Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3e1a160.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3e1a160.4.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3e1a160.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3fb58a0.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3fb58a0.5.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3fb58a0.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3fb58a0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3fb58a0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3e1a160.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.3e1a160.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000006.00000002.1457543852.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1374069454.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe PID: 7952, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe PID: 8164, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mpclient.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wmitomi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, B5htBfs6Eq60LvMyWr.cs |
High entropy of concatenated method names: 'w57qscG8RD', 'x7YqmqC8Eh', 'ocGqkZwtlW', 'YEOkZu65Z3', 'WuCkzB7aRn', 'PLdqFVe9nq', 'or2qBxUlFK', 'ECFqWpjDeU', 'mh8qrHFT6u', 'u7gqUiT0Rl' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, bmncYvqpj1lkAkdaQY.cs |
High entropy of concatenated method names: 'Dispose', 'IcXBCLO8dK', 'OprWH8BmSy', 'qyxVVUCACc', 'rWyBZKWZOd', 'ca6BzUmIwp', 'ProcessDialogKey', 'bvsWFFNFRT', 'pHJWB2uDHa', 'vNdWWWcIPj' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, Kfn4gOm6qJR5uQnJ51.cs |
High entropy of concatenated method names: 'Cev1B8FA1K', 'C0x1rEctfk', 'lt51UPv0iK', 'g8U1sCb5y0', 'UpQ1IT9URT', 'PXW1yMqku4', 'qL41kVLh3p', 'DaaPoI8YYe', 'HXwPiaOwJN', 'kIBPCnQAKB' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, cTP0ujQ4unMvfM1Q7j.cs |
High entropy of concatenated method names: 'T1tuM2V1Z1', 'tmdu3YGU3n', 'r5juGdGarH', 'fBeuHNSPOs', 'reouhLNGS1', 'Tfuu2pAZ9V', 'OlLuE1IDtm', 'u4wundyhXV', 'LZbufJtWM4', 'qUeupD3qq4' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, pCZRiIVyb8gQ36Jscb.cs |
High entropy of concatenated method names: 'Cuaq78BXpo', 'eJfq6HMgjS', 'eoNqwvC5rd', 'n9yqNy8V1U', 'D6pqacncpB', 'L0hqgFOoqt', 'dNsqt7eiIE', 'XZWqMtoxh1', 'kC0q3op3cR', 'mYHqYYn5rP' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, cwSp48wlWmdkLMUbRn.cs |
High entropy of concatenated method names: 'YEXQiOCpha', 'TaqQZDtBtO', 'DHuPFXYXjy', 'viIPBQ1KGj', 'cX1QpIeU2M', 'P5VQ8MFB9k', 'sU5QLhT4MT', 'yyFQKj8KlP', 'bLLQDB4jdj', 'z3kQ4fxAmt' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, zgULROdx53FtcVdxrb.cs |
High entropy of concatenated method names: 'ljHQAuITy9', 'uQMQOvu2MZ', 'ToString', 'aUcQsRUM9K', 'mpVQIWvX1f', 'qFoQm70Zmc', 'mObQyEmfyW', 'hWRQkbnxa3', 'VjFQqVyDSd', 'W3AQvtY0ew' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, UYIMtqoPLcKSuPT8Sm.cs |
High entropy of concatenated method names: 'goMIKEWGeg', 'u26IDOFC3S', 'SnuI4VSAbs', 'LY3ITX53PE', 'xDIIxvDqFd', 'UDZIXBCEAA', 'gpGIoKANAZ', 'oGXIijDnAf', 'fn7ICD14NO', 'SnGIZk8esT' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, og6JZM7vcsSTvWXxUG.cs |
High entropy of concatenated method names: 'ERRwaHVGW', 'PWUNOYQMo', 'c53gwwlZD', 'TBcta9ZMg', 'gq33w8AIW', 'y8VYB2MGO', 'Q4IiSUo47JKLSEiFBd', 'tMW6m9FUrVTGaqjil8', 'kfvPKDh1i', 'tmveCGFjw' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, v0c3BnzsGGvxHTnpZq.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ebs1uHhiHO', 'Hao1cAbcfb', 'qIQ1bOZDPP', 'LAK1QZBWWy', 'xtq1PwkA1O', 'upK11Rdb9c', 'nFG1eGPsy9' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, EiI4J1gsgEpvMUVeIr.cs |
High entropy of concatenated method names: 'AvVPsX52Xk', 'yrFPIWsbO7', 'BAaPmY3Ysn', 'sHgPyxNyah', 'q6NPkkUymK', 'gtWPqQlQJ5', 'lI6Pvd2pri', 'kfCP5aipUr', 'deBPAnUgV8', 'pGJPOgxdv9' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, sstE2rE2FHbpyWHeil.cs |
High entropy of concatenated method names: 'QyLmN1trIt', 'bpAmgpjF07', 'rCPmMshCaO', 'wHXm3naUdw', 'mLOmctTHPM', 'Y28mbJCZwg', 'K8AmQI3Vew', 'ua0mPakMIA', 'DZtm1LESoN', 's44menTDNP' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, dVbdYWjrJy6D8mXC3HN.cs |
High entropy of concatenated method names: 'V0V17Lrlsa', 'euF16Ff0Ws', 'SJg1wE6CU3', 'ArE1NvZ53S', 'S9o1aHDwXA', 'yhN1gmsQqN', 'gY41tOkoUB', 'i2A1MoedVd', 'K3K13jXEU6', 'njl1Y3ePZB' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, k1ljfRRekjotoW2QGo.cs |
High entropy of concatenated method names: 'FH4PGlZaS4', 'xw5PHprckX', 'E6jPd7le3e', 'JfFPh1JS7a', 'sk0PKqpjXb', 'IC5P2h3Fed', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, QnUNhefD2F9UwihjTT.cs |
High entropy of concatenated method names: 'efnBqqGBAg', 'uFsBvZt3pj', 'jfNBA97M80', 'lNdBOwyOyj', 'TYwBc7RaWT', 's9gBbTrNPs', 'OT7orF2AP6v02ilR6u', 'j2qM2nWYESVyEb63hP', 'NHOBBsq2Id', 'VatBr5BoRF' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, oQbKyJ809BxJXn8WyT.cs |
High entropy of concatenated method names: 'uAkcfwODai', 'NA0c8UgXma', 'ceTcKs6tNl', 'VyicDsKdUH', 'COlcHigPv8', 'UDvcdL9lZC', 'FSmchVySOJ', 'lL0c2ICxRt', 'EMucSwlaBF', 'UdGcEhr5Ib' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, cbW82iCn8DJ8wSMm2p.cs |
High entropy of concatenated method names: 'SffkjgIaHA', 'oGNkI1yC23', 'FrwkyIg9rg', 'C09kqjqZWP', 'zKSkv2RVO1', 'ojiyxa0NDh', 'ta1yXA9HnP', 'lipyoDg95t', 'w7yyi3U0mb', 'uf9yCgcbOx' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7290000.7.raw.unpack, FfqA4hD1YFgf9Fce7S.cs |
High entropy of concatenated method names: 'U3qrjQn2sV', 'OberstitGJ', 'jcUrI6B4Nf', 'r78rm95Los', 'GNsryCi5JM', 'xOHrkpPH0f', 'k1IrqCk1BV', 'HPnrvB3xHG', 'y8Jr5oG57U', 'natrAMMtBj' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, B5htBfs6Eq60LvMyWr.cs |
High entropy of concatenated method names: 'w57qscG8RD', 'x7YqmqC8Eh', 'ocGqkZwtlW', 'YEOkZu65Z3', 'WuCkzB7aRn', 'PLdqFVe9nq', 'or2qBxUlFK', 'ECFqWpjDeU', 'mh8qrHFT6u', 'u7gqUiT0Rl' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, bmncYvqpj1lkAkdaQY.cs |
High entropy of concatenated method names: 'Dispose', 'IcXBCLO8dK', 'OprWH8BmSy', 'qyxVVUCACc', 'rWyBZKWZOd', 'ca6BzUmIwp', 'ProcessDialogKey', 'bvsWFFNFRT', 'pHJWB2uDHa', 'vNdWWWcIPj' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, Kfn4gOm6qJR5uQnJ51.cs |
High entropy of concatenated method names: 'Cev1B8FA1K', 'C0x1rEctfk', 'lt51UPv0iK', 'g8U1sCb5y0', 'UpQ1IT9URT', 'PXW1yMqku4', 'qL41kVLh3p', 'DaaPoI8YYe', 'HXwPiaOwJN', 'kIBPCnQAKB' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, cTP0ujQ4unMvfM1Q7j.cs |
High entropy of concatenated method names: 'T1tuM2V1Z1', 'tmdu3YGU3n', 'r5juGdGarH', 'fBeuHNSPOs', 'reouhLNGS1', 'Tfuu2pAZ9V', 'OlLuE1IDtm', 'u4wundyhXV', 'LZbufJtWM4', 'qUeupD3qq4' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, pCZRiIVyb8gQ36Jscb.cs |
High entropy of concatenated method names: 'Cuaq78BXpo', 'eJfq6HMgjS', 'eoNqwvC5rd', 'n9yqNy8V1U', 'D6pqacncpB', 'L0hqgFOoqt', 'dNsqt7eiIE', 'XZWqMtoxh1', 'kC0q3op3cR', 'mYHqYYn5rP' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, cwSp48wlWmdkLMUbRn.cs |
High entropy of concatenated method names: 'YEXQiOCpha', 'TaqQZDtBtO', 'DHuPFXYXjy', 'viIPBQ1KGj', 'cX1QpIeU2M', 'P5VQ8MFB9k', 'sU5QLhT4MT', 'yyFQKj8KlP', 'bLLQDB4jdj', 'z3kQ4fxAmt' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, zgULROdx53FtcVdxrb.cs |
High entropy of concatenated method names: 'ljHQAuITy9', 'uQMQOvu2MZ', 'ToString', 'aUcQsRUM9K', 'mpVQIWvX1f', 'qFoQm70Zmc', 'mObQyEmfyW', 'hWRQkbnxa3', 'VjFQqVyDSd', 'W3AQvtY0ew' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, UYIMtqoPLcKSuPT8Sm.cs |
High entropy of concatenated method names: 'goMIKEWGeg', 'u26IDOFC3S', 'SnuI4VSAbs', 'LY3ITX53PE', 'xDIIxvDqFd', 'UDZIXBCEAA', 'gpGIoKANAZ', 'oGXIijDnAf', 'fn7ICD14NO', 'SnGIZk8esT' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, og6JZM7vcsSTvWXxUG.cs |
High entropy of concatenated method names: 'ERRwaHVGW', 'PWUNOYQMo', 'c53gwwlZD', 'TBcta9ZMg', 'gq33w8AIW', 'y8VYB2MGO', 'Q4IiSUo47JKLSEiFBd', 'tMW6m9FUrVTGaqjil8', 'kfvPKDh1i', 'tmveCGFjw' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, v0c3BnzsGGvxHTnpZq.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Ebs1uHhiHO', 'Hao1cAbcfb', 'qIQ1bOZDPP', 'LAK1QZBWWy', 'xtq1PwkA1O', 'upK11Rdb9c', 'nFG1eGPsy9' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, EiI4J1gsgEpvMUVeIr.cs |
High entropy of concatenated method names: 'AvVPsX52Xk', 'yrFPIWsbO7', 'BAaPmY3Ysn', 'sHgPyxNyah', 'q6NPkkUymK', 'gtWPqQlQJ5', 'lI6Pvd2pri', 'kfCP5aipUr', 'deBPAnUgV8', 'pGJPOgxdv9' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, sstE2rE2FHbpyWHeil.cs |
High entropy of concatenated method names: 'QyLmN1trIt', 'bpAmgpjF07', 'rCPmMshCaO', 'wHXm3naUdw', 'mLOmctTHPM', 'Y28mbJCZwg', 'K8AmQI3Vew', 'ua0mPakMIA', 'DZtm1LESoN', 's44menTDNP' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, dVbdYWjrJy6D8mXC3HN.cs |
High entropy of concatenated method names: 'V0V17Lrlsa', 'euF16Ff0Ws', 'SJg1wE6CU3', 'ArE1NvZ53S', 'S9o1aHDwXA', 'yhN1gmsQqN', 'gY41tOkoUB', 'i2A1MoedVd', 'K3K13jXEU6', 'njl1Y3ePZB' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, k1ljfRRekjotoW2QGo.cs |
High entropy of concatenated method names: 'FH4PGlZaS4', 'xw5PHprckX', 'E6jPd7le3e', 'JfFPh1JS7a', 'sk0PKqpjXb', 'IC5P2h3Fed', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, QnUNhefD2F9UwihjTT.cs |
High entropy of concatenated method names: 'efnBqqGBAg', 'uFsBvZt3pj', 'jfNBA97M80', 'lNdBOwyOyj', 'TYwBc7RaWT', 's9gBbTrNPs', 'OT7orF2AP6v02ilR6u', 'j2qM2nWYESVyEb63hP', 'NHOBBsq2Id', 'VatBr5BoRF' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, oQbKyJ809BxJXn8WyT.cs |
High entropy of concatenated method names: 'uAkcfwODai', 'NA0c8UgXma', 'ceTcKs6tNl', 'VyicDsKdUH', 'COlcHigPv8', 'UDvcdL9lZC', 'FSmchVySOJ', 'lL0c2ICxRt', 'EMucSwlaBF', 'UdGcEhr5Ib' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, cbW82iCn8DJ8wSMm2p.cs |
High entropy of concatenated method names: 'SffkjgIaHA', 'oGNkI1yC23', 'FrwkyIg9rg', 'C09kqjqZWP', 'zKSkv2RVO1', 'ojiyxa0NDh', 'ta1yXA9HnP', 'lipyoDg95t', 'w7yyi3U0mb', 'uf9yCgcbOx' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.403acc0.6.raw.unpack, FfqA4hD1YFgf9Fce7S.cs |
High entropy of concatenated method names: 'U3qrjQn2sV', 'OberstitGJ', 'jcUrI6B4Nf', 'r78rm95Los', 'GNsryCi5JM', 'xOHrkpPH0f', 'k1IrqCk1BV', 'HPnrvB3xHG', 'y8Jr5oG57U', 'natrAMMtBj' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.2db5b4c.0.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.7ef0000.8.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.2dbf164.2.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.2e0fccc.3.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe.2e066b4.1.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.10.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.10.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.10.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.10.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe, 00000006.00000002.1458226383.00000000015D5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg |
Source: Amcache.hve.10.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.10.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.10.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0 |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.10.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.10.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.10.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.10.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.10.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.10.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.10.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.6879.11943.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |