| Source: wscript.exe, 00000000.00000003.2338236583.000001C247B8C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://192.210.215.11/zoom/mkl.js |
| Source: wscript.exe, 00000000.00000003.2340265785.000001C247C15000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://192.210.215.11/zoom/mkl.jsd( |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3409718764.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://c.pki.goog/r/r1.crl0 |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002B0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://c.pki.goog/wr2/GSyT1N4PBrg.crl0 |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0; |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3409718764.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://i.pki.goog/r1.crt0 |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002B0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://i.pki.goog/wr2.crt0 |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002B0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://o.pki.goog/wr20% |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.pki.goo |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.pki.goog/gsr10) |
| Source: tqxse.exe, 00000005.00000002.3414861721.00000000061A6000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3414861721.00000000061DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02 |
| Source: tqxse.exe, 00000005.00000002.3412173760.0000000002ABB000.00000004.00000800.00020000.00000000.sdmp, tqxse.exe, 00000005.00000002.3412173760.0000000002B0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://smtp.gmail.com |
| Source: wscript.exe, 00000004.00000003.2373428146.0000018312751000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2374197721.000001830F63C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2382112016.0000018312682000.00000004.00000020.00020000.00000000.sdmp, tqxse.exe, 00000005.00000000.2373276954.0000000000702000.00000002.00000001.01000000.00000007.sdmp | String found in binary or memory: https://account.dyn.com/ |
| Source: wscript.exe, 00000000.00000003.2340779454.000001C247F5E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2343513793.000001C247F5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_00F941C8 | 5_2_00F941C8 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_00F99470 | 5_2_00F99470 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_00F94A98 | 5_2_00F94A98 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_00F98CA8 | 5_2_00F98CA8 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_00F93E80 | 5_2_00F93E80 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_00F9CB7C | 5_2_00F9CB7C |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F70448 | 5_2_05F70448 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F7AE20 | 5_2_05F7AE20 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F711F0 | 5_2_05F711F0 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F72990 | 5_2_05F72990 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F794E8 | 5_2_05F794E8 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F7EF02 | 5_2_05F7EF02 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F7EF08 | 5_2_05F7EF08 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F752A0 | 5_2_05F752A0 |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Code function: 5_2_05F722A8 | 5_2_05F722A8 |
| Source: C:\Windows\System32\wscript.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: jscript.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msxml3.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mlang.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msdart.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: dlnashext.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wpdshext.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: policymanager.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: jscript.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mlang.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msxml3.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: msdart.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\wscript.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: vaultcli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\tqxse.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Edit tour
wscript.exe (PID: 3172 cmdline: 
tqxse.exe (PID: 1292 cmdline: 
