Click to jump to signature section
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000002.3293810821.0000000000821000.00000004.00000020.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000002.3294272245.00000000025D8000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000003.2039059586.0000000003620000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000002.3294272245.00000000025C9000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000002.3295168123.0000000003903000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://cryptomator.org/. |
Source: cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000003.2039059586.0000000003620000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000002.3294272245.00000000025C9000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://github.com/portapps/cryptomator-portable |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000003.2034667453.0000000002590000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000003.2035649792.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000000.2037249004.0000000000401000.00000020.00000001.01000000.00000004.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp.0.dr | String found in binary or memory: https://www.innosetup.com/ |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000003.2034667453.0000000002590000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000003.2035649792.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp, 00000002.00000000.2037249004.0000000000401000.00000020.00000001.01000000.00000004.sdmp, cryptomator-portable-win64-1.12.3-13-setup.tmp.0.dr | String found in binary or memory: https://www.remobjects.com/ps |
Source: cryptomator-portable-win64-1.12.3-13-setup.tmp.0.dr | Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000003.2034667453.00000000026E4000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs cryptomator-portable-win64-1.12.3-13-setup.exe |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000003.2035649792.000000007FE40000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs cryptomator-portable-win64-1.12.3-13-setup.exe |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000000.2032857603.000000000052B000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFileName vs cryptomator-portable-win64-1.12.3-13-setup.exe |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe, 00000000.00000002.3293855377.0000000002268000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamekernel32j% vs cryptomator-portable-win64-1.12.3-13-setup.exe |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Binary or memory string: OriginalFileName vs cryptomator-portable-win64-1.12.3-13-setup.exe |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: classification engine | Classification label: clean3.winEXE@3/2@0/0 |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | File created: C:\Users\user\AppData\Local\Programs | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | File created: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization | Jump to behavior |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | String found in binary or memory: /LOADINF="filename" |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | File read: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Jump to behavior |
Source: unknown | Process created: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe "C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe" | |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Process created: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp "C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp" /SL5="$1045A,44279211,1187328,C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe" | |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Process created: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp "C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp" /SL5="$1045A,44279211,1187328,C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: msftedit.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: windows.globalization.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: bcp47mrm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: globinputhost.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: windows.ui.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: windowmanagementapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: inputhost.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Window found: window name: TMainForm | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Static file information: File size 45142340 > 1048576 |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: cryptomator-portable-win64-1.12.3-13-setup.exe | Static PE information: section name: .didata |
Source: cryptomator-portable-win64-1.12.3-13-setup.tmp.0.dr | Static PE information: section name: .didata |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | File created: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-Q26BG.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-Q26BG.tmp\_isetup\_setup64.tmp | Jump to dropped file |