Source: 94e.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: 94e.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K |
Source: 94e.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: 94e.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: 94e.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0 |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G |
Source: 94e.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: 94e.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: 94e.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: 94e.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: 94e.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: 94e.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: 94e.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: 94e.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: 94e.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: 94e.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: 94e.exe |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: 94e.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr606 |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08 |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
Source: Held.com, 0000000B.00000000.1766795524.0000000000B15000.00000002.00000001.01000000.00000007.sdmp, Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com, 00000011.00000000.1885708157.0000000000925000.00000002.00000001.01000000.00000009.sdmp, SecureKey.com.11.dr, Held.com.1.dr, This.8.dr |
String found in binary or memory: http://www.autoitscript.com/autoit3/X |
Source: 94e.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: 94e.exe |
String found in binary or memory: http://www.teamviewer.com |
Source: Held.com, 0000000B.00000003.1772928243.0000000003F6C000.00000004.00000800.00020000.00000000.sdmp, SecureKey.com.11.dr, Held.com.1.dr, Sure.8.dr |
String found in binary or memory: https://www.autoitscript.com/autoit3/ |
Source: Sure.8.dr |
String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: unknown |
Process created: C:\Users\user\Desktop\94e.exe "C:\Users\user\Desktop\94e.exe" |
|
Source: C:\Users\user\Desktop\94e.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Modes Modes.cmd & Modes.cmd |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 159893 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Beastiality |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Patrick" Episode |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Proceedings + ..\Deviation + ..\Ds + ..\Lived + ..\Formed + ..\Twiki + ..\Shoot + ..\Retrieval + ..\Pounds + ..\Roland H |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Temp\159893\Held.com Held.com H |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 |
|
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecureKey.url" & echo URL="C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecureKey.url" & exit |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.js" |
|
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com "C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com" "C:\Users\user\AppData\Local\GuardKey Solutions\a" |
|
Source: C:\Users\user\Desktop\94e.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Modes Modes.cmd & Modes.cmd |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 159893 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Beastiality |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Patrick" Episode |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Proceedings + ..\Deviation + ..\Ds + ..\Lived + ..\Formed + ..\Twiki + ..\Shoot + ..\Retrieval + ..\Pounds + ..\Roland H |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Temp\159893\Held.com Held.com H |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecureKey.url" & echo URL="C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecureKey.url" & exit |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com "C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com" "C:\Users\user\AppData\Local\GuardKey Solutions\a" |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cmdext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\extrac32.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\choice.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: jscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\94e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\159893\Held.com |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\GuardKey Solutions\SecureKey.com |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |