| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: snailyeductyi.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: ferrycheatyk.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: deepymouthi.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: wrigglesight.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: captaitwik.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: sidercotay.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: heroicmint.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: monstourtu.sbs |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: shootyprovedn.biz |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: Workgroup: - |
| Source: 00000000.00000002.2034939825.0000000002480000.00000004.00001000.00020000.00000000.sdmp | String decryptor: xAeOdp--mainteam |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://ocsp2.globalsign.com/rootr606 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0? |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.???.xx/?search=%s |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.com |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.com/?Download=Find.Same.Images.OK |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK/History |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.com/?seite=faq-Find.Same.Images.OK&faq=0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.de |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.de/?Download=Find.Same.Images.OK |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK/History |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.surfok.de/ |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: http://www.surfok.de/%3D%3F |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957633276.0000000003581000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1997989046.0000000000860000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/ |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1939042700.000000000085D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/8 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2020457154.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2020475367.000000000086B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2005316291.000000000085D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1997989046.0000000000860000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/H |
| Source: SecuriteInfo.com.Heur.11787.148.exe, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1957439602.0000000000898000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034605895.000000000088A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1998167986.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1998192388.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1997893249.000000000089A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034638879.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1907779593.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1923669185.0000000000876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1981635188.0000000000898000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2020840297.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1938968547.000000000355E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033749788.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2005356289.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034669036.000000000089A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1939042700.000000000085D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033738183.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2020855856.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2005356289.0000000000883000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/api |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034638879.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2020840297.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2005356289.0000000000890000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033738183.0000000000890000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/api0-R |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1938968547.000000000355E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/api62 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1998192388.0000000000889000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/apiF5V |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034605895.000000000088A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033749788.0000000000889000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz/apiY |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034444258.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033702755.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033518619.000000000081A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://shootyprovedn.biz:443/api |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924062377.00000000035AE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.microsof |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924187679.00000000035A5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924062377.00000000035AC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924187679.0000000003580000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924187679.00000000035A5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924062377.00000000035AC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924187679.0000000003580000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1907779593.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1907740482.000000000086B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1907779593.0000000000818000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/learning/access-ma |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033643289.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2020457154.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2005316291.000000000085D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000002.2034478410.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1907779593.0000000000818000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1908112786.0000000000868000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.2033518619.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1939042700.000000000085D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1981697911.000000000085F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1985350850.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1997989046.0000000000860000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: SecuriteInfo.com.Heur.11787.148.exe | String found in binary or memory: https://www.globalsign.com/repository/0 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924749169.0000000003599000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924846941.0000000003597000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1924966391.0000000003597000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: SecuriteInfo.com.Heur.11787.148.exe, 00000000.00000003.1958693064.000000000367D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: msimg32.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00886549 pushad ; retf | 0_3_00886551 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00886549 pushad ; retf | 0_3_00886551 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086758F push eax; retf 0005h | 0_3_008675B7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086758F push eax; retf 0005h | 0_3_008675B7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00866FFC push eax; retf 0005h | 0_3_00867157 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00866FFC push eax; retf 0005h | 0_3_00867157 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_008660FD push esi; retf | 0_3_00866100 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_008660FD push esi; retf | 0_3_00866100 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_008660FD push esi; retf | 0_3_00866100 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00864704 push eax; retf 0005h | 0_3_0086485F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00864704 push eax; retf 0005h | 0_3_0086485F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086712F push eax; retf 0005h | 0_3_00867157 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086712F push eax; retf 0005h | 0_3_00867157 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00864837 push eax; retf 0005h | 0_3_0086485F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00864837 push eax; retf 0005h | 0_3_0086485F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086745C push eax; retf 0005h | 0_3_008675B7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086745C push eax; retf 0005h | 0_3_008675B7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00865C7F push FFFFFFDBh; iretd | 0_3_00865C90 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00865C7F push FFFFFFDBh; iretd | 0_3_00865C90 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00865C7F push FFFFFFDBh; iretd | 0_3_00865C90 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00886549 pushad ; retf | 0_3_00886551 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00886549 pushad ; retf | 0_3_00886551 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00886549 pushad ; retf | 0_3_00886551 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00886549 pushad ; retf | 0_3_00886551 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0089C628 pushad ; retf | 0_3_0089C629 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086758F push eax; retf 0005h | 0_3_008675B7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_0086758F push eax; retf 0005h | 0_3_008675B7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00866FFC push eax; retf 0005h | 0_3_00867157 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_00866FFC push eax; retf 0005h | 0_3_00867157 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_008660FD push esi; retf | 0_3_00866100 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Code function: 0_3_008660FD push esi; retf | 0_3_00866100 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\GAOBCVIQIJ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\LTKMYBSEYZ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NIKHQAIQAU | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NWTVCDUMOB | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\WUTJSCBCFX | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZTGJILHXQB | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\GAOBCVIQIJ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\LTKMYBSEYZ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NWTVCDUMOB | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\SQRKHNBNYN | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\WUTJSCBCFX | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\LTKMYBSEYZ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\SQRKHNBNYN | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\WUTJSCBCFX | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\GAOBCVIQIJ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\WUTJSCBCFX | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NIKHQAIQAU | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NWTVCDUMOB | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\SQRKHNBNYN | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZTGJILHXQB | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\GAOBCVIQIJ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NIKHQAIQAU | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\GAOBCVIQIJ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\LTKMYBSEYZ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\NIKHQAIQAU | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\SQRKHNBNYN | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZTGJILHXQB | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\GAOBCVIQIJ | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\SQRKHNBNYN | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.11787.148.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
Edit tour
SecuriteInfo.com.Heur.11787.148.exe (PID: 7328 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node