TREE VIEW (4 processes)
DESKTOP-8C5M44D: 8b9659ef-c4cb-4dce-87f7-acd0b1154681
0 executes undefined undefined 0 executes knoblinger dringende bestellliste,pdf.exe 7020undefined undefined executes undefined undefinedundefined undefined executes undefined undefinedundefined undefined executes undefined undefinedundefined undefined executes undefined undefinedknoblinger dringende bestellliste,pdf.exe 7020 executes tvoood.exe 5480tvoood.exe 5480 executes wsmprovhost.exe 7652wsmprovhost.exe 7652 executes wsmprovhost.exe 101566/12/2019, 11:50:54 AMBootPath: undefined Arguments: Unable to decode Signed By: undefined Reputation: undefinedPath: e:\knoblinger dringende bestellliste,pdf.exe Signed By: Image is not signed Reputation: Malwareknoblinger dringende bestellliste,pdf.exe 7020Attack Start, Dropped ExecutableUnsigned ProcessPath: c:\users\admin\appdata\local\tvoood.exe Signed By: Image is not signed Reputation: Malwaretvoood.exe 5480Process in AppData, Unsigned ProcessPath: c:\windows\syswow64\wsmprovhost.exe Signed By: Microsoft Windows Reputation: Benignwsmprovhost.exe 7652Dropped Executable, Dropped ScriptPersistencePath: c:\windows\syswow64\wsmprovhost.exe Signed By: Microsoft Windows Reputation: Benignwsmprovhost.exe 10156Trigger: c:\windows\syswow64\wsmprovhost.exe
^
Process Name:
Arguments:
Path:
PID:
Start Time:
Close Time:
Duration:
Created By:
Created By PID:
Parent Chain:
MD5:
Signed By:
User Name:
User SID:
SID Name:
SID Description:
Classification:
Malware Family:
First Seen:
Risk:
Severity:
Confidence:
Detections:
Submitted As:
File Type:
File Size (Bytes):
File Version:
Signed By:
Company:
Decoded Script:
Trigger: c:\windows\syswow64\wsmprovhost.exe
Legend
Close
Arguments: