Windows Analysis Report
MyTrustID.EXE

Overview

General Information

Sample name: MyTrustID.EXE
Analysis ID: 1541694
MD5: 1f4bb0f2b9d26f2419fbb7e7ba860d03
SHA1: 0ec525f5032f91544908aa957dc9fa9212d9ac7d
SHA256: 0b4d29b13046032af8c92bff26283ac8522bc178e9b4428010030bd352c49e91
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Command shell drops VBS files
Queries sensitive system registry key value via command line tool
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Uses cmd line tools excessively to alter registry or file data
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Recon Command Output Piped To Findstr.EXE
Sigma detected: Startup Folder File Write
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses reg.exe to modify the Windows registry

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: MyTrustID.EXE Virustotal: Detection: 11% Perma Link
Uses 32bit PE files
Source: MyTrustID.EXE Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 103.140.139.135:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 103.140.139.135:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 103.140.139.135:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: MyTrustID.EXE Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z:
Source: C:\Windows\System32\msiexec.exe File opened: x:
Source: C:\Windows\System32\msiexec.exe File opened: v:
Source: C:\Windows\System32\msiexec.exe File opened: t:
Source: C:\Windows\System32\msiexec.exe File opened: r:
Source: C:\Windows\System32\msiexec.exe File opened: p:
Source: C:\Windows\System32\msiexec.exe File opened: n:
Source: C:\Windows\System32\msiexec.exe File opened: l:
Source: C:\Windows\System32\msiexec.exe File opened: j:
Source: C:\Windows\System32\msiexec.exe File opened: h:
Source: C:\Windows\System32\msiexec.exe File opened: f:
Source: C:\Windows\System32\msiexec.exe File opened: b:
Source: C:\Windows\System32\msiexec.exe File opened: y:
Source: C:\Windows\System32\msiexec.exe File opened: w:
Source: C:\Windows\System32\msiexec.exe File opened: u:
Source: C:\Windows\System32\msiexec.exe File opened: s:
Source: C:\Windows\System32\msiexec.exe File opened: q:
Source: C:\Windows\System32\msiexec.exe File opened: o:
Source: C:\Windows\System32\msiexec.exe File opened: m:
Source: C:\Windows\System32\msiexec.exe File opened: k:
Source: C:\Windows\System32\msiexec.exe File opened: i:
Source: C:\Windows\System32\msiexec.exe File opened: g:
Source: C:\Windows\System32\msiexec.exe File opened: e:
Source: C:\Windows\SysWOW64\cscript.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a:
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: digitalid.msctrustgate.com
Source: global traffic DNS traffic detected: DNS query: mtid.msctrustgate.com
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown HTTPS traffic detected: 103.140.139.135:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 103.140.139.135:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 103.140.139.135:443 -> 192.168.2.16:49710 version: TLS 1.2
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\586267.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI645B.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI64C9.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{A97F7040-544D-4857-B3ED-8ED1ED9AE368}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6557.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{A97F7040-544D-4857-B3ED-8ED1ED9AE368}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{A97F7040-544D-4857-B3ED-8ED1ED9AE368}\_853F67D554F05449430E7E.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{A97F7040-544D-4857-B3ED-8ED1ED9AE368}\_A29A2B13E3315CB309EF12.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{A97F7040-544D-4857-B3ED-8ED1ED9AE368}\_FED9824324082FAB031DB2.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{A97F7040-544D-4857-B3ED-8ED1ED9AE368}\_58D1171B4CA0552DFB6D1D.exe
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\586270.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\586270.msi
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI645B.tmp
PE file contains executable resources (Code or Archives)
Source: MyTrustID.EXE Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 7144194 bytes, 2 files, at 0x2c +A "mytrustid.bat" +A "MyTrustIDesktop.msi", ID 3292, number 1, 259 datablocks, 0x1503 compression
Uses 32bit PE files
Source: MyTrustID.EXE Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Uses reg.exe to modify the Windows registry
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
Source: classification engine Classification label: mal64.evad.winEXE@29/111@2/5
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\Public\Desktop\MyTrustIDv1.lnk
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Mutant created: NULL
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Mutant created: \Sessions\1\BaseNamedObjects\MyTrustIDv1
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Mutant created: \Sessions\1\BaseNamedObjects\C__Trustgate_MyTrustID_logs__rolling
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
Source: C:\Users\user\Desktop\MyTrustID.EXE File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP
Source: C:\Users\user\Desktop\MyTrustID.EXE Process created: C:\Windows\SysWOW64\cmd.exe cmd /c mytrustid.bat
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript CreateShortcut.vbs
Source: MyTrustID.EXE Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe File read: C:\Program Files (x86)\desktop.ini
Source: C:\Users\user\Desktop\MyTrustID.EXE Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: MyTrustID.EXE Virustotal: Detection: 11%
Source: unknown Process created: C:\Users\user\Desktop\MyTrustID.EXE "C:\Users\user\Desktop\MyTrustID.EXE"
Source: C:\Users\user\Desktop\MyTrustID.EXE Process created: C:\Windows\SysWOW64\cmd.exe cmd /c mytrustid.bat
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\net.exe NET SESSION
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 SESSION
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c tasklist | find /I /C "MyTrustIDv1.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe find /I /C "MyTrustIDv1.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe find /i "x86"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\.NETFramework,Version=v4.6.1"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i MyTrustIDesktop.msi /passive /norestart
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8CC76684883FA410DFF2F184C1945521
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript CreateShortcut.vbs
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe "C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe"
Source: C:\Users\user\Desktop\MyTrustID.EXE Process created: C:\Windows\SysWOW64\cmd.exe cmd /c mytrustid.bat
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\net.exe NET SESSION
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c tasklist | find /I /C "MyTrustIDv1.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe find /i "x86"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\.NETFramework,Version=v4.6.1"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i MyTrustIDesktop.msi /passive /norestart
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript CreateShortcut.vbs
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe "C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe"
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 SESSION
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe find /I /C "MyTrustIDv1.exe"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8CC76684883FA410DFF2F184C1945521
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: mpr.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: sfc.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: version.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: feclient.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\MyTrustID.EXE Section loaded: advpack.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: slc.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: pcacli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\find.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\find.exe Section loaded: ulib.dll
Source: C:\Windows\SysWOW64\find.exe Section loaded: fsutilext.dll
Source: C:\Windows\SysWOW64\reg.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\find.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\find.exe Section loaded: ulib.dll
Source: C:\Windows\SysWOW64\find.exe Section loaded: fsutilext.dll
Source: C:\Windows\SysWOW64\reg.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: vbscript.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: scrobj.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: scrrun.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: linkinfo.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: ntshrui.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: cscapi.dll
Source: C:\Windows\SysWOW64\cscript.exe Section loaded: netutils.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: mpr.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sfc.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: version.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: netutils.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: d3d9.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: winsta.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dxcore.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: textshaping.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: msctfui.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: d3dcompiler_47.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: msisip.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wshext.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: appxsip.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: opcservices.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: esdsip.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: etoken.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: winscard.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: devobj.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: samcli.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: saclog.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wfapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sacperfcounter.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: etokenhid.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: etvtokenengine.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dlpreel.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sactokensimulator.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: saclog.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: wfapi.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sacperfcounter.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: etokenhid.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: etvtokenengine.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: dlpreel.dll
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Section loaded: sactokensimulator.dll
Source: C:\Windows\SysWOW64\tasklist.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: MyTrustID.EXE Static file information: File size 7301120 > 1048576
Source: MyTrustID.EXE Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x6ee200
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: MyTrustID.EXE Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: MyTrustID.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Persistence and Installation Behavior
barindex
Command shell drops VBS files
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\CreateShortcut.vbs
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\SysWOW64\cmd.exe Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: reg.exe
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Collections.Concurrent.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Expressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.NetworkInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.ReaderWriter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\InstallCertdll.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.NetTcp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.XmlSerializer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\itextsharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Tasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.InteropServices.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Collections.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\st3ace.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Resources.ResourceManager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Xml.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\Hardcodet.Wpf.TaskbarNotification.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Trustgate\MyTrustID\drivers\Trustgate.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.XDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Tracing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.EventBasedAsync.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.WebHeaderCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.InteropServices.WindowsRuntime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Principal.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Globalization.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Tasks.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\Pkcs11Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\IDPrimeTokenEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI64C9.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ObjectModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.IO.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Timer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Contracts.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\st3ace_s.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Debug.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Queryable.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\st3csp11.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\32bit\eToken.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\CreateCSRdll.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.Lightweight.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Requests.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Trustgate\MyTrustID\drivers\Trustgate_s.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Duplex.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Tools.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.ILGeneration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.Encoding.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\WebSockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Windows.Interactivity.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.Annotations.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Dynamic.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Handles.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\log4net.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Numerics.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Trustgate\MyTrustID\Uninstall.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI64C9.tmp Jump to dropped file
Creates a start menu entry (Start Menu\Programs\Startup)
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MyTrustIDv1.lnk
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MyTrustIDv1.lnk
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyTrustID Apps
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyTrustID Apps\MyTrustIDv1.lnk
Source: C:\Users\user\Desktop\MyTrustID.EXE Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\Desktop\MyTrustID.EXE Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\Desktop\MyTrustID.EXE Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\Desktop\MyTrustID.EXE Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cscript.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries sensitive system registry key value via command line tool
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Memory allocated: B70000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Memory allocated: 2720000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Memory allocated: 4720000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Thread delayed: delay time: 922337203685477
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Expressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Collections.Concurrent.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.NetworkInformation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.ReaderWriter.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\InstallCertdll.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.NetTcp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.XmlSerializer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\itextsharp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Tasks.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.InteropServices.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\st3ace.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Collections.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Resources.ResourceManager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Xml.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\Hardcodet.Wpf.TaskbarNotification.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Trustgate\MyTrustID\drivers\Trustgate.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.XDocument.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Tracing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.EventBasedAsync.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.WebHeaderCollection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Principal.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.InteropServices.WindowsRuntime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Globalization.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Security.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Tasks.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\Pkcs11Interop.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\IDPrimeTokenEngine.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ObjectModel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI64C9.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.RegularExpressions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.IO.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Timer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Contracts.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\st3ace_s.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Debug.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Queryable.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\st3csp11.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\32bit\eToken.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\CreateCSRdll.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.Lightweight.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Requests.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Trustgate\MyTrustID\drivers\Trustgate_s.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Duplex.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Parallel.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Tools.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.ILGeneration.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.Encoding.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\WebSockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Windows.Interactivity.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.Annotations.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Dynamic.Runtime.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Handles.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\Uninstall.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Numerics.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Trustgate\MyTrustID\log4net.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe TID: 5952 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe TID: 5952 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation
Enables debug privileges
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Memory allocated: page read and write | page guard
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\net.exe NET SESSION
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c tasklist | find /I /C "MyTrustIDv1.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe find /i "x86"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\.NETFramework,Version=v4.6.1"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i MyTrustIDesktop.msi /passive /norestart
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cscript.exe cscript CreateShortcut.vbs
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe "C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe"
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 SESSION
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe find /I /C "MyTrustIDv1.exe"
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Windows\SysWOW64\reg.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\SysWOW64\reg.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\SysWOW64\reg.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\SysWOW64\reg.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\SysWOW64\reg.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\SysWOW64\reg.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cscript.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\WebSockets.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\itextsharp.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\Hardcodet.Wpf.TaskbarNotification.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.RegularExpressions.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\System.Windows.Interactivity.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.ResourceManager\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.ResourceManager.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Expressions.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Program Files (x86)\Trustgate\MyTrustID\Pkcs11Interop.dll VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Windows\SysWOW64\cscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
103.140.139.135
 digitalid.msctrustgate.com Malaysia
133936 X86NETWORK-AS-APX86NetworkSdnBhdMY false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
digitalid.msctrustgate.com 103.140.139.135 true
mtid.msctrustgate.com 127.0.0.1 true