c78468e0c0080700cb378ddb67268ebaa0d5a036f192a70e604a5076682474f9

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-06-2022 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/esfctKdzg.exe
Size

172KB
MD5

2e6f05e8245b62297355f070a6f966df
SHA1

7461222b5d34eb2328c7d50a75956f9dc78c32a3
SHA256

f5c1bcee04671046761d44546a3e4a413049a42cd9067caa25e7640ab5867178
SHA512

44302f90666acbaaedc8c4a8481cc2fdc82da786514683d5c5664f5b6eda7ee4e415e2c4155b1e92f7d93d82ddd60d6f652e35332b5ce50eba84897c5202a899

Score

10^/10

evasion trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1088

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

esfctKdzg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" esfctKdzg.exe
Windows security bypass 2 TTPs 1 IoCs
evasion trojan

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

esfctKdzg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0" esfctKdzg.exe
Windows security modification 2 TTPs 1 IoCs
evasion trojan

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

esfctKdzg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0" esfctKdzg.exe
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

esfctKdzg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" esfctKdzg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	esfctKdzg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0"	esfctKdzg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0"	esfctKdzg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	esfctKdzg.exe

Program crash 50 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
5072	2036	WerFault.exe	iexplore.exe
1632	4240	WerFault.exe	iexplore.exe
3488	636	WerFault.exe	iexplore.exe
5040	228	WerFault.exe	iexplore.exe
3652	664	WerFault.exe	iexplore.exe
4900	3104	WerFault.exe	iexplore.exe
4700	2620	WerFault.exe	iexplore.exe
1680	800	WerFault.exe	iexplore.exe
4220	5028	WerFault.exe	iexplore.exe
4468	1512	WerFault.exe	iexplore.exe
2300	2248	WerFault.exe	iexplore.exe
1808	2368	WerFault.exe	iexplore.exe
2612	3064	WerFault.exe	iexplore.exe
1380	904	WerFault.exe	iexplore.exe
4596	2176	WerFault.exe	iexplore.exe
4728	4592	WerFault.exe	iexplore.exe
884	2520	WerFault.exe	iexplore.exe
4424	4948	WerFault.exe	iexplore.exe
3828	2580	WerFault.exe	iexplore.exe
4556	4260	WerFault.exe	iexplore.exe
4268	4384	WerFault.exe	iexplore.exe
4164	3108	WerFault.exe	iexplore.exe
1724	968	WerFault.exe	iexplore.exe
2224	4168	WerFault.exe	iexplore.exe
2088	3528	WerFault.exe	iexplore.exe
4660	3152	WerFault.exe	iexplore.exe
4404	5080	WerFault.exe	iexplore.exe
5036	4200	WerFault.exe	iexplore.exe
3896	1636	WerFault.exe	iexplore.exe
3264	1524	WerFault.exe	iexplore.exe
3032	4316	WerFault.exe	iexplore.exe
3952	3652	WerFault.exe	iexplore.exe
3840	4900	WerFault.exe	iexplore.exe
2648	2304	WerFault.exe	iexplore.exe
2728	4956	WerFault.exe	iexplore.exe
4712	2452	WerFault.exe	iexplore.exe
2356	4416	WerFault.exe	iexplore.exe
2196	4468	WerFault.exe	iexplore.exe
3132	3224	WerFault.exe	iexplore.exe
4472	3188	WerFault.exe	iexplore.exe
4432	4364	WerFault.exe	iexplore.exe
1380	4396	WerFault.exe	iexplore.exe
5104	2736	WerFault.exe	iexplore.exe
3084	4832	WerFault.exe	iexplore.exe
920	4916	WerFault.exe	iexplore.exe
5020	4548	WerFault.exe	iexplore.exe
3088	4780	WerFault.exe	iexplore.exe
4776	2212	WerFault.exe	iexplore.exe
4516	4344	WerFault.exe	iexplore.exe
2832	4256	WerFault.exe	iexplore.exe

Suspicious use of SetThreadContext 50 IoCs

Processes:

esfctKdzg.exe

description	pid	process	target process
PID 2104 set thread context of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 5028	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 1512	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2248	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2368	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3064	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 904	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2176	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4592	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2520	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4948	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2580	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4260	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4384	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3108	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 968	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4168	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3528	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3152	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 5080	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4200	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 1636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 1524	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4316	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3652	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4900	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2304	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4956	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2452	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4416	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4468	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3224	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 3188	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4364	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4396	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2736	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4832	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4916	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4548	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4780	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 2212	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4344	2104	esfctKdzg.exe	iexplore.exe
PID 2104 set thread context of 4256	2104	esfctKdzg.exe	iexplore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

esfctKdzg.exe

pid	process
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe
2104	esfctKdzg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

esfctKdzg.exe

pid process

2104 esfctKdzg.exe
Suspicious use of UnmapMainImage 5 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

4240 iexplore.exe
2176 iexplore.exe
4592 iexplore.exe
1524 iexplore.exe
4548 iexplore.exe

pid	process
4240	iexplore.exe
2176	iexplore.exe
4592	iexplore.exe
1524	iexplore.exe
4548	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

esfctKdzg.exe

description	pid	process	target process
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2036	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 4240	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 636	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 228	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 664	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 3104	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 2620	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe
PID 2104 wrote to memory of 800	2104	esfctKdzg.exe	iexplore.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

esfctKdzg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" esfctKdzg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	esfctKdzg.exe

C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
"C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe"
1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2104

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 12
3⤵
- Program crash
PID:5072

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
- Suspicious use of UnmapMainImage
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 12
3⤵
- Program crash
PID:1632

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 12
3⤵
- Program crash
PID:3488

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 12
3⤵
- Program crash
PID:5040

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 12
3⤵
- Program crash
PID:3652

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 12
3⤵
- Program crash
PID:4900

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 12
3⤵
- Program crash
PID:4700

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 12
3⤵
- Program crash
PID:1680

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 12
3⤵
- Program crash
PID:4220

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 12
3⤵
- Program crash
PID:4468

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 12
3⤵
- Program crash
PID:2300

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 12
3⤵
- Program crash
PID:1808

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 12
3⤵
- Program crash
PID:2612

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 12
3⤵
- Program crash
PID:1380

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
- Suspicious use of UnmapMainImage
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 12
3⤵
- Program crash
PID:4596

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
- Suspicious use of UnmapMainImage
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 12
3⤵
- Program crash
PID:4728

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 12
3⤵
- Program crash
PID:884

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 12
3⤵
- Program crash
PID:4424

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 12
3⤵
- Program crash
PID:3828

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 12
3⤵
- Program crash
PID:4556

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 12
3⤵
- Program crash
PID:4268

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 12
3⤵
- Program crash
PID:4164

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 12
3⤵
- Program crash
PID:1724

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 12
3⤵
- Program crash
PID:2224

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 12
3⤵
- Program crash
PID:2088

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 12
3⤵
- Program crash
PID:4660

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 12
3⤵
- Program crash
PID:4404

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 12
3⤵
- Program crash
PID:5036

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 12
3⤵
- Program crash
PID:3896

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
- Suspicious use of UnmapMainImage
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 12
3⤵
- Program crash
PID:3264

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 12
3⤵
- Program crash
PID:3032

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 12
3⤵
- Program crash
PID:3952

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 12
3⤵
- Program crash
PID:3840

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 12
3⤵
- Program crash
PID:2648

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 12
3⤵
- Program crash
PID:2728

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 12
3⤵
- Program crash
PID:4712

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 12
3⤵
- Program crash
PID:2356

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 12
3⤵
- Program crash
PID:2196

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 12
3⤵
- Program crash
PID:3132

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 12
3⤵
- Program crash
PID:4472

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 12
3⤵
- Program crash
PID:4432

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 12
3⤵
- Program crash
PID:1380

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 12
3⤵
- Program crash
PID:5104

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 12
3⤵
- Program crash
PID:3084

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 12
3⤵
- Program crash
PID:920

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
- Suspicious use of UnmapMainImage
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 12
3⤵
- Program crash
PID:5020

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 12
3⤵
- Program crash
PID:3088

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 12
3⤵
- Program crash
PID:4776

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 12
3⤵
- Program crash
PID:4516

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\esfctKdzg.exe
2⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 12
3⤵
- Program crash
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2036 -ip 2036
1⤵
PID:1352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4240 -ip 4240
1⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 636 -ip 636
1⤵
PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 228 -ip 228
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 664 -ip 664
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3104 -ip 3104
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2620 -ip 2620
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 800 -ip 800
1⤵
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5028 -ip 5028
1⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1512 -ip 1512
1⤵
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2248 -ip 2248
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2368 -ip 2368
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3064 -ip 3064
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 904 -ip 904
1⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2176 -ip 2176
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4592 -ip 4592
1⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2520 -ip 2520
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4948 -ip 4948
1⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2580 -ip 2580
1⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4260 -ip 4260
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4384 -ip 4384
1⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3108 -ip 3108
1⤵
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 968 -ip 968
1⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4168 -ip 4168
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3528 -ip 3528
1⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3152 -ip 3152
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5080 -ip 5080
1⤵
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4200 -ip 4200
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1636 -ip 1636
1⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1524 -ip 1524
1⤵
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4316 -ip 4316
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3652 -ip 3652
1⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4900 -ip 4900
1⤵
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2304 -ip 2304
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4956 -ip 4956
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2452 -ip 2452
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4416 -ip 4416
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4468 -ip 4468
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3224 -ip 3224
1⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3188 -ip 3188
1⤵
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4364 -ip 4364
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4396 -ip 4396
1⤵
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2736 -ip 2736
1⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4832 -ip 4832
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4916 -ip 4916
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4548 -ip 4548
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4780 -ip 4780
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2212 -ip 2212
1⤵
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4344 -ip 4344
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4256 -ip 4256
1⤵
PID:4388

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads