Windows Analysis Report
SecuriteInfo.com.Trojan.Crypt.25649.28700.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Analysis ID: 1446880
MD5: 7b6367bed5eec5b308c4e468d598a309
SHA1: b3ef7a2fc5bc3082128459110b0e3719a463ff68
SHA256: 70fabd1c3212443b320877e6c9e5672d063ad38532f781c570f50ed81fae1404
Tags: exe
Infos:

Detection

Score: 9
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3381549537.000000006D1A3000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_8cb9ee73-2
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-05-23 #001.txt Jump to behavior
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll2.2.dr, api-ms-win-crt-locale-l1-1-0.dll1.2.dr, api-ms-win-crt-locale-l1-1-0.dll6.2.dr, api-ms-win-crt-locale-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll4.2.dr, api-ms-win-crt-runtime-l1-1-0.dll6.2.dr, api-ms-win-crt-runtime-l1-1-0.dll5.2.dr, api-ms-win-crt-runtime-l1-1-0.dll7.2.dr
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll0.2.dr, api-ms-win-core-file-l1-2-0.dll.2.dr, api-ms-win-core-file-l1-2-0.dll4.2.dr, api-ms-win-core-file-l1-2-0.dll1.2.dr, api-ms-win-core-file-l1-2-0.dll3.2.dr, api-ms-win-core-file-l1-2-0.dll7.2.dr
Source: Binary string: api-ms-win-core-console-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-2-0.dll0.2.dr, api-ms-win-core-console-l1-2-0.dll2.2.dr, api-ms-win-core-console-l1-2-0.dll5.2.dr
Source: Binary string: ucrtbase.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2132075553.0000000000894000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2238946228.00000000037AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll5.2.dr, ucrtbase.dll4.2.dr, ucrtbase.dll0.2.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.2.dr, api-ms-win-core-memory-l1-1-0.dll7.2.dr, api-ms-win-core-memory-l1-1-0.dll6.2.dr, api-ms-win-core-memory-l1-1-0.dll4.2.dr, api-ms-win-core-memory-l1-1-0.dll3.2.dr, api-ms-win-core-memory-l1-1-0.dll2.2.dr, api-ms-win-core-memory-l1-1-0.dll1.2.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll1.2.dr, api-ms-win-core-debug-l1-1-0.dll.2.dr, api-ms-win-core-debug-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll4.2.dr, api-ms-win-core-sysinfo-l1-1-0.dll3.2.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll6.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll2.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll1.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll0.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll3.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll7.2.dr
Source: Binary string: D:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3366833347.000000000018F000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2132075553.0000000000894000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140_1.dll2.2.dr, vcruntime140_1.dll4.2.dr, vcruntime140_1.dll0.2.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll3.2.dr, api-ms-win-crt-stdio-l1-1-0.dll.2.dr, api-ms-win-crt-stdio-l1-1-0.dll7.2.dr, api-ms-win-crt-stdio-l1-1-0.dll1.2.dr, api-ms-win-crt-stdio-l1-1-0.dll2.2.dr, api-ms-win-crt-stdio-l1-1-0.dll5.2.dr
Source: Binary string: D:\agent\_work\20\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3383384549.000000006E8C1000.00000020.00000001.01000000.00000009.sdmp, vcruntime140.dll2.2.dr, vcruntime140.dll7.2.dr, vcruntime140.dll5.2.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.2.dr, api-ms-win-core-heap-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll5.2.dr, api-ms-win-core-util-l1-1-0.dll6.2.dr, api-ms-win-core-util-l1-1-0.dll3.2.dr, api-ms-win-core-util-l1-1-0.dll2.2.dr, api-ms-win-core-util-l1-1-0.dll7.2.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll2.2.dr, api-ms-win-core-synch-l1-1-0.dll6.2.dr, api-ms-win-core-synch-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll0.2.dr, api-ms-win-crt-environment-l1-1-0.dll4.2.dr, api-ms-win-crt-environment-l1-1-0.dll5.2.dr, api-ms-win-crt-environment-l1-1-0.dll6.2.dr, api-ms-win-crt-environment-l1-1-0.dll.2.dr, api-ms-win-crt-environment-l1-1-0.dll1.2.dr
Source: Binary string: D:\Download\openssl-OpenSSL_1_0_2o\out32dll\ssleay32.pdbAA source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3378957248.000000006CF13000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon32.pdb333GCTL source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll2.2.dr, api-ms-win-core-errorhandling-l1-1-0.dll5.2.dr, api-ms-win-core-errorhandling-l1-1-0.dll1.2.dr, api-ms-win-core-errorhandling-l1-1-0.dll0.2.dr
Source: Binary string: D:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2267466693.0000000003A65000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140.dll6.2.dr, vcruntime140.dll1.2.dr, vcruntime140.dll3.2.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll6.2.dr, api-ms-win-core-processthreads-l1-1-0.dll5.2.dr, api-ms-win-core-processthreads-l1-1-0.dll3.2.dr, api-ms-win-core-processthreads-l1-1-0.dll4.2.dr, api-ms-win-core-processthreads-l1-1-0.dll7.2.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll0.2.dr, api-ms-win-core-console-l1-1-0.dll2.2.dr, api-ms-win-core-console-l1-1-0.dll5.2.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll5.2.dr, api-ms-win-core-file-l1-1-0.dll.2.dr, api-ms-win-core-file-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll5.2.dr, api-ms-win-crt-private-l1-1-0.dll3.2.dr, api-ms-win-crt-private-l1-1-0.dll.2.dr, api-ms-win-crt-private-l1-1-0.dll7.2.dr, api-ms-win-crt-private-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll1.2.dr, api-ms-win-crt-convert-l1-1-0.dll3.2.dr, api-ms-win-crt-convert-l1-1-0.dll4.2.dr
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon64.pdb/// source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2132075553.0000000000894000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2238946228.00000000037AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll5.2.dr, ucrtbase.dll4.2.dr, ucrtbase.dll0.2.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll6.2.dr, api-ms-win-core-profile-l1-1-0.dll3.2.dr, api-ms-win-core-profile-l1-1-0.dll2.2.dr, api-ms-win-core-profile-l1-1-0.dll1.2.dr, api-ms-win-core-profile-l1-1-0.dll.2.dr, api-ms-win-core-profile-l1-1-0.dll4.2.dr
Source: Binary string: D:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2238344554.00000000037AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll3.2.dr, msvcp140.dll2.2.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.2.dr, api-ms-win-crt-time-l1-1-0.dll3.2.dr, api-ms-win-crt-time-l1-1-0.dll5.2.dr, api-ms-win-crt-time-l1-1-0.dll2.2.dr
Source: Binary string: D:\agent\_work\20\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3382315993.000000006D251000.00000020.00000001.01000000.0000000A.sdmp, msvcp140.dll.2.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll6.2.dr, api-ms-win-core-handle-l1-1-0.dll3.2.dr, api-ms-win-core-handle-l1-1-0.dll1.2.dr, api-ms-win-core-handle-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll1.2.dr, api-ms-win-core-synch-l1-2-0.dll6.2.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll0.2.dr, api-ms-win-core-processenvironment-l1-1-0.dll6.2.dr, api-ms-win-core-processenvironment-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll7.2.dr, api-ms-win-core-datetime-l1-1-0.dll3.2.dr, api-ms-win-core-datetime-l1-1-0.dll5.2.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll5.2.dr, api-ms-win-crt-conio-l1-1-0.dll0.2.dr, api-ms-win-crt-conio-l1-1-0.dll4.2.dr, api-ms-win-crt-conio-l1-1-0.dll.2.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll2.2.dr, api-ms-win-core-localization-l1-2-0.dll5.2.dr, api-ms-win-core-localization-l1-2-0.dll0.2.dr, api-ms-win-core-localization-l1-2-0.dll6.2.dr, api-ms-win-core-localization-l1-2-0.dll7.2.dr, api-ms-win-core-localization-l1-2-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.2.dr, api-ms-win-crt-math-l1-1-0.dll5.2.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.2.dr, api-ms-win-core-processthreads-l1-1-1.dll2.2.dr, api-ms-win-core-processthreads-l1-1-1.dll0.2.dr, api-ms-win-core-processthreads-l1-1-1.dll1.2.dr, api-ms-win-core-processthreads-l1-1-1.dll4.2.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.2.dr, api-ms-win-core-namedpipe-l1-1-0.dll2.2.dr
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon32.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll0.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll1.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll7.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll2.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll5.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll3.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll6.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll6.2.dr, api-ms-win-crt-utility-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll4.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll6.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll2.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll5.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll7.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll3.2.dr
Source: Binary string: 4\\vcruntime140_1.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369765571.0000000003A4D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll1.2.dr, api-ms-win-core-timezone-l1-1-0.dll7.2.dr, api-ms-win-core-timezone-l1-1-0.dll6.2.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll7.2.dr, api-ms-win-core-string-l1-1-0.dll2.2.dr, api-ms-win-core-string-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.2.dr, api-ms-win-core-file-l2-1-0.dll1.2.dr, api-ms-win-core-file-l2-1-0.dll4.2.dr, api-ms-win-core-file-l2-1-0.dll3.2.dr, api-ms-win-core-file-l2-1-0.dll6.2.dr
Source: Binary string: msvcr120.i386.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3379133137.000000006CF31000.00000020.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-xstate-l2-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll7.2.dr, api-ms-win-crt-process-l1-1-0.dll4.2.dr, api-ms-win-crt-process-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll3.2.dr, api-ms-win-core-libraryloader-l1-1-0.dll1.2.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000902000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll4.2.dr, api-ms-win-core-interlocked-l1-1-0.dll3.2.dr
Source: Binary string: D:\Download\openssl-OpenSSL_1_0_2o\out32dll\libeay32.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3380826354.000000006D0F3000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll7.2.dr, api-ms-win-crt-heap-l1-1-0.dll0.2.dr, api-ms-win-crt-heap-l1-1-0.dll1.2.dr, api-ms-win-crt-heap-l1-1-0.dll6.2.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.2.dr, api-ms-win-crt-string-l1-1-0.dll4.2.dr, api-ms-win-crt-string-l1-1-0.dll2.2.dr, api-ms-win-crt-string-l1-1-0.dll3.2.dr, api-ms-win-crt-string-l1-1-0.dll6.2.dr
Source: Binary string: D:\Download\openssl-OpenSSL_1_0_2o\out32dll\ssleay32.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3378957248.000000006CF13000.00000002.00000001.01000000.0000000F.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003E2C0 CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError, 2_2_1003E2C0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003E710 FindFirstFileExW,FindClose, 2_2_1003E710
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1002F840 apiCurlDownloadReq, 2_2_1002F840
Source: global traffic HTTP traffic detected: GET /?tagging HTTP/1.1Host: mp-setup-10x.oss-cn-shanghai.aliyuncs.comAccept: */*Authorization: OSS LTAIjpvJCDZscVuY:fFB5LaNvwhfDv2NQRSr6r6Nnma4=Content-Length: 0Content-Type: application/xmlDate: Thu, 23 May 2024 22:27:59 GMTUser-Agent: aliyun-sdk-cpp/1.9.0 (Windows)
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: oss-cn-shanghai.aliyuncs.comAccept: */*Authorization: OSS LTAIjpvJCDZscVuY:41miVqsxVUkrGJu3BSPLPQP6Hd4=Content-Length: 0Content-Type: application/xmlDate: Thu, 23 May 2024 22:28:00 GMTUser-Agent: aliyun-sdk-cpp/1.9.0 (Windows)
Source: global traffic HTTP traffic detected: GET /?marker&max-keys=1000 HTTP/1.1Host: mp-setup-10x.oss-cn-shanghai.aliyuncs.comAccept: */*Authorization: OSS LTAIjpvJCDZscVuY:hrxxYEaddrX39l5iuYwdXM8WeeE=Content-Length: 0Content-Type: application/xmlDate: Thu, 23 May 2024 22:28:01 GMTUser-Agent: aliyun-sdk-cpp/1.9.0 (Windows)
Source: global traffic DNS traffic detected: DNS query: mp-setup-10x.oss-cn-shanghai.aliyuncs.com
Source: global traffic DNS traffic detected: DNS query: oss-cn-shanghai.aliyuncs.com
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369388609.0000000003797000.00000004.00000020.00020000.00000000.sdmp, osssdk.log.2.dr String found in binary or memory: http://mp-setup-10x-oss.mpsolo.com
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369388609.0000000003797000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mp-setup-10x.oss-cn-shanghai.aliyuncs.com/mpsetup%2F%7B0DD5DC56-E5AD-4639-BABF-9FAF7490DCBA%7
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2105251161.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2104938421.0000000002590000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000000.2106281977.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp.0.dr String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000002.3367184981.00000000022BA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367794118.0000000002351000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.kymoto.org
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2104175148.0000000002590000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000002.3367184981.00000000022BA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367794118.0000000002358000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2107608543.0000000003540000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.kymoto.orgsQ
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2104175148.0000000002590000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2107608543.0000000003540000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mifanxing.com/mp6http://www.mifanxing.com/mp6http://www.mifanxing.com/mp
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000002.3367184981.0000000002316000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mifanxing.com/mppf1
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367794118.00000000023F6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mifanxing.com/mppf?
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3381229988.000000006D150000.00000002.00000001.01000000.0000000D.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3379073061.000000006CF23000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://www.openssl.org/V
Source: libeay32.dll.2.dr String found in binary or memory: http://www.openssl.org/support/faq.html
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2105251161.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2104938421.0000000002590000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000000.2106281977.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp.0.dr String found in binary or memory: http://www.remobjects.com/ps
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369316117.00000000036FF000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.winimage.com/zLibDll
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.winimage.com/zLibDll0s
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369316117.00000000036FF000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.winimage.com/zLibDll0sp
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3381630297.000000006D1B0000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://curl.haxx.se/V
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3381630297.000000006D1B0000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3381549537.000000006D1A3000.00000002.00000001.01000000.0000000C.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3383195066.000000006D332000.00000002.00000001.01000000.00000008.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x-debug.oss-cn-shanghai.aliyuncs.com
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x-debug.oss-cn-shanghai.aliyuncs.comcal
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369911796.0000000003B13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shan
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369911796.0000000003B13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.coZ
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3383195066.000000006D332000.00000002.00000001.01000000.00000008.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.com
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.com.dll
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.com/device/cache/cache
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369911796.0000000003B13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.com/mpse
Source: bucket.log.2.dr String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.com/mpsetup/
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.comLo
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3383195066.000000006D332000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.comhttps://www.mifanxing.com/mpmp-setup-10x-debughttps
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000848000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghai.aliyuncs.comn/xml
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369911796.0000000003B13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mp-setup-10x.oss-cn-shanghaiZ
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000902000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3382065722.000000006D225000.00000002.00000001.01000000.0000000B.sdmp, osssdk.dll.2.dr String found in binary or memory: https://www.mifanxing.com/mp
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3382065722.000000006D225000.00000002.00000001.01000000.0000000B.sdmp, osssdk.dll.2.dr String found in binary or memory: https://www.mifanxing.com/mpAccessKeyIdAccessKeySecretEndpointBucketNameReferer
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003E2C0: CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError, 2_2_1003E2C0
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036E3760 2_2_036E3760
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036FAFE0 2_2_036FAFE0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036FDA7C 2_2_036FDA7C
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F4643 2_2_036F4643
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036E6EE0 2_2_036E6EE0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036FBAC4 2_2_036FBAC4
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036FB552 2_2_036FB552
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036EFD20 2_2_036EFD20
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036FCD31 2_2_036FCD31
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036E7903 2_2_036E7903
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036E5C50 2_2_036E5C50
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036E14E0 2_2_036E14E0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F20DE 2_2_036F20DE
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F14A0 2_2_036F14A0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10028700 2_2_10028700
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003ECF0 2_2_1003ECF0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005B470 2_2_1005B470
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005D470 2_2_1005D470
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_100394E0 2_2_100394E0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_100535C0 2_2_100535C0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003D720 2_2_1003D720
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10059850 2_2_10059850
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10005B60 2_2_10005B60
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10057C30 2_2_10057C30
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10035CA0 2_2_10035CA0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10003D60 2_2_10003D60
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005BDD0 2_2_1005BDD0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10053EE0 2_2_10053EE0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1002808F 2_2_1002808F
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_100280B0 2_2_100280B0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005A1B0 2_2_1005A1B0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003A280 2_2_1003A280
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1002836F 2_2_1002836F
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10004370 2_2_10004370
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10028370 2_2_10028370
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10058590 2_2_10058590
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005E6C0 2_2_1005E6C0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10034720 2_2_10034720
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10002760 2_2_10002760
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10002840 2_2_10002840
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005C860 2_2_1005C860
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005E8E0 2_2_1005E8E0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005EADE 2_2_1005EADE
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1005AB10 2_2_1005AB10
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 10026FA0 appears 214 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 036F3DB0 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 100267E0 appears 167 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 100074D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 100075D0 appears 187 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 10009580 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 10046F70 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: String function: 100025B0 appears 354 times
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
PE file does not import any functions
Source: api-ms-win-crt-multibyte-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: API-MS-Win-core-xstate-l2-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll3.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll1.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll2.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.2.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll0.2.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2105251161.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000003.2104938421.0000000002590000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000000.2103917693.00000000004C6000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe, 00000000.00000002.3367184981.00000000022F8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Binary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean9.winEXE@3/425@2/2
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10010020 GetLastError,FormatMessageW, 2_2_10010020
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_100192E0 FreeResource, 2_2_100192E0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Mutant created: \Sessions\1\BaseNamedObjects\{0DD5DC56-E5AD-4639-BABF-9FAF7490DCBA}
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe File created: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Process created: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp "C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp" /SL5="$203EE,3576097,780288,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Process created: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp "C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp" /SL5="$203EE,3576097,780288,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: libeay32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: libcurl.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: msvcr120.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: ssleay32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: zlibwapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: msvcr120.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Static file information: File size 4292990 > 1048576
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll2.2.dr, api-ms-win-crt-locale-l1-1-0.dll1.2.dr, api-ms-win-crt-locale-l1-1-0.dll6.2.dr, api-ms-win-crt-locale-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll4.2.dr, api-ms-win-crt-runtime-l1-1-0.dll6.2.dr, api-ms-win-crt-runtime-l1-1-0.dll5.2.dr, api-ms-win-crt-runtime-l1-1-0.dll7.2.dr
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll0.2.dr, api-ms-win-core-file-l1-2-0.dll.2.dr, api-ms-win-core-file-l1-2-0.dll4.2.dr, api-ms-win-core-file-l1-2-0.dll1.2.dr, api-ms-win-core-file-l1-2-0.dll3.2.dr, api-ms-win-core-file-l1-2-0.dll7.2.dr
Source: Binary string: api-ms-win-core-console-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-2-0.dll0.2.dr, api-ms-win-core-console-l1-2-0.dll2.2.dr, api-ms-win-core-console-l1-2-0.dll5.2.dr
Source: Binary string: ucrtbase.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2132075553.0000000000894000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2238946228.00000000037AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll5.2.dr, ucrtbase.dll4.2.dr, ucrtbase.dll0.2.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.2.dr, api-ms-win-core-memory-l1-1-0.dll7.2.dr, api-ms-win-core-memory-l1-1-0.dll6.2.dr, api-ms-win-core-memory-l1-1-0.dll4.2.dr, api-ms-win-core-memory-l1-1-0.dll3.2.dr, api-ms-win-core-memory-l1-1-0.dll2.2.dr, api-ms-win-core-memory-l1-1-0.dll1.2.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll1.2.dr, api-ms-win-core-debug-l1-1-0.dll.2.dr, api-ms-win-core-debug-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll4.2.dr, api-ms-win-core-sysinfo-l1-1-0.dll3.2.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll6.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll2.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll1.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll0.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll3.2.dr, api-ms-win-crt-filesystem-l1-1-0.dll7.2.dr
Source: Binary string: D:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3366833347.000000000018F000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2132075553.0000000000894000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140_1.dll2.2.dr, vcruntime140_1.dll4.2.dr, vcruntime140_1.dll0.2.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll3.2.dr, api-ms-win-crt-stdio-l1-1-0.dll.2.dr, api-ms-win-crt-stdio-l1-1-0.dll7.2.dr, api-ms-win-crt-stdio-l1-1-0.dll1.2.dr, api-ms-win-crt-stdio-l1-1-0.dll2.2.dr, api-ms-win-crt-stdio-l1-1-0.dll5.2.dr
Source: Binary string: D:\agent\_work\20\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3383384549.000000006E8C1000.00000020.00000001.01000000.00000009.sdmp, vcruntime140.dll2.2.dr, vcruntime140.dll7.2.dr, vcruntime140.dll5.2.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.2.dr, api-ms-win-core-heap-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll5.2.dr, api-ms-win-core-util-l1-1-0.dll6.2.dr, api-ms-win-core-util-l1-1-0.dll3.2.dr, api-ms-win-core-util-l1-1-0.dll2.2.dr, api-ms-win-core-util-l1-1-0.dll7.2.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll2.2.dr, api-ms-win-core-synch-l1-1-0.dll6.2.dr, api-ms-win-core-synch-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll0.2.dr, api-ms-win-crt-environment-l1-1-0.dll4.2.dr, api-ms-win-crt-environment-l1-1-0.dll5.2.dr, api-ms-win-crt-environment-l1-1-0.dll6.2.dr, api-ms-win-crt-environment-l1-1-0.dll.2.dr, api-ms-win-crt-environment-l1-1-0.dll1.2.dr
Source: Binary string: D:\Download\openssl-OpenSSL_1_0_2o\out32dll\ssleay32.pdbAA source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3378957248.000000006CF13000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon32.pdb333GCTL source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll2.2.dr, api-ms-win-core-errorhandling-l1-1-0.dll5.2.dr, api-ms-win-core-errorhandling-l1-1-0.dll1.2.dr, api-ms-win-core-errorhandling-l1-1-0.dll0.2.dr
Source: Binary string: D:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2267466693.0000000003A65000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140.dll6.2.dr, vcruntime140.dll1.2.dr, vcruntime140.dll3.2.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll6.2.dr, api-ms-win-core-processthreads-l1-1-0.dll5.2.dr, api-ms-win-core-processthreads-l1-1-0.dll3.2.dr, api-ms-win-core-processthreads-l1-1-0.dll4.2.dr, api-ms-win-core-processthreads-l1-1-0.dll7.2.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll0.2.dr, api-ms-win-core-console-l1-1-0.dll2.2.dr, api-ms-win-core-console-l1-1-0.dll5.2.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll5.2.dr, api-ms-win-core-file-l1-1-0.dll.2.dr, api-ms-win-core-file-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll5.2.dr, api-ms-win-crt-private-l1-1-0.dll3.2.dr, api-ms-win-crt-private-l1-1-0.dll.2.dr, api-ms-win-crt-private-l1-1-0.dll7.2.dr, api-ms-win-crt-private-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll1.2.dr, api-ms-win-crt-convert-l1-1-0.dll3.2.dr, api-ms-win-crt-convert-l1-1-0.dll4.2.dr
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon64.pdb/// source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2132075553.0000000000894000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2238946228.00000000037AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll5.2.dr, ucrtbase.dll4.2.dr, ucrtbase.dll0.2.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll6.2.dr, api-ms-win-core-profile-l1-1-0.dll3.2.dr, api-ms-win-core-profile-l1-1-0.dll2.2.dr, api-ms-win-core-profile-l1-1-0.dll1.2.dr, api-ms-win-core-profile-l1-1-0.dll.2.dr, api-ms-win-core-profile-l1-1-0.dll4.2.dr
Source: Binary string: D:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000003.2238344554.00000000037AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll3.2.dr, msvcp140.dll2.2.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.2.dr, api-ms-win-crt-time-l1-1-0.dll3.2.dr, api-ms-win-crt-time-l1-1-0.dll5.2.dr, api-ms-win-crt-time-l1-1-0.dll2.2.dr
Source: Binary string: D:\agent\_work\20\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3382315993.000000006D251000.00000020.00000001.01000000.0000000A.sdmp, msvcp140.dll.2.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll6.2.dr, api-ms-win-core-handle-l1-1-0.dll3.2.dr, api-ms-win-core-handle-l1-1-0.dll1.2.dr, api-ms-win-core-handle-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll1.2.dr, api-ms-win-core-synch-l1-2-0.dll6.2.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll0.2.dr, api-ms-win-core-processenvironment-l1-1-0.dll6.2.dr, api-ms-win-core-processenvironment-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll7.2.dr, api-ms-win-core-datetime-l1-1-0.dll3.2.dr, api-ms-win-core-datetime-l1-1-0.dll5.2.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll5.2.dr, api-ms-win-crt-conio-l1-1-0.dll0.2.dr, api-ms-win-crt-conio-l1-1-0.dll4.2.dr, api-ms-win-crt-conio-l1-1-0.dll.2.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll2.2.dr, api-ms-win-core-localization-l1-2-0.dll5.2.dr, api-ms-win-core-localization-l1-2-0.dll0.2.dr, api-ms-win-core-localization-l1-2-0.dll6.2.dr, api-ms-win-core-localization-l1-2-0.dll7.2.dr, api-ms-win-core-localization-l1-2-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.2.dr, api-ms-win-crt-math-l1-1-0.dll5.2.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.2.dr, api-ms-win-core-processthreads-l1-1-1.dll2.2.dr, api-ms-win-core-processthreads-l1-1-1.dll0.2.dr, api-ms-win-core-processthreads-l1-1-1.dll1.2.dr, api-ms-win-core-processthreads-l1-1-1.dll4.2.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.2.dr, api-ms-win-core-namedpipe-l1-1-0.dll2.2.dr
Source: Binary string: D:\WorkPlat\software\mp-setup-10x\common\output\devcon32.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll0.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll1.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll7.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll2.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll5.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll3.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll6.2.dr, api-ms-win-crt-multibyte-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll6.2.dr, api-ms-win-crt-utility-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll4.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll6.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll2.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll5.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll7.2.dr, api-ms-win-core-rtlsupport-l1-1-0.dll3.2.dr
Source: Binary string: 4\\vcruntime140_1.amd64.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369765571.0000000003A4D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll1.2.dr, api-ms-win-core-timezone-l1-1-0.dll7.2.dr, api-ms-win-core-timezone-l1-1-0.dll6.2.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll7.2.dr, api-ms-win-core-string-l1-1-0.dll2.2.dr, api-ms-win-core-string-l1-1-0.dll4.2.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.2.dr, api-ms-win-core-file-l2-1-0.dll1.2.dr, api-ms-win-core-file-l2-1-0.dll4.2.dr, api-ms-win-core-file-l2-1-0.dll3.2.dr, api-ms-win-core-file-l2-1-0.dll6.2.dr
Source: Binary string: msvcr120.i386.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3379133137.000000006CF31000.00000020.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-xstate-l2-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll7.2.dr, api-ms-win-crt-process-l1-1-0.dll4.2.dr, api-ms-win-crt-process-l1-1-0.dll2.2.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll3.2.dr, api-ms-win-core-libraryloader-l1-1-0.dll1.2.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3367292480.0000000000902000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll4.2.dr, api-ms-win-core-interlocked-l1-1-0.dll3.2.dr
Source: Binary string: D:\Download\openssl-OpenSSL_1_0_2o\out32dll\libeay32.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3380826354.000000006D0F3000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll7.2.dr, api-ms-win-crt-heap-l1-1-0.dll0.2.dr, api-ms-win-crt-heap-l1-1-0.dll1.2.dr, api-ms-win-crt-heap-l1-1-0.dll6.2.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.2.dr, api-ms-win-crt-string-l1-1-0.dll4.2.dr, api-ms-win-crt-string-l1-1-0.dll2.2.dr, api-ms-win-crt-string-l1-1-0.dll3.2.dr, api-ms-win-crt-string-l1-1-0.dll6.2.dr
Source: Binary string: D:\Download\openssl-OpenSSL_1_0_2o\out32dll\ssleay32.pdb source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369994260.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3378957248.000000006CF13000.00000002.00000001.01000000.0000000F.sdmp
Binary contains a suspicious time stamp
Source: api-ms-win-core-synch-l1-1-0.dll.2.dr Static PE information: 0xD721759F [Tue May 16 05:43:59 2084 UTC]
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Static PE information: section name: .didata
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp.0.dr Static PE information: section name: .didata
Source: bucket.inno.dll.2.dr Static PE information: section name: /4
Source: msvcp140.dll.2.dr Static PE information: section name: .didat
Source: msvcp140.dll0.2.dr Static PE information: section name: .didat
Source: vcruntime140.dll.2.dr Static PE information: section name: _RDATA
Source: msvcp140.dll1.2.dr Static PE information: section name: .didat
Source: vcruntime140.dll1.2.dr Static PE information: section name: _RDATA
Source: msvcp140.dll2.2.dr Static PE information: section name: .didat
Source: vcruntime140.dll3.2.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F3DF5 push ecx; ret 2_2_036F3E08
Source: msvcr120.dll.2.dr Static PE information: section name: .text entropy: 6.956679273683867
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe File created: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\API-MS-Win-core-xstate-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\devcon32.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\libcurl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\API-MS-Win-core-xstate-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\devcon64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\device.inno.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\zlibwapi.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\device.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\bucket.inno.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\libeay32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\cfghost.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\bucket.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\ssleay32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\msvcr120.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\API-MS-Win-core-xstate-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\cfghost.inno.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\osssdk.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\msvcp140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp File created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-05-23 #001.txt Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F4643 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_036F4643
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\API-MS-Win-core-xstate-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\devcon32.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\API-MS-Win-core-xstate-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\devcon64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\device.inno.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\device.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\bucket.inno.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\cfghost.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-console-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\bucket.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\API-MS-Win-core-xstate-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\cfghost.inno.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\osssdk.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp API coverage: 3.8 %
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003E2C0 CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError, 2_2_1003E2C0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003E710 FindFirstFileExW,FindClose, 2_2_1003E710
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_10002BE0 GetSystemInfo, 2_2_10002BE0
Source: SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp, 00000002.00000002.3369388609.0000000003760000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F8FDA EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 2_2_036F8FDA
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F8FDA EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 2_2_036F8FDA
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F42AA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock, 2_2_036F42AA
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F48F1 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_036F48F1
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036FA59F cpuid 2_2_036FA59F
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: GetLocaleInfoA, 2_2_1003E7D0
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: GetLocaleInfoA, 2_2_1003E830
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_036F8551 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 2_2_036F8551
Source: C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp Code function: 2_2_1003F560 GetVersionExA,GetModuleHandleA,GetProcAddress, 2_2_1003F560
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
106.14.229.209
 mp-setup-10x.oss-cn-shanghai.aliyuncs.com China
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false
106.14.228.220
 oss-cn-shanghai.aliyuncs.com China
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false

Contacted Domains

Name IP Active
mp-setup-10x.oss-cn-shanghai.aliyuncs.com 106.14.229.209 true
oss-cn-shanghai.aliyuncs.com 106.14.228.220 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://mp-setup-10x.oss-cn-shanghai.aliyuncs.com/?tagging false
  • Avira URL Cloud: safe
 unknown
http://mp-setup-10x.oss-cn-shanghai.aliyuncs.com/?marker&max-keys=1000 false
  • Avira URL Cloud: safe
 unknown
http://oss-cn-shanghai.aliyuncs.com/ false
  • Avira URL Cloud: safe
 unknown