Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: $sq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\sq equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\sq equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,sq equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: `,sq#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000289E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ip.s |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000289E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ip.sb/ip |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com/api/v9/users/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE91C80 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetModuleHandleW,GetProcAddress, |
0_2_6CE91C80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF5C20 NtProtectVirtualMemory, |
0_2_02EF5C20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF6100 NtAllocateVirtualMemory, |
0_2_02EF6100 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF60DD NtAllocateVirtualMemory, |
0_2_02EF60DD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF5C1F NtProtectVirtualMemory, |
0_2_02EF5C1F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE91C80 |
0_2_6CE91C80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE92350 |
0_2_6CE92350 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CEA04E5 |
0_2_6CEA04E5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE91000 |
0_2_6CE91000 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE94810 |
0_2_6CE94810 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE91220 |
0_2_6CE91220 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_01369020 |
0_2_01369020 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_01361098 |
0_2_01361098 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136E0D0 |
0_2_0136E0D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_01369B00 |
0_2_01369B00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136DBD0 |
0_2_0136DBD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136C228 |
0_2_0136C228 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_01369218 |
0_2_01369218 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136B6B8 |
0_2_0136B6B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136A12A |
0_2_0136A12A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136A148 |
0_2_0136A148 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_01369010 |
0_2_01369010 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136920A |
0_2_0136920A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136A2AF |
0_2_0136A2AF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136A2C0 |
0_2_0136A2C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136DD30 |
0_2_0136DD30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136BD2A |
0_2_0136BD2A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136A47F |
0_2_0136A47F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_01368FB0 |
0_2_01368FB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136DFD0 |
0_2_0136DFD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_0136D609 |
0_2_0136D609 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF9E9A |
0_2_02EF9E9A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF9BF8 |
0_2_02EF9BF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF0040 |
0_2_02EF0040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF7400 |
0_2_02EF7400 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF2DB0 |
0_2_02EF2DB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF9900 |
0_2_02EF9900 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF36C0 |
0_2_02EF36C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF36D0 |
0_2_02EF36D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF8AB0 |
0_2_02EF8AB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF2650 |
0_2_02EF2650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF3220 |
0_2_02EF3220 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF2B78 |
0_2_02EF2B78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF9320 |
0_2_02EF9320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF4F00 |
0_2_02EF4F00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF54E8 |
0_2_02EF54E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF3CE0 |
0_2_02EF3CE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF84C8 |
0_2_02EF84C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF84B9 |
0_2_02EF84B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF44B0 |
0_2_02EF44B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF0006 |
0_2_02EF0006 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF95D8 |
0_2_02EF95D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF2DA0 |
0_2_02EF2DA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF3948 |
0_2_02EF3948 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF3958 |
0_2_02EF3958 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF6920 |
0_2_02EF6920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_02EF6910 |
0_2_02EF6910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00B7E3E8 |
3_2_00B7E3E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00B7E3D8 |
3_2_00B7E3D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00B70878 |
3_2_00B70878 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00B70868 |
3_2_00B70868 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00B72CE4 |
3_2_00B72CE4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00B74DD0 |
3_2_00B74DD0 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe, 00000000.00000002.2019718873.000000006CF48000.00000004.00000001.01000000.00000006.sdmp |
Binary or memory string: OriginalFilenameRenowning.exe" vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe, 00000000.00000002.2008317345.00000000010D8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe, 00000000.00000000.1999217761.0000000000B46000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameasca1ex_crypted.exeT vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Binary or memory string: OriginalFilenameasca1ex_crypted.exeT vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, TaskParameter.cs |
Task registration methods: 'CreateNewTaskItemFrom' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, OutOfProcTaskHostNode.cs |
Task registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, TaskLoader.cs |
Task registration methods: 'CreateTask' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, RegisteredTaskObjectCacheBase.cs |
Task registration methods: 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, CommunicationsUtilities.cs |
Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, CommunicationsUtilities.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, NodeEndpointOutOfProcBase.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool) |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, NodeEndpointOutOfProcBase.cs |
Security API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, NodeEndpointOutOfProcBase.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: *.sln |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: MSBuild MyApp.csproj /t:Clean |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: /ignoreprojectextensions:.sln |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that. |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: esdsip.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Static PE information: section name: .{_x} |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Static PE information: section name: .Z%j5 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Static PE information: section name: .OKDa |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, G8WxH38hhBnr1IE68vI.cs |
High entropy of concatenated method names: 'uYP5UMy1hu', 'nt15Ceoiwh', 'opo5rgGLQg', 'gA95bU2ExD', 'Rks5BkBZi5', 'ADm5J0cpqR', 'NaM52ZqZyD', 'THoZbd2fUw', 'Y8N5itYb3g', 'Wb65MvkIMT' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, mLrwBjaNEgFvrhaGTgv.cs |
High entropy of concatenated method names: 'oQG8WrDol0', 'g38PJ8K3c0', 'jBH8UdC1PV', 'UlO8CDfJsQ', 'hcC8rW5pKa', 'mN58bMtfWM', 'ts3XxWXD9Z', 'OigaEK3D3W', 'jroa4iUVTS', 'B6saGICwMv' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: \QEMU-GA.EXE`,SQ |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: \QEMU-GA.EXE@\SQ |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: \QEMU-GA.EXE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 1360000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 2F80000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 2DD0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 53C0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 73C0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 7600000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory allocated: 9600000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Memory allocated: B70000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Memory allocated: 2840000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Memory allocated: 4840000 memory reserve | memory write watch |
Jump to behavior |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: \qemu-ga.exe@\sq |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: \qemu-ga.exe`,sq |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: \qemu-ga.exe |
Source: MSBuild.exe, 00000003.00000002.2031047933.00000000074AE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE958FA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_6CE958FA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE99897 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_6CE99897 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE95421 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_6CE95421 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Code function: 0_2_6CE92350 MSIGame,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,ReadProcessMemory,ReadProcessMemory,WriteProcessMemory,CloseHandle,CloseHandle, |
0_2_6CE92350 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 462000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4BE000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6C3008 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |