F.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Users\user\AppData\Local\Temp\9245.exe C:\Users\user\AppData\Local\Temp\9245.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Process created: C:\Windows\System32\cmd.exe cmd |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get displayName /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Processor Get Name,DeviceID,NumberOfCores /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Product Get Name,Version /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_NetworkAdapter Where PhysicalAdapter=TRUE Get Name,MACAddress,ProductName,ServiceName,NetConnectionID /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_StartupCommand Get Name,Location,Command /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_OperatingSystem Get Caption,CSDVersion,BuildNumber,Version,BuildType,CountryCode,CurrentTimeZone,InstallDate,LastBootUpTime,Locale,OSArchitecture,OSLanguage,OSProductSuite,OSType,SystemDirectory,Organization,RegisteredUser,SerialNumber /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Process Get Caption,CommandLine,ExecutablePath,ProcessId /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_Volume Get Name,Label,FileSystem,SerialNumber,BootVolume,Capacity,DriveType /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_UserAccount Get Name,Domain,AccountType,LocalAccount,Disabled,Status,SID /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_GroupUser Get GroupComponent,PartComponent /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_ComputerSystem Get Caption,Manufacturer,PrimaryOwnerName,UserName,Workgroup /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\cimv2 Path Win32_PnPEntity Where ClassGuid="{50dd5230-ba8a-11d1-bf5d-0000f805f530}" Get Name,DeviceID,PNPDeviceID,Manufacturer,Description /format:csv |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ipconfig.exe ipconfig /displaydns |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ROUTE.EXE route print |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\netsh.exe netsh firewall show state |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist /v /fo csv |
Jump to behavior |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bCnarg2O62.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\derhswe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1D0F.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\jfrhswe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\jfrhswe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\jfrhswe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\jfrhswe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: winscard.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: cryptnet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\9245.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: winbrand.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: winhttp.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: aepic.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: powrprof.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: dxgi.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: coremessaging.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: wtsapi32.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: dwmapi.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.appcore.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: umpdc.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Windows\explorer.exe |
Section loaded: winhttp.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: dhcpcsvc.dll |
|
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: dhcpcsvc6.dll |
|
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: dhcpcsvc6.dll |
|
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: dhcpcsvc.dll |
|
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: dnsapi.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: ifmon.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: mprapi.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: rasmontr.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: rasapi32.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: rasman.dll |
|