Source: C:\Windows\SysWOW64\mshta.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE |
Jump to behavior |
Source: classification engine |
Classification label: clean2.winHTA@1/0@0/0 |
Source: C:\Windows\SysWOW64\mshta.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: mshtml.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: msiso.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: srpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: msimtf.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: jscript9.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: d2d1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32 |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 0_2_051BF550 push ebp; retf |
0_2_051BF552 |
Source: C:\Windows\SysWOW64\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\SysWOW64\mshta.exe |
Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\mshta.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |