Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00406739 FindFirstFileW,FindClose, |
0_2_00406739 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00402902 FindFirstFileW, |
0_2_00402902 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405AED |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004DE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
18_2_004DE472 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004EA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
18_2_004EA087 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004EA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
18_2_004EA1E2 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004EA570 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
18_2_004EA570 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004AC622 FindFirstFileExW, |
18_2_004AC622 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E66DC FindFirstFileW,FindNextFileW,FindClose, |
18_2_004E66DC |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E7333 FindFirstFileW,FindClose, |
18_2_004E7333 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
18_2_004E73D4 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004DD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
18_2_004DD921 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004DDC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
18_2_004DDC54 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0046A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
26_2_0046A087 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0046A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
26_2_0046A1E2 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0045E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
26_2_0045E472 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0046A570 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
26_2_0046A570 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0042C622 FindFirstFileExW, |
26_2_0042C622 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_004666DC FindFirstFileW,FindNextFileW,FindClose, |
26_2_004666DC |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00467333 FindFirstFileW,FindClose, |
26_2_00467333 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_004673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
26_2_004673D4 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0045D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
26_2_0045D921 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0045DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
26_2_0045DC54 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then cmp word ptr [eax+ecx+02h], 0000h |
26_2_01624450 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+08h] |
26_2_0163E6B0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov esi, dword ptr [esp+70h] |
26_2_01616975 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+08h] |
26_2_01602A60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+04h] |
26_2_0163EC50 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F56 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F56 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F56 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F56 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [ecx], al |
26_2_01627878 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01627878 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov edi, dword ptr [esi+0Ch] |
26_2_01621ADB |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [edi], cl |
26_2_0162617B |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h |
26_2_0161817E |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then jmp eax |
26_2_016222B0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
26_2_016165CB |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
26_2_016025D0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+08h] |
26_2_0163E590 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then lea eax, dword ptr [edi+04h] |
26_2_0162475B |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then movzx edx, byte ptr [ebx+eax-01h] |
26_2_0163C622 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov eax, dword ptr [esi+5Ch] |
26_2_016246F8 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then cmp word ptr [edi+ecx+02h], 0000h |
26_2_0161A8F0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
26_2_016288F9 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [ecx], dl |
26_2_016288F9 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+08h] |
26_2_0163E8D0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov eax, dword ptr [esp+00000170h] |
26_2_01612B63 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then inc ebx |
26_2_01614D20 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01626F60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+04h] |
26_2_0163EF60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then movsx ecx, byte ptr [esi+eax] |
26_2_0160CF10 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then jmp ecx |
26_2_0163AF87 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov eax, dword ptr [esi+10h] |
26_2_01624E60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
26_2_01634E40 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [ecx], al |
26_2_01616E26 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+0Ch] |
26_2_0163CE90 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov edx, dword ptr [esp+0Ch] |
26_2_0163B383 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ebx, eax |
26_2_01623269 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov eax, dword ptr [01645A9Ch] |
26_2_01617213 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
26_2_016032C0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+0Ch] |
26_2_0163F2C0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then dec edi |
26_2_0163F2C0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then add ebx, 02h |
26_2_016112AC |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then inc esi |
26_2_016112AC |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+70h] |
26_2_01617533 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
26_2_016257B0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then jmp ecx |
26_2_016376B1 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov word ptr [eax], cx |
26_2_0161784E |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then jmp ecx |
26_2_016379D4 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
26_2_0161F870 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov word ptr [eax], cx |
26_2_01617853 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then jmp ecx |
26_2_016378C4 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then movzx edx, word ptr [ebp+eax*4+00h] |
26_2_01607D50 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov edi, dword ptr [esp] |
26_2_01607D50 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then push edi |
26_2_01613DC9 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [ecx], al |
26_2_01627C5C |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov byte ptr [eax], cl |
26_2_01627C5C |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ebx, ecx |
26_2_0163DC3C |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then xor ebx, ebx |
26_2_01613F77 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then cmp byte ptr [edx], 00000000h |
26_2_01611E79 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov ecx, dword ptr [esp+00000080h] |
26_2_0161DEF9 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 4x nop then mov word ptr [eax], cx |
26_2_0161DEF9 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl.entrust.net/ts1ca.crl0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://ocsp.entrust.net02 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr606 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1602918760.000000000291C000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000000.1641628839.00000000004C5000.00000002.00000001.01000000.00000005.sdmp, EduSpark.pif, 00000012.00000000.1685519659.0000000000545000.00000002.00000001.01000000.00000008.sdmp, EduSpark.pif, 00000015.00000002.1831255863.0000000000545000.00000002.00000001.01000000.00000008.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000000.1948376082.00000000004C5000.00000002.00000001.01000000.00000005.sdmp, Buffer.pif, 0000001E.00000000.2607068219.00000000004C5000.00000002.00000001.01000000.00000005.sdmp, EduSpark.pif.10.dr, Kde.0.dr, Buffer.pif.1.dr |
String found in binary or memory: http://www.autoitscript.com/autoit3/X |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: http://www.entrust.net/rpa03 |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: Buffer.pif, 0000001A.00000003.2071800006.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: Buffer.pif, 0000001A.00000003.2074373952.00000000017EF000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
Source: Buffer.pif, 0000001A.00000003.2074373952.00000000017EF000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: Buffer.pif, 0000001A.00000003.2074373952.00000000017EF000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
Source: Buffer.pif, 0000001A.00000003.2074373952.00000000017EF000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
Source: Buffer.pif, 0000001A.00000003.2038718915.0000000003B6D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.microsof |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: Buffer.pif, 0000001A.00000003.2038718915.0000000003B6D000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2038718915.0000000003B66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: Buffer.pif, 0000001A.00000003.2038718915.0000000003B42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: Buffer.pif, 0000001A.00000003.2038718915.0000000003B6D000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2038718915.0000000003B66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: Buffer.pif, 0000001A.00000003.2038718915.0000000003B42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: Buffer.pif, 0000001A.00000003.2074373952.00000000017EF000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe, 00000000.00000003.1600318717.0000000002914000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000000A.00000003.1647753809.0000000004677000.00000004.00000800.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2005556644.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, EduSpark.pif.10.dr, Buffer.pif.1.dr, Tags.0.dr |
String found in binary or memory: https://www.autoitscript.com/autoit3/ |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
String found in binary or memory: https://www.entrust.net/rpa0 |
Source: Buffer.pif, 0000001A.00000003.2074373952.00000000017EF000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2074257595.00000000017ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
Source: Tags.0.dr |
String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: Buffer.pif, 0000001A.00000003.2039372668.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039243335.0000000001822000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2039171332.0000000003B41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: Buffer.pif, 0000001A.00000003.2073423790.0000000003C6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: Buffer.pif, 0000001A.00000003.2159826380.00000000017BC000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2159945485.00000000017C7000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000002.2160533803.0000000001759000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000002.2160654760.00000000017C9000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2159883618.0000000001759000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/ |
Source: Buffer.pif, 0000001A.00000003.2159513394.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000002.2160741640.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2159964966.00000000017FB000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2159513394.00000000017CC000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000002.2160675221.00000000017D0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/api |
Source: Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/api-aF |
Source: Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/apil |
Source: Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/h |
Source: Buffer.pif, 0000001A.00000003.2159826380.00000000017BC000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2159945485.00000000017C7000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000002.2160654760.00000000017C9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/pi |
Source: Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/pic |
Source: Buffer.pif, 0000001A.00000003.2159826380.00000000017BC000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2159945485.00000000017C7000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000002.2160654760.00000000017C9000.00000004.00000020.00020000.00000000.sdmp, Buffer.pif, 0000001A.00000003.2132311001.00000000017BB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/pil |
Source: Buffer.pif, 0000001A.00000003.2038474366.000000000176D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zippyfinickysofwps.shop/piu |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00406AFA |
0_2_00406AFA |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00498017 |
18_2_00498017 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_0048E144 |
18_2_0048E144 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_0047E1F0 |
18_2_0047E1F0 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004AA26E |
18_2_004AA26E |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004722AD |
18_2_004722AD |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004922A2 |
18_2_004922A2 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_0048C624 |
18_2_0048C624 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004AE87F |
18_2_004AE87F |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004FC8A4 |
18_2_004FC8A4 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E2A05 |
18_2_004E2A05 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004A6ADE |
18_2_004A6ADE |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004D8BFF |
18_2_004D8BFF |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_0048CD7A |
18_2_0048CD7A |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_0049CE10 |
18_2_0049CE10 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004A7159 |
18_2_004A7159 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00479240 |
18_2_00479240 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00505311 |
18_2_00505311 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004796E0 |
18_2_004796E0 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00491704 |
18_2_00491704 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00491A76 |
18_2_00491A76 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00479B60 |
18_2_00479B60 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00497B8B |
18_2_00497B8B |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00491D20 |
18_2_00491D20 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00497DBA |
18_2_00497DBA |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_00491FE7 |
18_2_00491FE7 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00418017 |
26_2_00418017 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_003FE1F0 |
26_2_003FE1F0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0042A26E |
26_2_0042A26E |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_003F226D |
26_2_003F226D |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_004122A2 |
26_2_004122A2 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0040C4B7 |
26_2_0040C4B7 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0042E87F |
26_2_0042E87F |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0047C8A4 |
26_2_0047C8A4 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00462A05 |
26_2_00462A05 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00426ADE |
26_2_00426ADE |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00458BFF |
26_2_00458BFF |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0041CE10 |
26_2_0041CE10 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00427159 |
26_2_00427159 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_003F9240 |
26_2_003F9240 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00485311 |
26_2_00485311 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_003FD380 |
26_2_003FD380 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_003F96E0 |
26_2_003F96E0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00411704 |
26_2_00411704 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00411A76 |
26_2_00411A76 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_003F9B60 |
26_2_003F9B60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00417B8B |
26_2_00417B8B |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00411D20 |
26_2_00411D20 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00417DBA |
26_2_00417DBA |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00411FE7 |
26_2_00411FE7 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_016209E0 |
26_2_016209E0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01604B00 |
26_2_01604B00 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0163EC50 |
26_2_0163EC50 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01626F56 |
26_2_01626F56 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_016213B0 |
26_2_016213B0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0163F660 |
26_2_0163F660 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_016040FF |
26_2_016040FF |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01620342 |
26_2_01620342 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01606320 |
26_2_01606320 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_016068E0 |
26_2_016068E0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_016288F9 |
26_2_016288F9 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01622A63 |
26_2_01622A63 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01620A60 |
26_2_01620A60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0163EF60 |
26_2_0163EF60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01616E26 |
26_2_01616E26 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01637110 |
26_2_01637110 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01607192 |
26_2_01607192 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01601000 |
26_2_01601000 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01623269 |
26_2_01623269 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0163F2C0 |
26_2_0163F2C0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01601730 |
26_2_01601730 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0161D7C0 |
26_2_0161D7C0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01603699 |
26_2_01603699 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0160585F |
26_2_0160585F |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01605B08 |
26_2_01605B08 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01621B82 |
26_2_01621B82 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01625A60 |
26_2_01625A60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0160FA90 |
26_2_0160FA90 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01603A90 |
26_2_01603A90 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01607D50 |
26_2_01607D50 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01623C66 |
26_2_01623C66 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01623C20 |
26_2_01623C20 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_01605E23 |
26_2_01605E23 |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Emotions Emotions.cmd & Emotions.cmd & exit |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 1181 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "MasBathroomsCompoundInjection" Participants |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Terminal + Involve + Experiencing + Borders + Deborah + Flip 1181\Y |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif 1181\Buffer.pif 1181\Y |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1 |
|
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Indeed" /tr "wscript //B 'C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js'" /sc minute /mo 5 /F |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Indeed" /tr "wscript //B 'C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js'" /sc minute /mo 5 /F |
|
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduSpark.url" & echo URL="C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduSpark.url" & exit |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js" |
|
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif "C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif" "C:\Users\user\AppData\Local\EdTech Spark Solutions\w" |
|
Source: unknown |
Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js" |
|
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif "C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif" "C:\Users\user\AppData\Local\EdTech Spark Solutions\w" |
|
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
|
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Emotions Emotions.cmd & Emotions.cmd & exit |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 1181 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "MasBathroomsCompoundInjection" Participants |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Terminal + Involve + Experiencing + Borders + Deborah + Flip 1181\Y |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif 1181\Buffer.pif 1181\Y |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Indeed" /tr "wscript //B 'C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js'" /sc minute /mo 5 /F |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduSpark.url" & echo URL="C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduSpark.url" & exit |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Indeed" /tr "wscript //B 'C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.js'" /sc minute /mo 5 /F |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif "C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif" "C:\Users\user\AppData\Local\EdTech Spark Solutions\w" |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif "C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif" "C:\Users\user\AppData\Local\EdTech Spark Solutions\w" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cmdext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\PING.EXE |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: jscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: jscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00406739 FindFirstFileW,FindClose, |
0_2_00406739 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00402902 FindFirstFileW, |
0_2_00402902 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exe |
Code function: 0_2_00405AED GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405AED |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004DE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
18_2_004DE472 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004EA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
18_2_004EA087 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004EA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
18_2_004EA1E2 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004EA570 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
18_2_004EA570 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004AC622 FindFirstFileExW, |
18_2_004AC622 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E66DC FindFirstFileW,FindNextFileW,FindClose, |
18_2_004E66DC |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E7333 FindFirstFileW,FindClose, |
18_2_004E7333 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004E73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
18_2_004E73D4 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004DD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
18_2_004DD921 |
Source: C:\Users\user\AppData\Local\EdTech Spark Solutions\EduSpark.pif |
Code function: 18_2_004DDC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
18_2_004DDC54 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0046A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
26_2_0046A087 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0046A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
26_2_0046A1E2 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0045E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
26_2_0045E472 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0046A570 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
26_2_0046A570 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0042C622 FindFirstFileExW, |
26_2_0042C622 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_004666DC FindFirstFileW,FindNextFileW,FindClose, |
26_2_004666DC |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_00467333 FindFirstFileW,FindClose, |
26_2_00467333 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_004673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
26_2_004673D4 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0045D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
26_2_0045D921 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
Code function: 26_2_0045DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
26_2_0045DC54 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\1181\Buffer.pif |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj |
Jump to behavior |