c78468e0c0080700cb378ddb67268ebaa0d5a036f192a70e604a5076682474f9

Analysis

max time kernel
148s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-06-2022 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/IoJbxlqcb.exe
Size

172KB
MD5

2e6f05e8245b62297355f070a6f966df
SHA1

7461222b5d34eb2328c7d50a75956f9dc78c32a3
SHA256

f5c1bcee04671046761d44546a3e4a413049a42cd9067caa25e7640ab5867178
SHA512

44302f90666acbaaedc8c4a8481cc2fdc82da786514683d5c5664f5b6eda7ee4e415e2c4155b1e92f7d93d82ddd60d6f652e35332b5ce50eba84897c5202a899

Score

10^/10

evasion trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1088

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

IoJbxlqcb.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" IoJbxlqcb.exe
Windows security bypass 2 TTPs 1 IoCs
evasion trojan

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

IoJbxlqcb.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0" IoJbxlqcb.exe
Windows security modification 2 TTPs 1 IoCs
evasion trojan

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

IoJbxlqcb.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0" IoJbxlqcb.exe
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

IoJbxlqcb.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" IoJbxlqcb.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	IoJbxlqcb.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0"	IoJbxlqcb.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UACDisableNotify = "0"	IoJbxlqcb.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	IoJbxlqcb.exe

Program crash 49 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4156	3372	WerFault.exe	iexplore.exe
4152	4216	WerFault.exe	iexplore.exe
4864	4144	WerFault.exe	iexplore.exe
2080	4364	WerFault.exe	iexplore.exe
3416	3992	WerFault.exe	iexplore.exe
652	4332	WerFault.exe	iexplore.exe
4744	4020	WerFault.exe	iexplore.exe
116	3748	WerFault.exe	iexplore.exe
2968	1824	WerFault.exe	iexplore.exe
3584	2748	WerFault.exe	iexplore.exe
3432	4532	WerFault.exe	iexplore.exe
4076	1964	WerFault.exe	iexplore.exe
4472	1200	WerFault.exe	iexplore.exe
444	1696	WerFault.exe	iexplore.exe
3980	3140	WerFault.exe	iexplore.exe
2368	4716	WerFault.exe	iexplore.exe
4552	2544	WerFault.exe	iexplore.exe
4832	1480	WerFault.exe	iexplore.exe
4172	4772	WerFault.exe	iexplore.exe
2928	4840	WerFault.exe	iexplore.exe
3492	2404	WerFault.exe	iexplore.exe
4356	3352	WerFault.exe	iexplore.exe
2020	3700	WerFault.exe	iexplore.exe
1092	1232	WerFault.exe	iexplore.exe
3516	780	WerFault.exe	iexplore.exe
3096	3932	WerFault.exe	iexplore.exe
1512	3868	WerFault.exe	iexplore.exe
4436	3268	WerFault.exe	iexplore.exe
4844	2524	WerFault.exe	iexplore.exe
2608	2224	WerFault.exe	iexplore.exe
4136	3340	WerFault.exe	iexplore.exe
844	4864	WerFault.exe	iexplore.exe
1956	1872	WerFault.exe	iexplore.exe
4412	1784	WerFault.exe	iexplore.exe
376	3124	WerFault.exe	iexplore.exe
3872	3604	WerFault.exe	iexplore.exe
1572	3956	WerFault.exe	iexplore.exe
2180	3128	WerFault.exe	iexplore.exe
4420	2852	WerFault.exe	iexplore.exe
4780	5100	WerFault.exe	iexplore.exe
3744	224	WerFault.exe	iexplore.exe
5000	5112	WerFault.exe	iexplore.exe
3560	2804	WerFault.exe	iexplore.exe
3508	4736	WerFault.exe	iexplore.exe
3148	2304	WerFault.exe	iexplore.exe
2488	4692	WerFault.exe	iexplore.exe
4720	3648	WerFault.exe	iexplore.exe
5092	4160	WerFault.exe	iexplore.exe
2516	5088	WerFault.exe	iexplore.exe

Suspicious use of SetThreadContext 49 IoCs

Processes:

IoJbxlqcb.exe

description	pid	process	target process
PID 3460 set thread context of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1824	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4532	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1964	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1200	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1696	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3140	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4716	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2544	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1480	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4772	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4840	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2404	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3352	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3700	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1232	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 780	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3932	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3868	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3268	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2524	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2224	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3340	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4864	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1872	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 1784	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3124	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3604	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3956	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3128	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2852	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 5100	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 224	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 5112	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2804	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4736	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 2304	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4692	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 3648	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 4160	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 set thread context of 5088	3460	IoJbxlqcb.exe	iexplore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

IoJbxlqcb.exe

pid	process
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe
3460	IoJbxlqcb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

IoJbxlqcb.exe

pid process

3460 IoJbxlqcb.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

IoJbxlqcb.exe

description	pid	process	target process
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3372	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4216	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4144	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4364	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3992	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4332	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 4020	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe
PID 3460 wrote to memory of 3748	3460	IoJbxlqcb.exe	iexplore.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

IoJbxlqcb.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" IoJbxlqcb.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	IoJbxlqcb.exe

C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
"C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe"
1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:3460

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 84
3⤵
- Program crash
PID:4156

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 88
3⤵
- Program crash
PID:4152

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 84
3⤵
- Program crash
PID:4864

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 84
3⤵
- Program crash
PID:2080

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 84
3⤵
- Program crash
PID:3416

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 84
3⤵
- Program crash
PID:652

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 84
3⤵
- Program crash
PID:4744

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 84
3⤵
- Program crash
PID:116

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 84
3⤵
- Program crash
PID:2968

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 192
3⤵
- Program crash
PID:3584

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 84
3⤵
- Program crash
PID:3432

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 84
3⤵
- Program crash
PID:4076

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 84
3⤵
- Program crash
PID:4472

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 84
3⤵
- Program crash
PID:444

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 84
3⤵
- Program crash
PID:3980

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 84
3⤵
- Program crash
PID:2368

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 84
3⤵
- Program crash
PID:4552

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 84
3⤵
- Program crash
PID:4832

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 84
3⤵
- Program crash
PID:4172

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 84
3⤵
- Program crash
PID:2928

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 12
3⤵
- Program crash
PID:3492

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 84
3⤵
- Program crash
PID:4356

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 84
3⤵
- Program crash
PID:2020

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 84
3⤵
- Program crash
PID:1092

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 76
3⤵
- Program crash
PID:3516

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 84
3⤵
- Program crash
PID:3096

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 84
3⤵
- Program crash
PID:1512

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 84
3⤵
- Program crash
PID:4436

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 84
3⤵
- Program crash
PID:4844

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 84
3⤵
- Program crash
PID:2608

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 84
3⤵
- Program crash
PID:4136

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 84
3⤵
- Program crash
PID:844

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 84
3⤵
- Program crash
PID:1956

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 84
3⤵
- Program crash
PID:4412

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 84
3⤵
- Program crash
PID:376

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 84
3⤵
- Program crash
PID:3872

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 84
3⤵
- Program crash
PID:1572

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 84
3⤵
- Program crash
PID:2180

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 84
3⤵
- Program crash
PID:4420

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 12
3⤵
- Program crash
PID:4780

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 84
3⤵
- Program crash
PID:3744

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 84
3⤵
- Program crash
PID:5000

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 84
3⤵
- Program crash
PID:3560

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 84
3⤵
- Program crash
PID:3508

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 84
3⤵
- Program crash
PID:3148

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 84
3⤵
- Program crash
PID:2488

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 84
3⤵
- Program crash
PID:4720

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 84
3⤵
- Program crash
PID:5092

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\IoJbxlqcb.exe
2⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 76
3⤵
- Program crash
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 3372 -ip 3372
1⤵
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4216 -ip 4216
1⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4144 -ip 4144
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4364 -ip 4364
1⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 3992 -ip 3992
1⤵
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4332 -ip 4332
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4020 -ip 4020
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 3748 -ip 3748
1⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1824 -ip 1824
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2748 -ip 2748
1⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4532 -ip 4532
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1964 -ip 1964
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1200 -ip 1200
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 1696 -ip 1696
1⤵
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3140 -ip 3140
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4716 -ip 4716
1⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2544 -ip 2544
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1480 -ip 1480
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4772 -ip 4772
1⤵
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4840 -ip 4840
1⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 2404 -ip 2404
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3352 -ip 3352
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3700 -ip 3700
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1232 -ip 1232
1⤵
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 780 -ip 780
1⤵
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3932 -ip 3932
1⤵
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 3868 -ip 3868
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3268 -ip 3268
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2524 -ip 2524
1⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2224 -ip 2224
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 3340 -ip 3340
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4864 -ip 4864
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1872 -ip 1872
1⤵
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1784 -ip 1784
1⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3124 -ip 3124
1⤵
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3604 -ip 3604
1⤵
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3956 -ip 3956
1⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 3128 -ip 3128
1⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2852 -ip 2852
1⤵
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5100 -ip 5100
1⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 224 -ip 224
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5112 -ip 5112
1⤵
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2804 -ip 2804
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 4736 -ip 4736
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2304 -ip 2304
1⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4692 -ip 4692
1⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3648 -ip 3648
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4160 -ip 4160
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5088 -ip 5088
1⤵
PID:1376

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads