Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: z: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: x: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: v: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: t: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: r: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: p: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: n: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: l: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: j: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: h: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: f: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: b: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: y: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: w: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: u: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: s: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: q: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: o: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: m: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: k: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: i: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: g: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: e: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: c: |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | File opened: a: |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding |
Source: unknown | Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" |
Source: C:\Program Files\7-Zip\7zFM.exe | Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\sample.zip\" -ad -an -ai#7zMap4049:76:7zEvent4724 |
Source: C:\Program Files\7-Zip\7zFM.exe | Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\sample.zip\" -ad -an -ai#7zMap4049:76:7zEvent4724 |
Source: unknown | Process created: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe "C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe" |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive" |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\vssadmin.exe vssadmin.exe Delete Shadows /All /Quiet |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive" |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\wbem\WMIC.exe wmic.exe SHADOWCOPY /nointeractive" |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\wbadmin.exe wbadmin delete backup -keepVersion:0 -quiet |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\bcdedit.exe bcdedit.exe /set {default} recoverynabled No |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive" |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Process created: C:\Windows\SysWOW64\cmd.exe \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: uxtheme.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: kernel.appcore.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: textshaping.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: windows.storage.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: wldp.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: windowscodecs.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: profapi.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: propsys.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: thumbcache.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: policymanager.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: msvcp110_win.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: textinputframework.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: coreuicomponents.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: coremessaging.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: ntmarta.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: wintypes.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: wintypes.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: wintypes.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: dataexchange.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: d3d11.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: dcomp.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: dxgi.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: twinapi.appcore.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: mrmcorer.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: iertutil.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: windows.staterepositorycore.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: appxdeploymentclient.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: bcp47mrm.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: windows.ui.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: windowmanagementapi.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: inputhost.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: appxdeploymentclient.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: edputil.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: windows.staterepositoryps.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: wkscli.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: netutils.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: provsvc.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: apphelp.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: onecoreuapcommonproxystub.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: appxdeploymentclient.dll |
Source: C:\Program Files\7-Zip\7zFM.exe | Section loaded: appxdeploymentclient.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: kernel.appcore.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: uxtheme.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: cryptbase.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: explorerframe.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: textshaping.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: textinputframework.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: coreuicomponents.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: coremessaging.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: ntmarta.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: coremessaging.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: wintypes.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: wintypes.dll |
Source: C:\Program Files\7-Zip\7zG.exe | Section loaded: wintypes.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: urlmon.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: mpr.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: iertutil.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: srvcli.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: netutils.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: windows.storage.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: wldp.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: profapi.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: wininet.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: schannel.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: dpapi.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: gpapi.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: ntmarta.dll |
Source: C:\Users\user\Desktop\sample.zip\sample\Videos\crypt154.exe | Section loaded: propsys.dll |