Source: svchost.exe, 00000013.00000002.2876220211.000001AB38284000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.ver) |
Source: svchost.exe, 00000013.00000002.2876369214.000001AB382F3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://edgedl.me.gvt1.com/ |
Source: svchost.exe, 00000013.00000003.1671389346.000001AB38418000.00000004.00000800.00020000.00000000.sdmp, edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: edb.log.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5 |
Source: qmgr.db.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: svchost.exe, 00000013.00000003.1671389346.000001AB38418000.00000004.00000800.00020000.00000000.sdmp, edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: svchost.exe, 00000013.00000003.1671389346.000001AB38418000.00000004.00000800.00020000.00000000.sdmp, edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: svchost.exe, 00000013.00000003.1671389346.000001AB3844D000.00000004.00000800.00020000.00000000.sdmp, edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: svchost.exe, 00000013.00000002.2876220211.000001AB38261000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000013.00000002.2876300694.000001AB382D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000013.00000002.2875660734.000001AB33502000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000013.00000002.2876079309.000001AB3820F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000013.00000003.2293597228.000001AB38142000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000013.00000002.2876138784.000001AB3822C000.00000004.00000020.00020000.00000000.sdmp, edb.log.19.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/hhbs2fc5gftn5wsvpbv6ueh5wy_2024.4.30.0/go |
Source: svchost.exe, 00000013.00000002.2876300694.000001AB382BF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://edgedl.me.gvt1.com:80 |
Source: qmgr.db.19.dr |
String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: chromecache_60.20.dr |
String found in binary or memory: http://www.broofa.com |
Source: chromecache_72.20.dr |
String found in binary or memory: https://accounts.google.com/o/oauth2/auth |
Source: chromecache_72.20.dr |
String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay |
Source: chromecache_60.20.dr, chromecache_72.20.dr |
String found in binary or memory: https://apis.google.com |
Source: chromecache_59.20.dr |
String found in binary or memory: https://apis.google.com/js/api.js |
Source: chromecache_72.20.dr |
String found in binary or memory: https://clients6.google.com |
Source: chromecache_72.20.dr |
String found in binary or memory: https://content.googleapis.com |
Source: chromecache_72.20.dr |
String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/ |
Source: chromecache_72.20.dr |
String found in binary or memory: https://domains.google.com/suggest/flow |
Source: chromecache_60.20.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3 |
Source: chromecache_60.20.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3 |
Source: chromecache_60.20.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2 |
Source: chromecache_60.20.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2 |
Source: edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6 |
Source: edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: https://g.live.com/odclientsettings/Prod.C: |
Source: edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV2 |
Source: edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: edb.log.19.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96 |
Source: chromecache_75.20.dr |
String found in binary or memory: https://ogs.google.com/ |
Source: chromecache_75.20.dr |
String found in binary or memory: https://ogs.google.com/widget/app/so |
Source: edb.log.19.dr, qmgr.db.19.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe |
Source: edb.log.19.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C: |
Source: chromecache_60.20.dr |
String found in binary or memory: https://play.google.com/log?format=json&hasfast=true |
Source: chromecache_72.20.dr |
String found in binary or memory: https://plus.google.com |
Source: chromecache_72.20.dr |
String found in binary or memory: https://plus.googleapis.com |
Source: chromecache_75.20.dr |
String found in binary or memory: https://ssl.gstatic.com |
Source: chromecache_59.20.dr |
String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url= |
Source: chromecache_72.20.dr |
String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1 |
Source: chromecache_59.20.dr |
String found in binary or memory: https://www.google.com/log?format=json&hasfast=true |
Source: chromecache_72.20.dr |
String found in binary or memory: https://www.googleapis.com/auth/plus.me |
Source: chromecache_72.20.dr |
String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended |
Source: chromecache_75.20.dr |
String found in binary or memory: https://www.gstatic.com |
Source: chromecache_75.20.dr |
String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g. |
Source: chromecache_60.20.dr |
String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html |
Source: chromecache_60.20.dr |
String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css |
Source: chromecache_60.20.dr |
String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css |
Source: 11.2.pspizbvl.exe.2310e67.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.pspizbvl.exe.2310e67.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.OgcktrbHkI.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.OgcktrbHkI.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.pspizbvl.exe.2490000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.pspizbvl.exe.2490000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.3.pspizbvl.exe.2330000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.3.pspizbvl.exe.2330000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 13.2.svchost.exe.cd0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 13.2.svchost.exe.cd0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 13.2.svchost.exe.cd0000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 13.2.svchost.exe.cd0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.pspizbvl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.pspizbvl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.pspizbvl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.pspizbvl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.OgcktrbHkI.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.OgcktrbHkI.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.pspizbvl.exe.2490000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.pspizbvl.exe.2490000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.3.pspizbvl.exe.2330000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.3.pspizbvl.exe.2330000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.pspizbvl.exe.2310e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.pspizbvl.exe.2310e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000D.00000002.2873883444.0000000000CD0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000D.00000002.2873883444.0000000000CD0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000002.1671898553.0000000001C1B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 0000000B.00000002.1671546746.0000000002490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.1671546746.0000000002490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000B.00000002.1671439613.0000000002310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 0000000B.00000002.1671439613.0000000002310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.1671238466.0000000001B45000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 00000000.00000002.1671514496.0000000001BA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 00000000.00000002.1671514496.0000000001BA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.1670084259.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.1670084259.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000003.1608000419.0000000001BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000003.1608000419.0000000001BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000B.00000003.1653423380.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000003.1653423380.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000B.00000002.1669986854.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.1669986854.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.pspizbvl.exe.2310e67.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.pspizbvl.exe.2310e67.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.OgcktrbHkI.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.OgcktrbHkI.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.pspizbvl.exe.2490000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.pspizbvl.exe.2490000.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.3.pspizbvl.exe.2330000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.3.pspizbvl.exe.2330000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 13.2.svchost.exe.cd0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 13.2.svchost.exe.cd0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 13.2.svchost.exe.cd0000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 13.2.svchost.exe.cd0000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.pspizbvl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.pspizbvl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.OgcktrbHkI.exe.1ba0e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.pspizbvl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.pspizbvl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.OgcktrbHkI.exe.1bc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.OgcktrbHkI.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.OgcktrbHkI.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.pspizbvl.exe.2490000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.pspizbvl.exe.2490000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.3.pspizbvl.exe.2330000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.3.pspizbvl.exe.2330000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.pspizbvl.exe.2310e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.pspizbvl.exe.2310e67.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000D.00000002.2873883444.0000000000CD0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000D.00000002.2873883444.0000000000CD0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000002.1671898553.0000000001C1B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 0000000B.00000002.1671546746.0000000002490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.1671546746.0000000002490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000B.00000002.1671439613.0000000002310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 0000000B.00000002.1671439613.0000000002310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.1671238466.0000000001B45000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.1671514496.0000000001BA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000000.00000002.1671514496.0000000001BA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.1670084259.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.1670084259.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000003.1608000419.0000000001BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000003.1608000419.0000000001BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000B.00000003.1653423380.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000003.1653423380.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000B.00000002.1669986854.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.1669986854.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
0_2_00409A6B |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Code function: 11_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
11_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 13_2_00CD9A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
13_2_00CD9A6B |
Source: unknown |
Process created: C:\Users\user\Desktop\OgcktrbHkI.exe "C:\Users\user\Desktop\OgcktrbHkI.exe" |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\kofydeki\ |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\pspizbvl.exe" C:\Windows\SysWOW64\kofydeki\ |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create kofydeki binPath= "C:\Windows\SysWOW64\kofydeki\pspizbvl.exe /d\"C:\Users\user\Desktop\OgcktrbHkI.exe\"" type= own start= auto DisplayName= "wifi support" |
|
Source: C:\Windows\SysWOW64\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description kofydeki "wifi internet conection" |
|
Source: C:\Windows\SysWOW64\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start kofydeki |
|
Source: C:\Windows\SysWOW64\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe C:\Windows\SysWOW64\kofydeki\pspizbvl.exe /d"C:\Users\user\Desktop\OgcktrbHkI.exe" |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// |
|
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup |
|
Source: C:\Windows\SysWOW64\netsh.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3156 -ip 3156 |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6672 -ip 6672 |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1976,i,15118944360220751254,1504055466682295701,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 544 |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 648 |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager |
|
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\kofydeki\ |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\pspizbvl.exe" C:\Windows\SysWOW64\kofydeki\ |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" create kofydeki binPath= "C:\Windows\SysWOW64\kofydeki\pspizbvl.exe /d\"C:\Users\user\Desktop\OgcktrbHkI.exe\"" type= own start= auto DisplayName= "wifi support" |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" description kofydeki "wifi internet conection" |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start kofydeki |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1976,i,15118944360220751254,1504055466682295701,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6672 -ip 6672 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3156 -ip 3156 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 544 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 648 |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ifmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasmontr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: authfwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpolicyiomgr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcmonitor.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3cfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3api.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: onex.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappprxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: hnetmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netshell.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netsetupapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netiohlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: httpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: polstore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshwfp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2pnetsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2p.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rpcnsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: whhelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlancfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wshelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: peerdistsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wcmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprmsg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wersvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: windowsperformancerecordercontrol.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: weretw.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: qmgr.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: bitsperf.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: esent.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: flightsettings.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: netprofm.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: npmproxy.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: bitsigd.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: upnp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ssdpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: appxdeploymentclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wsmauto.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wsmsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: pcwum.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msv1_0.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ntlmshared.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptdll.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: usermgrcli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: execmodelclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: execmodelproxy.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: vssapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: vsstrace.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: samlib.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: es.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: bitsproxy.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: licensemanagersvc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: licensemanager.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: clipc.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\svchost.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\OgcktrbHkI.exe |
Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
0_2_00409A6B |
Source: C:\Windows\SysWOW64\kofydeki\pspizbvl.exe |
Code function: 11_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
11_2_00409A6B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 13_2_00CD9A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
13_2_00CD9A6B |