Windows Analysis Report
decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe

Overview

General Information

Sample name: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe
Analysis ID: 1429068
MD5: 1466c4a796b2123560d147b59535bca9
SHA1: 3dcd8cbd63bf03ec5293a0a9e42ce3517803fa45
SHA256: 67b51ab7cda724261b5f5098955d23e7d72617f7cc742d670d1ff5d9314407e8
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
PE file contains sections with non-standard names
Uses code obfuscation techniques (call, push, ret)

Classification

Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A7644 wnsprintfW,FindFirstFileExW,lstrcmpW,lstrcmpW,wnsprintfW,lstrcmpiW,StrStrW,lstrlenW,lstrlenW,PostQueuedCompletionStatus,FindNextFileW,FindClose,wnsprintfW,DeleteFileW, 0_2_00007FF6742A7644
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742CB0F4 FindFirstFileExW, 0_2_00007FF6742CB0F4
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125721502.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1928326890.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2705936843.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1741218243.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2649918515.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1927691335.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2124732912.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000002.2900602838.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2721846738.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2714004512.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2538383323.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2366647197.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1955627293.000001591C320000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/Vh5j3k
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125721502.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1928326890.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2705936843.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1741218243.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2649918515.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1927691335.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2124732912.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000002.2900602838.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2721846738.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2714004512.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2538383323.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2366647197.000001591C320000.00000004.00000020.00020000.00000000.sdmp, decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1955627293.000001591C320000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/odirm
Detected potential crypto function
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A7EE4 0_2_00007FF6742A7EE4
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A7BC8 0_2_00007FF6742A7BC8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A9D50 0_2_00007FF6742A9D50
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A8550 0_2_00007FF6742A8550
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C3540 0_2_00007FF6742C3540
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742D0D88 0_2_00007FF6742D0D88
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B1DE0 0_2_00007FF6742B1DE0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B5DC0 0_2_00007FF6742B5DC0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C7E1C 0_2_00007FF6742C7E1C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742CE668 0_2_00007FF6742CE668
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AFE50 0_2_00007FF6742AFE50
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B2E40 0_2_00007FF6742B2E40
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742BEEAC 0_2_00007FF6742BEEAC
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742BF6CC 0_2_00007FF6742BF6CC
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B0730 0_2_00007FF6742B0730
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742ABF60 0_2_00007FF6742ABF60
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C5790 0_2_00007FF6742C5790
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C0F80 0_2_00007FF6742C0F80
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742CCFC8 0_2_00007FF6742CCFC8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A9830 0_2_00007FF6742A9830
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AAF50 0_2_00007FF6742AAF50
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AA010 0_2_00007FF6742AA010
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AA012 0_2_00007FF6742AA012
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B0860 0_2_00007FF6742B0860
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C988C 0_2_00007FF6742C988C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B20F0 0_2_00007FF6742B20F0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742CB0F4 0_2_00007FF6742CB0F4
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742BF0B8 0_2_00007FF6742BF0B8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AAF60 0_2_00007FF6742AAF60
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AD1A0 0_2_00007FF6742AD1A0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A9190 0_2_00007FF6742A9190
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C7988 0_2_00007FF6742C7988
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B1180 0_2_00007FF6742B1180
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C01E8 0_2_00007FF6742C01E8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AAB50 0_2_00007FF6742AAB50
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742ACA10 0_2_00007FF6742ACA10
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A11FC 0_2_00007FF6742A11FC
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AE2B0 0_2_00007FF6742AE2B0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B0AE0 0_2_00007FF6742B0AE0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C62C0 0_2_00007FF6742C62C0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742BF2BC 0_2_00007FF6742BF2BC
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AAB30 0_2_00007FF6742AAB30
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742D030C 0_2_00007FF6742D030C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A8B00 0_2_00007FF6742A8B00
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C42FC 0_2_00007FF6742C42FC
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A9B40 0_2_00007FF6742A9B40
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A9B42 0_2_00007FF6742A9B42
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C5B3C 0_2_00007FF6742C5B3C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A93B0 0_2_00007FF6742A93B0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C0B7C 0_2_00007FF6742C0B7C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B4C10 0_2_00007FF6742B4C10
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742ABC10 0_2_00007FF6742ABC10
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B3410 0_2_00007FF6742B3410
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A8C70 0_2_00007FF6742A8C70
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A3C6C 0_2_00007FF6742A3C6C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742BECA8 0_2_00007FF6742BECA8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C849C 0_2_00007FF6742C849C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742BF4C8 0_2_00007FF6742BF4C8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742AB520 0_2_00007FF6742AB520
Source: classification engine Classification label: clean2.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B5DC0 AllocateAndInitializeSid,AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,SetNamedSecurityInfoW,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,SetNamedSecurityInfoW,FreeSid,FreeSid,LocalFree,CloseHandle, 0_2_00007FF6742B5DC0
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: drprov.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: ntlanman.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: davclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: networkexplorer.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: playtodevice.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: ehstorshell.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: cscui.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: portabledeviceapi.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Section loaded: ehstorapi.dll Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742D4D38 push rsp; retf 0000h 0_2_00007FF6742D4D39
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A7644 wnsprintfW,FindFirstFileExW,lstrcmpW,lstrcmpW,wnsprintfW,lstrcmpiW,StrStrW,lstrlenW,lstrlenW,PostQueuedCompletionStatus,FindNextFileW,FindClose,wnsprintfW,DeleteFileW, 0_2_00007FF6742A7644
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742CB0F4 FindFirstFileExW, 0_2_00007FF6742CB0F4
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B5820 GetSystemInfo, 0_2_00007FF6742B5820
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2880997297.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125679431.000001598AAC7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1714872135.000001598AAD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0cu
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1714872135.000001598AAD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}HD
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2538468341.000001598AAF3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:F(T4
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000002.2970536993.000001598AB0F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000002.2970536993.000001598AAC0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2705869837.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}\x
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2880997297.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}H
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1714872135.000001598AAD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2124630046.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\%
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1928251290.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: War&Prod_VMware_`
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1928251290.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2124630046.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2721846738.000001591C2F2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2705869837.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:['Y5\
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1714872135.000001598AAD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1928251290.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2649845674.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}\
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2880997297.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}\WD
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2476459044.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6.
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000002.2970536993.000001598AAC0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125679431.000001598AAC7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\4
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125679431.000001598AAC7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y^
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1714872135.000001598AAD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9507e
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2366804061.000001598AAC5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f66.
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2124630046.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\WD
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1928251290.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b};
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2476459044.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}i
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125679431.000001598AAC7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}x
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2476459044.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\H
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2649845674.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}lD
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1741494792.000001598AAC4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}_
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2649845674.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2880997297.000001598AAC8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1741494792.000001598AAC4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}x
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2748543110.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}%
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.1714872135.000001598AAD0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2125679431.000001598AAC7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b};
Source: decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe, 00000000.00000003.2748543110.000001598AAD5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}i
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B6C28 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF6742B6C28
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742CC5F0 GetProcessHeap, 0_2_00007FF6742CC5F0
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B6E08 SetUnhandledExceptionFilter, 0_2_00007FF6742B6E08
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B677C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF6742B677C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B6C28 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF6742B6C28
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742C244C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF6742C244C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B5DC0 AllocateAndInitializeSid,AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,SetNamedSecurityInfoW,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,SetNamedSecurityInfoW,FreeSid,FreeSid,LocalFree,CloseHandle, 0_2_00007FF6742B5DC0
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742A8230 cpuid 0_2_00007FF6742A8230
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF6742CF640
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: EnumSystemLocalesW, 0_2_00007FF6742CEF54
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: EnumSystemLocalesW, 0_2_00007FF6742C9F44
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: EnumSystemLocalesW, 0_2_00007FF6742CF024
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF6742CF0BC
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: GetLocaleInfoW, 0_2_00007FF6742CA2D8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: GetLocaleInfoW, 0_2_00007FF6742CF304
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_00007FF6742CEBF8
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00007FF6742CF45C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: GetLocaleInfoW, 0_2_00007FF6742CF50C
Source: C:\Users\user\Desktop\decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe Code function: 0_2_00007FF6742B6E74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF6742B6E74
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1429068 Sample: decryptor_E2DF5F6A783CA512D... Startdate: 20/04/2024 Architecture: WINDOWS Score: 2 4 decryptor_E2DF5F6A783CA512D022CDF85C17143454400931A915DD68.exe 1 12 2->4         started       
No contacted IP infos