Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2024 11:53
Static task
static1
Behavioral task
behavioral1
Sample
7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe
Resource
win7-20240221-en
General
-
Target
7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe
-
Size
623KB
-
MD5
2699077a996951eac7b369b6356ff296
-
SHA1
8c6acecf8009665e0670ce634ce8f0d2907481c1
-
SHA256
7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044
-
SHA512
80c54200dc8de17df29b8401859366979629f5fed025425f02be68276cb21b41ddc16f7068a0fc81fa84dab251f7b15e4d6ffae44f3fdd1992d78480127fc79a
-
SSDEEP
12288:iSDW0/Ph/JtjwVXfFUOj9Y9A3o6rq9JSsQ+uP096/X:fW0h/JtjwVXSOj9GA3o62Esn9SX
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exedescription ioc process File opened (read-only) \??\g: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\k: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\r: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\v: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\x: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\a: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\b: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\q: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\n: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\o: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\j: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\l: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\u: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\w: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\y: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\z: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\e: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\i: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\p: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\s: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\t: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\h: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe File opened (read-only) \??\m: 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe -
AutoIT Executable 10 IoCs
AutoIT scripts compiled to PE executables.
Processes:
resource yara_rule behavioral2/memory/3736-2-0x0000000002120000-0x00000000021FD000-memory.dmp autoit_exe behavioral2/memory/3736-3-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-4-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-5-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-7-0x0000000002120000-0x00000000021FD000-memory.dmp autoit_exe behavioral2/memory/3736-9-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-12-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-14-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-16-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe behavioral2/memory/3736-18-0x0000000000400000-0x00000000004E2000-memory.dmp autoit_exe -
Program crash 64 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exepid pid_target process target process 5044 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3416 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2356 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3952 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4860 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3380 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3196 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4948 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4316 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4708 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 5004 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3608 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4820 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3896 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4352 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 532 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1992 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3888 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4432 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 5112 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4696 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1744 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4704 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1084 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2836 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3472 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1732 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3144 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2944 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1204 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1100 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 728 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4632 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4960 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1984 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3980 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1840 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2232 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2680 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4592 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4452 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4880 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4616 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1976 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2096 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 948 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 116 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4460 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1436 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3140 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 5112 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 5044 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2868 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4704 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4252 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3900 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4888 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4872 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3608 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4380 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 2464 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 1436 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 4440 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe 3980 3736 WerFault.exe 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe -
Suspicious use of WriteProcessMemory 51 IoCs
Processes:
7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exedescription pid process target process PID 3736 wrote to memory of 1268 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1268 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1268 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2036 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2036 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2036 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3200 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3200 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3200 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 4492 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 4492 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 4492 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2100 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2100 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2100 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2908 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2908 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2908 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 4684 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 4684 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 4684 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3844 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3844 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3844 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3012 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3012 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3012 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1104 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1104 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1104 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2228 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2228 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 2228 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3084 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3084 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3084 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1728 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1728 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1728 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3776 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3776 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3776 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3052 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3052 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 3052 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 5012 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 5012 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 5012 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1648 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1648 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe PID 3736 wrote to memory of 1648 3736 7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe"C:\Users\Admin\AppData\Local\Temp\7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044.exe"1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:3736 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.doc" /S /B /A2⤵PID:1268
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6042⤵
- Program crash
PID:5044 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pdf" /S /B /A2⤵PID:2036
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6242⤵
- Program crash
PID:3416 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6082⤵
- Program crash
PID:2356 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6802⤵
- Program crash
PID:3952 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6362⤵
- Program crash
PID:4860 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppt" /S /B /A2⤵PID:3200
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7122⤵
- Program crash
PID:3380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7202⤵
- Program crash
PID:3196 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7402⤵
- Program crash
PID:4948 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7482⤵
- Program crash
PID:4316 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A2⤵PID:4492
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6322⤵
- Program crash
PID:4708 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7242⤵
- Program crash
PID:5004 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6722⤵
- Program crash
PID:3608 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6002⤵
- Program crash
PID:4820 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.xl" /S /B /A2⤵PID:2100
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6882⤵
- Program crash
PID:3896 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6322⤵
- Program crash
PID:4352 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6922⤵
- Program crash
PID:532 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7362⤵
- Program crash
PID:1992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.csv" /S /B /A2⤵PID:2908
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7122⤵
- Program crash
PID:3888 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6042⤵
- Program crash
PID:4432 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7802⤵
- Program crash
PID:5112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7842⤵
- Program crash
PID:4696 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rtf" /S /B /A2⤵PID:4684
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8202⤵
- Program crash
PID:1744 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6722⤵
- Program crash
PID:4704 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8562⤵
- Program crash
PID:1084 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6962⤵
- Program crash
PID:2836 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A2⤵PID:3844
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7842⤵
- Program crash
PID:3472 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8362⤵
- Program crash
PID:1732 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 6042⤵
- Program crash
PID:3144 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8682⤵
- Program crash
PID:2944 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.mdb" /S /B /A2⤵PID:3012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8762⤵
- Program crash
PID:1204 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 7762⤵
- Program crash
PID:1100 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9082⤵
- Program crash
PID:728 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8362⤵
- Program crash
PID:4632 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.accdb" /S /B /A2⤵PID:1104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9002⤵
- Program crash
PID:4960 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8602⤵
- Program crash
PID:1984 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8882⤵
- Program crash
PID:3980 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9202⤵
- Program crash
PID:1840 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pot" /S /B /A2⤵PID:2228
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9522⤵
- Program crash
PID:2232 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9962⤵
- Program crash
PID:2680 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 10162⤵
- Program crash
PID:4592 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8882⤵
- Program crash
PID:4452 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pps" /S /B /A2⤵PID:3084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9642⤵
- Program crash
PID:4880 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9042⤵
- Program crash
PID:4616 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8882⤵
- Program crash
PID:1976 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 10082⤵
- Program crash
PID:2096 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppa" /S /B /A2⤵PID:1728
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9642⤵
- Program crash
PID:948 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9522⤵
- Program crash
PID:116 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9802⤵
- Program crash
PID:4460 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8962⤵
- Program crash
PID:1436 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rar" /S /B /A2⤵PID:3776
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9882⤵
- Program crash
PID:3140 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9722⤵
- Program crash
PID:5112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9922⤵
- Program crash
PID:5044 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9882⤵
- Program crash
PID:2868 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.zip" /S /B /A2⤵PID:3052
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9322⤵
- Program crash
PID:4704 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9402⤵
- Program crash
PID:4252 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8882⤵
- Program crash
PID:3900 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9962⤵
- Program crash
PID:4888 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.tar" /S /B /A2⤵PID:5012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9522⤵
- Program crash
PID:4872 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9322⤵
- Program crash
PID:3608 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8962⤵
- Program crash
PID:4380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8642⤵
- Program crash
PID:2464 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.7z" /S /B /A2⤵PID:1648
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8882⤵
- Program crash
PID:1436 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9362⤵
- Program crash
PID:4440 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8842⤵
- Program crash
PID:3980 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9522⤵PID:4696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8882⤵PID:1192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9842⤵PID:2028
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 9962⤵PID:4324
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8522⤵PID:2224
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 8162⤵PID:880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 11402⤵PID:4600
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 12082⤵PID:1824
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3736 -ip 37361⤵PID:4324
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3736 -ip 37361⤵PID:2028
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3736 -ip 37361⤵PID:2284
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3736 -ip 37361⤵PID:4164
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3736 -ip 37361⤵PID:1556
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3736 -ip 37361⤵PID:2068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3736 -ip 37361⤵PID:2836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3736 -ip 37361⤵PID:3496
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3736 -ip 37361⤵PID:3016
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3736 -ip 37361⤵PID:2512
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3736 -ip 37361⤵PID:4872
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3736 -ip 37361⤵PID:436
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3736 -ip 37361⤵PID:1204
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3736 -ip 37361⤵PID:1100
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3736 -ip 37361⤵PID:2092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3736 -ip 37361⤵PID:1648
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3736 -ip 37361⤵PID:2236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3736 -ip 37361⤵PID:4048
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3736 -ip 37361⤵PID:3140
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3736 -ip 37361⤵PID:488
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3736 -ip 37361⤵PID:4132
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3736 -ip 37361⤵PID:2492
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3736 -ip 37361⤵PID:4136
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3736 -ip 37361⤵PID:5116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3736 -ip 37361⤵PID:1160
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3736 -ip 37361⤵PID:1916
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3736 -ip 37361⤵PID:3176
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3736 -ip 37361⤵PID:4624
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3736 -ip 37361⤵PID:1728
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3736 -ip 37361⤵PID:5048
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3736 -ip 37361⤵PID:4492
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3736 -ip 37361⤵PID:4692
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3736 -ip 37361⤵PID:2092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3736 -ip 37361⤵PID:4460
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3736 -ip 37361⤵PID:772
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3736 -ip 37361⤵PID:3140
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3736 -ip 37361⤵PID:4092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3736 -ip 37361⤵PID:4984
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3736 -ip 37361⤵PID:2744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3736 -ip 37361⤵PID:440
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3736 -ip 37361⤵PID:5116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3736 -ip 37361⤵PID:1308
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3736 -ip 37361⤵PID:212
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3736 -ip 37361⤵PID:4396
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3736 -ip 37361⤵PID:4624
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3736 -ip 37361⤵PID:4584
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3736 -ip 37361⤵PID:1792
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3736 -ip 37361⤵PID:4632
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3736 -ip 37361⤵PID:4920
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3736 -ip 37361⤵PID:1236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3736 -ip 37361⤵PID:3980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3736 -ip 37361⤵PID:1624
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3736 -ip 37361⤵PID:2024
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3736 -ip 37361⤵PID:2496
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3736 -ip 37361⤵PID:2272
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3736 -ip 37361⤵PID:3196
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3736 -ip 37361⤵PID:4880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3736 -ip 37361⤵PID:4716
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3736 -ip 37361⤵PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3736 -ip 37361⤵PID:3772
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3736 -ip 37361⤵PID:3760
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3736 -ip 37361⤵PID:4460
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3736 -ip 37361⤵PID:692
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3736 -ip 37361⤵PID:3244
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3736 -ip 37361⤵PID:2604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3736 -ip 37361⤵PID:5008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3736 -ip 37361⤵PID:2980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3736 -ip 37361⤵PID:4056
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3736 -ip 37361⤵PID:1084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3736 -ip 37361⤵PID:3832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3736 -ip 37361⤵PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3736 -ip 37361⤵PID:1188
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3736-1-0x0000000000780000-0x0000000000880000-memory.dmpFilesize
1024KB
-
memory/3736-2-0x0000000002120000-0x00000000021FD000-memory.dmpFilesize
884KB
-
memory/3736-3-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-4-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-5-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-6-0x0000000000780000-0x0000000000880000-memory.dmpFilesize
1024KB
-
memory/3736-7-0x0000000002120000-0x00000000021FD000-memory.dmpFilesize
884KB
-
memory/3736-9-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-12-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-14-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-16-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB
-
memory/3736-18-0x0000000000400000-0x00000000004E2000-memory.dmpFilesize
904KB