Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: $sq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\sq equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\sq equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,sq equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.00000000028CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: `,sq#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube) |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000289E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ip.s |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000289E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ip.sb/ip |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://discord.com/api/v9/users/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE | Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE | Matched rule: Detects zgRAT Author: ditekSHen |
Source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: Detects zgRAT Author: ditekSHen |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE91C80 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetModuleHandleW,GetProcAddress, | 0_2_6CE91C80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF5C20 NtProtectVirtualMemory, | 0_2_02EF5C20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF6100 NtAllocateVirtualMemory, | 0_2_02EF6100 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF60DD NtAllocateVirtualMemory, | 0_2_02EF60DD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF5C1F NtProtectVirtualMemory, | 0_2_02EF5C1F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE91C80 | 0_2_6CE91C80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE92350 | 0_2_6CE92350 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CEA04E5 | 0_2_6CEA04E5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE91000 | 0_2_6CE91000 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE94810 | 0_2_6CE94810 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE91220 | 0_2_6CE91220 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_01369020 | 0_2_01369020 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_01361098 | 0_2_01361098 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136E0D0 | 0_2_0136E0D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_01369B00 | 0_2_01369B00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136DBD0 | 0_2_0136DBD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136C228 | 0_2_0136C228 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_01369218 | 0_2_01369218 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136B6B8 | 0_2_0136B6B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136A12A | 0_2_0136A12A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136A148 | 0_2_0136A148 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_01369010 | 0_2_01369010 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136920A | 0_2_0136920A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136A2AF | 0_2_0136A2AF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136A2C0 | 0_2_0136A2C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136DD30 | 0_2_0136DD30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136BD2A | 0_2_0136BD2A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136A47F | 0_2_0136A47F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_01368FB0 | 0_2_01368FB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136DFD0 | 0_2_0136DFD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_0136D609 | 0_2_0136D609 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF9E9A | 0_2_02EF9E9A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF9BF8 | 0_2_02EF9BF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF0040 | 0_2_02EF0040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF7400 | 0_2_02EF7400 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF2DB0 | 0_2_02EF2DB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF9900 | 0_2_02EF9900 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF36C0 | 0_2_02EF36C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF36D0 | 0_2_02EF36D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF8AB0 | 0_2_02EF8AB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF2650 | 0_2_02EF2650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF3220 | 0_2_02EF3220 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF2B78 | 0_2_02EF2B78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF9320 | 0_2_02EF9320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF4F00 | 0_2_02EF4F00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF54E8 | 0_2_02EF54E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF3CE0 | 0_2_02EF3CE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF84C8 | 0_2_02EF84C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF84B9 | 0_2_02EF84B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF44B0 | 0_2_02EF44B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF0006 | 0_2_02EF0006 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF95D8 | 0_2_02EF95D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF2DA0 | 0_2_02EF2DA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF3948 | 0_2_02EF3948 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF3958 | 0_2_02EF3958 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF6920 | 0_2_02EF6920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_02EF6910 | 0_2_02EF6910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_00B7E3E8 | 3_2_00B7E3E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_00B7E3D8 | 3_2_00B7E3D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_00B70878 | 3_2_00B70878 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_00B70868 | 3_2_00B70868 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_00B72CE4 | 3_2_00B72CE4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_00B74DD0 | 3_2_00B74DD0 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe, 00000000.00000002.2019718873.000000006CF48000.00000004.00000001.01000000.00000006.sdmp | Binary or memory string: OriginalFilenameRenowning.exe" vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe, 00000000.00000002.2008317345.00000000010D8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe, 00000000.00000000.1999217761.0000000000B46000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameasca1ex_crypted.exeT vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Binary or memory string: OriginalFilenameasca1ex_crypted.exeT vs SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY | Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, TaskParameter.cs | Task registration methods: 'CreateNewTaskItemFrom' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, OutOfProcTaskHostNode.cs | Task registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, TaskLoader.cs | Task registration methods: 'CreateTask' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, RegisteredTaskObjectCacheBase.cs | Task registration methods: 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime' |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool) |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, NodeEndpointOutOfProcBase.cs | Security API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 3.2.MSBuild.exe.3849970.1.raw.unpack, NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: *.sln |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: MSBuild MyApp.csproj /t:Clean |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: /ignoreprojectextensions:.sln |
Source: MSBuild.exe, 00000003.00000002.2027925622.0000000003841000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that. |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe" | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: esdsip.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Section loaded: linkinfo.dll | Jump to behavior |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Static PE information: section name: .{_x} |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Static PE information: section name: .Z%j5 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Static PE information: section name: .OKDa |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, G8WxH38hhBnr1IE68vI.cs | High entropy of concatenated method names: 'uYP5UMy1hu', 'nt15Ceoiwh', 'opo5rgGLQg', 'gA95bU2ExD', 'Rks5BkBZi5', 'ADm5J0cpqR', 'NaM52ZqZyD', 'THoZbd2fUw', 'Y8N5itYb3g', 'Wb65MvkIMT' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, mLrwBjaNEgFvrhaGTgv.cs | High entropy of concatenated method names: 'oQG8WrDol0', 'g38PJ8K3c0', 'jBH8UdC1PV', 'UlO8CDfJsQ', 'hcC8rW5pKa', 'mN58bMtfWM', 'ts3XxWXD9Z', 'OigaEK3D3W', 'jroa4iUVTS', 'B6saGICwMv' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \QEMU-GA.EXE`,SQ |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \QEMU-GA.EXE@\SQ |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \QEMU-GA.EXE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 1360000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 2F80000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 2DD0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 53C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 73C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 7600000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory allocated: 9600000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Memory allocated: B70000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Memory allocated: 2840000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Memory allocated: 4840000 memory reserve | memory write watch | Jump to behavior |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \qemu-ga.exe@\sq |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \qemu-ga.exe`,sq |
Source: MSBuild.exe, 00000003.00000002.2021726688.000000000294A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \qemu-ga.exe |
Source: MSBuild.exe, 00000003.00000002.2031047933.00000000074AE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE958FA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_6CE958FA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE99897 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_6CE99897 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE95421 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_6CE95421 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Code function: 0_2_6CE92350 MSIGame,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,ReadProcessMemory,ReadProcessMemory,WriteProcessMemory,CloseHandle,CloseHandle, | 0_2_6CE92350 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 462000 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4BE000 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6C3008 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe | Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.2018294948.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6cea8000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1582.25294.exe.6ce90000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.2019718873.000000006CEA8000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY |