Source: wscript.exe, 00000000.00000003.243677857.0000023FA0B63000.00000004.00000001.sdmp, wscript.exe, 00000000.00000002.244089604.0000023FA0B05000.00000004.00000040.sdmp, config_xml.js |
String found in binary or memory: http://www.techsmith.com/xmp/tsc/ |
Source: wscript.exe, 00000000.00000002.244089604.0000023FA0B05000.00000004.00000040.sdmp |
String found in binary or memory: http://www.techsmith.com/xmp/tscHS/ |
Source: wscript.exe, 00000000.00000002.244089604.0000023FA0B05000.00000004.00000040.sdmp |
String found in binary or memory: http://www.techsmith.com/xmp/tscIQ/ |
Source: config_xml.js |
Initial sample: Strings found which are bigger than 50 |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: clean2.winJS@1/0@0/0 |
Source: config_xml.js |
String : entropy: 5.36, length: 5551, content: '<x:xmpmeta tsc:version="2.0.1" xmlns:x="adobe:ns:meta/" xmlns:tsc="http://www.techsmith.com/xmp/tsc |
Go to definition |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\wscript.exe |
Window found: window name: WSH-Timer |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |