Source: Yara match |
File source: 5.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 8.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 8.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000007.00000002.3303353863.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000000.2085370840.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000000.2107191861.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.2120585281.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000008.00000002.3303350962.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.2112674274.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000008.00000000.2115401680.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.2113037984.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: amneziawg.exe PID: 2888, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: amneziawg.exe PID: 5972, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: amneziawg.exe PID: 7172, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: amneziawg.exe PID: 7236, type: MEMORYSTR |
Source: Yara match |
File source: C:\Program Files\AmneziaWG\amneziawg.exe, type: DROPPED |
Source: wintun.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: wintun.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: wintun.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: wintun.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: wintun.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: wintun.dll.2.dr |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: 5cf629.rbs.2.dr, MSIF83D.tmp.2.dr |
String found in binary or memory: https://amnezia.org/ |
Source: amneziawg.exe, 00000005.00000002.2117128652.000001BD54652000.00000004.00000020.00020000.00000000.sdmp, amneziawg.exe, 00000005.00000002.2114159941.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000006.00000002.2121487836.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000007.00000000.2113554513.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000008.00000002.3304166869.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe.2.dr |
String found in binary or memory: https://amnezia.org/D |
Source: amneziawg.exe, 00000005.00000000.2085370840.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000006.00000002.2120585281.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000007.00000002.3303353863.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000008.00000002.3303350962.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe.2.dr |
String found in binary or memory: https://amnezia.org/wireguard-log-%s.txtTaskbarButtonCreatedreflect.Value.IsZeroreflect.Value.SetInt |
Source: awg.exe.2.dr |
String found in binary or memory: https://git.zx2c4.com/wireguard-tools/ |
Source: amneziawg.exe, 00000005.00000002.2114586043.000000C00006F000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: amneziawg.exe, 00000005.00000002.2114586043.000000C00006F000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS2.23.140.1.4.1 |
Source: wintun.dll.2.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: wintun.dll.2.dr |
String found in binary or memory: https://www.wintun.net/ |
Source: wintun.dll.2.dr |
String found in binary or memory: https://www.wintun.net/D |
Source: awg.exe.2.dr |
String found in binary or memory: https://www.wireguard.com/D |
Source: 5.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 5.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 8.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 8.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Program Files\AmneziaWG\amneziawg.exe, type: DROPPED |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: srpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: tsappcmp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msihnd.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: pcacli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: tsappcmp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: srclient.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: spp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: vssapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: vsstrace.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: pcacli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |