Source: Yara match | File source: 5.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 7.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 7.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000007.00000002.3303353863.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000000.2085370840.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000000.2107191861.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.2120585281.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.3303350962.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000007.00000000.2112674274.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000000.2115401680.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.2113037984.0000000000412000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: amneziawg.exe PID: 2888, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: amneziawg.exe PID: 5972, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: amneziawg.exe PID: 7172, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: amneziawg.exe PID: 7236, type: MEMORYSTR |
Source: Yara match | File source: C:\Program Files\AmneziaWG\amneziawg.exe, type: DROPPED |
Source: wintun.dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: wintun.dll.2.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0# |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: wintun.dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0H |
Source: wintun.dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0I |
Source: wintun.dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0O |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: wintun.dll.2.dr | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: 5cf629.rbs.2.dr, MSIF83D.tmp.2.dr | String found in binary or memory: https://amnezia.org/ |
Source: amneziawg.exe, 00000005.00000002.2117128652.000001BD54652000.00000004.00000020.00020000.00000000.sdmp, amneziawg.exe, 00000005.00000002.2114159941.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000006.00000002.2121487836.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000007.00000000.2113554513.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000008.00000002.3304166869.00000000008C8000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe.2.dr | String found in binary or memory: https://amnezia.org/D |
Source: amneziawg.exe, 00000005.00000000.2085370840.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000006.00000002.2120585281.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000007.00000002.3303353863.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe, 00000008.00000002.3303350962.0000000000412000.00000002.00000001.01000000.00000003.sdmp, amneziawg.exe.2.dr | String found in binary or memory: https://amnezia.org/wireguard-log-%s.txtTaskbarButtonCreatedreflect.Value.IsZeroreflect.Value.SetInt |
Source: awg.exe.2.dr | String found in binary or memory: https://git.zx2c4.com/wireguard-tools/ |
Source: amneziawg.exe, 00000005.00000002.2114586043.000000C00006F000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com/CPS |
Source: amneziawg-amd64-1.0.0.msi, MSIFF35.tmp.2.dr, MSIF83E.tmp.2.dr, awg.exe.2.dr, MSIFEE6.tmp.2.dr, amneziawg.exe.2.dr, MSIFF55.tmp.2.dr, MSIF78F.tmp.2.dr, 5cf62a.msi.2.dr, 5cf628.msi.2.dr, MSIF83D.tmp.2.dr, MSIF7DE.tmp.2.dr | String found in binary or memory: https://sectigo.com/CPS0 |
Source: amneziawg.exe, 00000005.00000002.2114586043.000000C00006F000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com/CPS2.23.140.1.4.1 |
Source: wintun.dll.2.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: wintun.dll.2.dr | String found in binary or memory: https://www.wintun.net/ |
Source: wintun.dll.2.dr | String found in binary or memory: https://www.wintun.net/D |
Source: awg.exe.2.dr | String found in binary or memory: https://www.wireguard.com/D |
Source: 5.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 5.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 8.0.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 8.2.amneziawg.exe.120000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Program Files\AmneziaWG\amneziawg.exe, type: DROPPED | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: srpapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: tsappcmp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msihnd.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: pcacli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: tsappcmp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: srclient.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: spp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: vssapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: vsstrace.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: pcacli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: linkinfo.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: ntshrui.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: cscapi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\AmneziaWG\amneziawg.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |