Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe

Overview

General Information

Sample Name: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Analysis ID: 755894
MD5: 2c37cb553314943214dc79d2d5cd95d2
SHA1: 8d729ace154aae255cc7d20e0038889c1a16b30b
SHA256: 5cfdb9f856907336025bbd526f7383ae8edbce669348b8e330251dfe21072c8f
Tags: exe
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus detection for URL or domain
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
Tries to detect virtualization through RDTSC time measurements
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe ReversingLabs: Detection: 29%
Yara detected FormBook
Source: Yara match File source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Antivirus detection for URL or domain
Source: www.2635westkaylaneprescott.com/ndgi/ Avira URL Cloud: Label: malware
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack Avira: Label: TR/Crypt.ZPACK.Gen
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.2635westkaylaneprescott.com/ndgi/"], "decoy": ["vuicotvxrejp3il.xyz", "w3fa6.net", "sappuno02.com", "konstruksirumah.xyz", "usalifehealth.com", "and1f.xyz", "atenmentfstinfdow.beauty", "primepipe.net", "roundhouseny.com", "alexandermcqueen.icu", "transporteavalos.com", "spankmetaverse.xyz", "jhccowholesale.com", "bielefeldgebaeudereinigung.com", "saintraphaelschool.com", "larifaa.online", "dejabrew.info", "izabelaeraphael.com", "granniestoneet.com", "greensourceseed.com", "jawaahirulhikmah.com", "2lipcolours.com", "ginzou.com", "vestradgivning.online", "atlasdublinresidence.com", "bfine.xyz", "decision-art.com", "nicebayloans.com", "pendingissue.biz", "troiancircular.com", "raftingtennesssee.com", "autistal.xyz", "purposeinplans.com", "socofm.com", "dafuweng0471.com", "transformcoach.info", "vugz.info", "isabellesroom.com", "kasdawerf.xyz", "angelicindia.com", "jmakerpumploc.com", "departmen.store", "kalpataruplotsariaplots.net", "mosqueenarbonne.com", "tititinews.com", "santeoglobal.com", "cornharvestdirect.com", "chickensoesco.com", "softelbow30.com", "fuxeonfire.com", "soospeter.com", "lastikfiyatlari.online", "northlandproshop.com", "youbelongstojoy.com", "asfalt-podrezkovo.store", "servequin.com", "heti.ink", "gulfingroupinvest.com", "gastries.info", "spunklane.com", "acompanhanteslux.com", "bbti.world", "juiceofjoy.com", "tlaaccounting.net"]}
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000002.267578947.0000000001510000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.265561008.0000000001371000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.263133405.00000000011D4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000002.267578947.0000000001510000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.265561008.0000000001371000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.263133405.00000000011D4000.00000004.00000800.00020000.00000000.sdmp

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: www.2635westkaylaneprescott.com/ndgi/
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.272505714.0000000007232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Creates a DirectInput object (often for capturing keystrokes)
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.264008229.000000000147B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.3282f54.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.32a0724.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe PID: 5272, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe PID: 5208, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.3282f54.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.32a0724.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe PID: 5272, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe PID: 5208, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_0171C164 0_2_0171C164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_0171E5B0 0_2_0171E5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_0171E5A1 0_2_0171E5A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F06E8 0_2_056F06E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F2868 0_2_056F2868
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F6660 0_2_056F6660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F6650 0_2_056F6650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F06D9 0_2_056F06D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F2320 0_2_056F2320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F2330 0_2_056F2330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_056F22FA 0_2_056F22FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153F900 1_2_0153F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01554120 1_2_01554120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154C1C0 1_2_0154C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01552990 1_2_01552990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0160E824 1_2_0160E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01536800 1_2_01536800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1002 1_2_015F1002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A830 1_2_0155A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016028EC 1_2_016028EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F60F5 1_2_015F60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154B090 1_2_0154B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016020A8 1_2_016020A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DCB4F 1_2_015DCB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155AB40 1_2_0155AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151337D 1_2_0151337D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01553360 1_2_01553360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F231B 1_2_015F231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01602B28 1_2_01602B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F03DA 1_2_015F03DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FDBD2 1_2_015FDBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156ABD8 1_2_0156ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01588BE8 1_2_01588BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E23E3 1_2_015E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155EB9A 1_2_0155EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01513382 1_2_01513382
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DEB8A 1_2_015DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156138B 1_2_0156138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156EBB0 1_2_0156EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151225E 1_2_0151225E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F5A4F 1_2_015F5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015EFA2B 1_2_015EFA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FE2C5 1_2_015FE2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016032A9 1_2_016032A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016022AE 1_2_016022AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01552D50 1_2_01552D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01601D55 1_2_01601D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01602D07 1_2_01602D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01530D20 1_2_01530D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154D5E0 1_2_0154D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016025DD 1_2_016025DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562581 1_2_01562581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015665A0 1_2_015665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FD466 1_2_015FD466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154841F 1_2_0154841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01552430 1_2_01552430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564CD4 1_2_01564CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4496 1_2_015F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015194B8 1_2_015194B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01601FF1 1_2_01601FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0160DFCE 1_2_0160DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F67E2 1_2_015F67E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015BAE60 1_2_015BAE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FD616 1_2_015FD616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01555600 1_2_01555600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01556E30 1_2_01556E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01602EF7 1_2_01602EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E1EB6 1_2_015E1EB6
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: String function: 0158D08C appears 47 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: String function: 0153B150 appears 159 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: String function: 015C5720 appears 81 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579860 NtQuerySystemInformation,LdrInitializeThunk, 1_2_01579860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579660 NtAllocateVirtualMemory,LdrInitializeThunk, 1_2_01579660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015796E0 NtFreeVirtualMemory,LdrInitializeThunk, 1_2_015796E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579950 NtQueueApcThread, 1_2_01579950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579910 NtAdjustPrivilegesToken, 1_2_01579910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015799D0 NtCreateProcessEx, 1_2_015799D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015799A0 NtCreateSection, 1_2_015799A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579840 NtDelayExecution, 1_2_01579840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0157B040 NtSuspendThread, 1_2_0157B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579820 NtEnumerateKey, 1_2_01579820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015798F0 NtReadVirtualMemory, 1_2_015798F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015798A0 NtWriteVirtualMemory, 1_2_015798A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579B00 NtSetValueKey, 1_2_01579B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0157A3B0 NtGetContextThread, 1_2_0157A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579A50 NtCreateFile, 1_2_01579A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579A10 NtQuerySection, 1_2_01579A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579A00 NtProtectVirtualMemory, 1_2_01579A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579A20 NtResumeThread, 1_2_01579A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579A80 NtOpenDirectoryObject, 1_2_01579A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579540 NtReadFile, 1_2_01579540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579560 NtWriteFile, 1_2_01579560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0157AD30 NtSetContextThread, 1_2_0157AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579520 NtWaitForSingleObject, 1_2_01579520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015795D0 NtClose, 1_2_015795D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015795F0 NtQueryInformationFile, 1_2_015795F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0157A770 NtOpenThread, 1_2_0157A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579770 NtSetInformationFile, 1_2_01579770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579760 NtOpenProcess, 1_2_01579760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0157A710 NtOpenProcessToken, 1_2_0157A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579710 NtQueryInformationToken, 1_2_01579710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579730 NtQueryVirtualMemory, 1_2_01579730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579FE0 NtCreateMutant, 1_2_01579FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579780 NtMapViewOfSection, 1_2_01579780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015797A0 NtUnmapViewOfSection, 1_2_015797A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579650 NtQueryValueKey, 1_2_01579650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579670 NtQueryInformationProcess, 1_2_01579670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579610 NtEnumerateValueKey, 1_2_01579610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015796D0 NtCreateKey, 1_2_015796D0
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000000.243748362.0000000000D84000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameyFcW.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.264008229.000000000147B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.275549628.0000000007990000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.266489821.0000000001490000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.263873744.00000000012EA000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000002.268632378.000000000162F000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Binary or memory string: OriginalFilenameyFcW.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe ReversingLabs: Detection: 29%
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.log Jump to behavior
Source: classification engine Classification label: mal100.troj.evad.winEXE@3/1@0/0
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000000.243588948.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: insert into User_Transportation(UserID,TransportationID) values (@UserID,@TransID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000000.243588948.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: insert into TourPlace(Name,Location,TicketPrice) values (@name,@location,@ticket);
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000000.243588948.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: insert into User_TourPlace(UserID,TourPlaceID) values (@UserID,@TourplaceID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe String found in binary or memory: AddUserButton'AddUserPhoneTextbox'AdduserEmailtextbox-Adduserpasswordtextbox
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe String found in binary or memory: Username:-AddusertextBoxUsernameCash
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000002.267578947.0000000001510000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.265561008.0000000001371000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.263133405.00000000011D4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000002.267578947.0000000001510000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.265561008.0000000001371000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000001.00000003.263133405.00000000011D4000.00000004.00000800.00020000.00000000.sdmp
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_0171F978 pushad ; iretd 0_2_0171F979
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 0_2_01717AFF push eax; retf 0_2_01717B8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151191C pushfd ; iretd 1_2_01511939
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0158D0D1 push ecx; ret 1_2_0158D0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151225E push eax; retf 1_2_0151321C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01519271 push es; iretd 1_2_01519278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151427E pushad ; retf 000Dh 1_2_0151427F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151322C push eax; retf 1_2_0151321C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01514288 pushad ; retf 1_2_01514289
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0151A7C0 push es; iretd 1_2_0151A7C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01513F9F pushad ; ret 1_2_01513FA0
Source: initial sample Static PE information: section name: .text entropy: 7.649413315465482
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.3282f54.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.32a0724.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.268979891.0000000003549000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe PID: 5272, type: MEMORYSTR
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.268979891.0000000003549000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.268979891.0000000003549000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe RDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe RDTSC instruction interceptor: First address: 0000000000409B6E second address: 0000000000409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe TID: 5180 Thread sleep time: -38122s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe TID: 1404 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01605BA5 rdtsc 1_2_01605BA5
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe API coverage: 0.5 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Thread delayed: delay time: 38122 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe, 00000000.00000002.266387939.0000000003261000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01605BA5 rdtsc 1_2_01605BA5
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608966 mov eax, dword ptr fs:[00000030h] 1_2_01608966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153395E mov eax, dword ptr fs:[00000030h] 1_2_0153395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153395E mov eax, dword ptr fs:[00000030h] 1_2_0153395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1951 mov eax, dword ptr fs:[00000030h] 1_2_015F1951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B944 mov eax, dword ptr fs:[00000030h] 1_2_0155B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B944 mov eax, dword ptr fs:[00000030h] 1_2_0155B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153B171 mov eax, dword ptr fs:[00000030h] 1_2_0153B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153B171 mov eax, dword ptr fs:[00000030h] 1_2_0153B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153C962 mov eax, dword ptr fs:[00000030h] 1_2_0153C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FE962 mov eax, dword ptr fs:[00000030h] 1_2_015FE962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539100 mov eax, dword ptr fs:[00000030h] 1_2_01539100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539100 mov eax, dword ptr fs:[00000030h] 1_2_01539100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539100 mov eax, dword ptr fs:[00000030h] 1_2_01539100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01540100 mov eax, dword ptr fs:[00000030h] 1_2_01540100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01540100 mov eax, dword ptr fs:[00000030h] 1_2_01540100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01540100 mov eax, dword ptr fs:[00000030h] 1_2_01540100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01533138 mov ecx, dword ptr fs:[00000030h] 1_2_01533138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156513A mov eax, dword ptr fs:[00000030h] 1_2_0156513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156513A mov eax, dword ptr fs:[00000030h] 1_2_0156513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01554120 mov eax, dword ptr fs:[00000030h] 1_2_01554120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01554120 mov eax, dword ptr fs:[00000030h] 1_2_01554120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01554120 mov eax, dword ptr fs:[00000030h] 1_2_01554120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01554120 mov eax, dword ptr fs:[00000030h] 1_2_01554120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01554120 mov ecx, dword ptr fs:[00000030h] 1_2_01554120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F19D8 mov eax, dword ptr fs:[00000030h] 1_2_015F19D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016089E7 mov eax, dword ptr fs:[00000030h] 1_2_016089E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015499C7 mov eax, dword ptr fs:[00000030h] 1_2_015499C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015499C7 mov eax, dword ptr fs:[00000030h] 1_2_015499C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015499C7 mov eax, dword ptr fs:[00000030h] 1_2_015499C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015499C7 mov eax, dword ptr fs:[00000030h] 1_2_015499C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154C1C0 mov eax, dword ptr fs:[00000030h] 1_2_0154C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153B1E1 mov eax, dword ptr fs:[00000030h] 1_2_0153B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153B1E1 mov eax, dword ptr fs:[00000030h] 1_2_0153B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153B1E1 mov eax, dword ptr fs:[00000030h] 1_2_0153B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015331E0 mov eax, dword ptr fs:[00000030h] 1_2_015331E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015C41E8 mov eax, dword ptr fs:[00000030h] 1_2_015C41E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562990 mov eax, dword ptr fs:[00000030h] 1_2_01562990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564190 mov eax, dword ptr fs:[00000030h] 1_2_01564190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153519E mov eax, dword ptr fs:[00000030h] 1_2_0153519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153519E mov ecx, dword ptr fs:[00000030h] 1_2_0153519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156A185 mov eax, dword ptr fs:[00000030h] 1_2_0156A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0160F1B5 mov eax, dword ptr fs:[00000030h] 1_2_0160F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0160F1B5 mov eax, dword ptr fs:[00000030h] 1_2_0160F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FA189 mov eax, dword ptr fs:[00000030h] 1_2_015FA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FA189 mov ecx, dword ptr fs:[00000030h] 1_2_015FA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155C182 mov eax, dword ptr fs:[00000030h] 1_2_0155C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B51BE mov eax, dword ptr fs:[00000030h] 1_2_015B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B51BE mov eax, dword ptr fs:[00000030h] 1_2_015B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B51BE mov eax, dword ptr fs:[00000030h] 1_2_015B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B51BE mov eax, dword ptr fs:[00000030h] 1_2_015B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156C9BF mov eax, dword ptr fs:[00000030h] 1_2_0156C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156C9BF mov eax, dword ptr fs:[00000030h] 1_2_0156C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov eax, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov eax, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov eax, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov ecx, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015599BF mov eax, dword ptr fs:[00000030h] 1_2_015599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015461A7 mov eax, dword ptr fs:[00000030h] 1_2_015461A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015461A7 mov eax, dword ptr fs:[00000030h] 1_2_015461A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015461A7 mov eax, dword ptr fs:[00000030h] 1_2_015461A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015461A7 mov eax, dword ptr fs:[00000030h] 1_2_015461A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015661A0 mov eax, dword ptr fs:[00000030h] 1_2_015661A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015661A0 mov eax, dword ptr fs:[00000030h] 1_2_015661A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F49A4 mov eax, dword ptr fs:[00000030h] 1_2_015F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F49A4 mov eax, dword ptr fs:[00000030h] 1_2_015F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F49A4 mov eax, dword ptr fs:[00000030h] 1_2_015F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F49A4 mov eax, dword ptr fs:[00000030h] 1_2_015F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B69A6 mov eax, dword ptr fs:[00000030h] 1_2_015B69A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535050 mov eax, dword ptr fs:[00000030h] 1_2_01535050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535050 mov eax, dword ptr fs:[00000030h] 1_2_01535050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535050 mov eax, dword ptr fs:[00000030h] 1_2_01535050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01537057 mov eax, dword ptr fs:[00000030h] 1_2_01537057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01550050 mov eax, dword ptr fs:[00000030h] 1_2_01550050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01550050 mov eax, dword ptr fs:[00000030h] 1_2_01550050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01601074 mov eax, dword ptr fs:[00000030h] 1_2_01601074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1843 mov eax, dword ptr fs:[00000030h] 1_2_015F1843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2073 mov eax, dword ptr fs:[00000030h] 1_2_015F2073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155F86D mov eax, dword ptr fs:[00000030h] 1_2_0155F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D mov eax, dword ptr fs:[00000030h] 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D mov eax, dword ptr fs:[00000030h] 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D mov eax, dword ptr fs:[00000030h] 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D mov eax, dword ptr fs:[00000030h] 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D mov eax, dword ptr fs:[00000030h] 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156701D mov eax, dword ptr fs:[00000030h] 1_2_0156701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B7016 mov eax, dword ptr fs:[00000030h] 1_2_015B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B7016 mov eax, dword ptr fs:[00000030h] 1_2_015B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B7016 mov eax, dword ptr fs:[00000030h] 1_2_015B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01536800 mov eax, dword ptr fs:[00000030h] 1_2_01536800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01536800 mov eax, dword ptr fs:[00000030h] 1_2_01536800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01536800 mov eax, dword ptr fs:[00000030h] 1_2_01536800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A830 mov eax, dword ptr fs:[00000030h] 1_2_0155A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A830 mov eax, dword ptr fs:[00000030h] 1_2_0155A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A830 mov eax, dword ptr fs:[00000030h] 1_2_0155A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A830 mov eax, dword ptr fs:[00000030h] 1_2_0155A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01604015 mov eax, dword ptr fs:[00000030h] 1_2_01604015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01604015 mov eax, dword ptr fs:[00000030h] 1_2_01604015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564020 mov edi, dword ptr fs:[00000030h] 1_2_01564020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156002D mov eax, dword ptr fs:[00000030h] 1_2_0156002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156002D mov eax, dword ptr fs:[00000030h] 1_2_0156002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156002D mov eax, dword ptr fs:[00000030h] 1_2_0156002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156002D mov eax, dword ptr fs:[00000030h] 1_2_0156002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156002D mov eax, dword ptr fs:[00000030h] 1_2_0156002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154B02A mov eax, dword ptr fs:[00000030h] 1_2_0154B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154B02A mov eax, dword ptr fs:[00000030h] 1_2_0154B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154B02A mov eax, dword ptr fs:[00000030h] 1_2_0154B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154B02A mov eax, dword ptr fs:[00000030h] 1_2_0154B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015378D6 mov eax, dword ptr fs:[00000030h] 1_2_015378D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015378D6 mov eax, dword ptr fs:[00000030h] 1_2_015378D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015378D6 mov ecx, dword ptr fs:[00000030h] 1_2_015378D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CB8D0 mov eax, dword ptr fs:[00000030h] 1_2_015CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CB8D0 mov ecx, dword ptr fs:[00000030h] 1_2_015CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CB8D0 mov eax, dword ptr fs:[00000030h] 1_2_015CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CB8D0 mov eax, dword ptr fs:[00000030h] 1_2_015CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CB8D0 mov eax, dword ptr fs:[00000030h] 1_2_015CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CB8D0 mov eax, dword ptr fs:[00000030h] 1_2_015CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015370C0 mov eax, dword ptr fs:[00000030h] 1_2_015370C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015370C0 mov eax, dword ptr fs:[00000030h] 1_2_015370C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F18CA mov eax, dword ptr fs:[00000030h] 1_2_015F18CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428FD mov eax, dword ptr fs:[00000030h] 1_2_015428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428FD mov eax, dword ptr fs:[00000030h] 1_2_015428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428FD mov eax, dword ptr fs:[00000030h] 1_2_015428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F60F5 mov eax, dword ptr fs:[00000030h] 1_2_015F60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F60F5 mov eax, dword ptr fs:[00000030h] 1_2_015F60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F60F5 mov eax, dword ptr fs:[00000030h] 1_2_015F60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F60F5 mov eax, dword ptr fs:[00000030h] 1_2_015F60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B8E4 mov eax, dword ptr fs:[00000030h] 1_2_0155B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B8E4 mov eax, dword ptr fs:[00000030h] 1_2_0155B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015340E1 mov eax, dword ptr fs:[00000030h] 1_2_015340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015340E1 mov eax, dword ptr fs:[00000030h] 1_2_015340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015340E1 mov eax, dword ptr fs:[00000030h] 1_2_015340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015358EC mov eax, dword ptr fs:[00000030h] 1_2_015358EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539080 mov eax, dword ptr fs:[00000030h] 1_2_01539080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01533880 mov eax, dword ptr fs:[00000030h] 1_2_01533880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01533880 mov eax, dword ptr fs:[00000030h] 1_2_01533880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B3884 mov eax, dword ptr fs:[00000030h] 1_2_015B3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B3884 mov eax, dword ptr fs:[00000030h] 1_2_015B3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156F0BF mov ecx, dword ptr fs:[00000030h] 1_2_0156F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156F0BF mov eax, dword ptr fs:[00000030h] 1_2_0156F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156F0BF mov eax, dword ptr fs:[00000030h] 1_2_0156F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 mov eax, dword ptr fs:[00000030h] 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 mov eax, dword ptr fs:[00000030h] 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 mov eax, dword ptr fs:[00000030h] 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 mov eax, dword ptr fs:[00000030h] 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 mov eax, dword ptr fs:[00000030h] 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015620A0 mov eax, dword ptr fs:[00000030h] 1_2_015620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015678A0 mov eax, dword ptr fs:[00000030h] 1_2_015678A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015790AF mov eax, dword ptr fs:[00000030h] 1_2_015790AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428AE mov eax, dword ptr fs:[00000030h] 1_2_015428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428AE mov eax, dword ptr fs:[00000030h] 1_2_015428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428AE mov eax, dword ptr fs:[00000030h] 1_2_015428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428AE mov ecx, dword ptr fs:[00000030h] 1_2_015428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428AE mov eax, dword ptr fs:[00000030h] 1_2_015428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015428AE mov eax, dword ptr fs:[00000030h] 1_2_015428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153F358 mov eax, dword ptr fs:[00000030h] 1_2_0153F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01563B5A mov eax, dword ptr fs:[00000030h] 1_2_01563B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01563B5A mov eax, dword ptr fs:[00000030h] 1_2_01563B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01563B5A mov eax, dword ptr fs:[00000030h] 1_2_01563B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01563B5A mov eax, dword ptr fs:[00000030h] 1_2_01563B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153DB40 mov eax, dword ptr fs:[00000030h] 1_2_0153DB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01537B70 mov eax, dword ptr fs:[00000030h] 1_2_01537B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154F370 mov eax, dword ptr fs:[00000030h] 1_2_0154F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154F370 mov eax, dword ptr fs:[00000030h] 1_2_0154F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154F370 mov eax, dword ptr fs:[00000030h] 1_2_0154F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01563B7A mov eax, dword ptr fs:[00000030h] 1_2_01563B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01563B7A mov eax, dword ptr fs:[00000030h] 1_2_01563B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153DB60 mov ecx, dword ptr fs:[00000030h] 1_2_0153DB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608B58 mov eax, dword ptr fs:[00000030h] 1_2_01608B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015C6365 mov eax, dword ptr fs:[00000030h] 1_2_015C6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015C6365 mov eax, dword ptr fs:[00000030h] 1_2_015C6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015C6365 mov eax, dword ptr fs:[00000030h] 1_2_015C6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F131B mov eax, dword ptr fs:[00000030h] 1_2_015F131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A309 mov eax, dword ptr fs:[00000030h] 1_2_0155A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B53CA mov eax, dword ptr fs:[00000030h] 1_2_015B53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B53CA mov eax, dword ptr fs:[00000030h] 1_2_015B53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015653C5 mov eax, dword ptr fs:[00000030h] 1_2_015653C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015603E2 mov eax, dword ptr fs:[00000030h] 1_2_015603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015603E2 mov eax, dword ptr fs:[00000030h] 1_2_015603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015603E2 mov eax, dword ptr fs:[00000030h] 1_2_015603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015603E2 mov eax, dword ptr fs:[00000030h] 1_2_015603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015603E2 mov eax, dword ptr fs:[00000030h] 1_2_015603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015603E2 mov eax, dword ptr fs:[00000030h] 1_2_015603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01531BE9 mov eax, dword ptr fs:[00000030h] 1_2_01531BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155DBE9 mov eax, dword ptr fs:[00000030h] 1_2_0155DBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E23E3 mov ecx, dword ptr fs:[00000030h] 1_2_015E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E23E3 mov ecx, dword ptr fs:[00000030h] 1_2_015E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E23E3 mov eax, dword ptr fs:[00000030h] 1_2_015E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562397 mov eax, dword ptr fs:[00000030h] 1_2_01562397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01605BA5 mov eax, dword ptr fs:[00000030h] 1_2_01605BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156B390 mov eax, dword ptr fs:[00000030h] 1_2_0156B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01534B94 mov edi, dword ptr fs:[00000030h] 1_2_01534B94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155EB9A mov eax, dword ptr fs:[00000030h] 1_2_0155EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155EB9A mov eax, dword ptr fs:[00000030h] 1_2_0155EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F138A mov eax, dword ptr fs:[00000030h] 1_2_015F138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608BB6 mov eax, dword ptr fs:[00000030h] 1_2_01608BB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DEB8A mov ecx, dword ptr fs:[00000030h] 1_2_015DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DEB8A mov eax, dword ptr fs:[00000030h] 1_2_015DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DEB8A mov eax, dword ptr fs:[00000030h] 1_2_015DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DEB8A mov eax, dword ptr fs:[00000030h] 1_2_015DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01541B8F mov eax, dword ptr fs:[00000030h] 1_2_01541B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01541B8F mov eax, dword ptr fs:[00000030h] 1_2_01541B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156138B mov eax, dword ptr fs:[00000030h] 1_2_0156138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156138B mov eax, dword ptr fs:[00000030h] 1_2_0156138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156138B mov eax, dword ptr fs:[00000030h] 1_2_0156138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015ED380 mov ecx, dword ptr fs:[00000030h] 1_2_015ED380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01609BBE mov eax, dword ptr fs:[00000030h] 1_2_01609BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1BA8 mov eax, dword ptr fs:[00000030h] 1_2_015F1BA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564BAD mov eax, dword ptr fs:[00000030h] 1_2_01564BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564BAD mov eax, dword ptr fs:[00000030h] 1_2_01564BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564BAD mov eax, dword ptr fs:[00000030h] 1_2_01564BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1A5F mov eax, dword ptr fs:[00000030h] 1_2_015F1A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608A62 mov eax, dword ptr fs:[00000030h] 1_2_01608A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FEA55 mov eax, dword ptr fs:[00000030h] 1_2_015FEA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015C4257 mov eax, dword ptr fs:[00000030h] 1_2_015C4257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F5A4F mov eax, dword ptr fs:[00000030h] 1_2_015F5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F5A4F mov eax, dword ptr fs:[00000030h] 1_2_015F5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F5A4F mov eax, dword ptr fs:[00000030h] 1_2_015F5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F5A4F mov eax, dword ptr fs:[00000030h] 1_2_015F5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539240 mov eax, dword ptr fs:[00000030h] 1_2_01539240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539240 mov eax, dword ptr fs:[00000030h] 1_2_01539240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539240 mov eax, dword ptr fs:[00000030h] 1_2_01539240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01539240 mov eax, dword ptr fs:[00000030h] 1_2_01539240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0157927A mov eax, dword ptr fs:[00000030h] 1_2_0157927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015EB260 mov eax, dword ptr fs:[00000030h] 1_2_015EB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015EB260 mov eax, dword ptr fs:[00000030h] 1_2_015EB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01575A69 mov eax, dword ptr fs:[00000030h] 1_2_01575A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01575A69 mov eax, dword ptr fs:[00000030h] 1_2_01575A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01575A69 mov eax, dword ptr fs:[00000030h] 1_2_01575A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535210 mov eax, dword ptr fs:[00000030h] 1_2_01535210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535210 mov ecx, dword ptr fs:[00000030h] 1_2_01535210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535210 mov eax, dword ptr fs:[00000030h] 1_2_01535210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535210 mov eax, dword ptr fs:[00000030h] 1_2_01535210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153AA16 mov eax, dword ptr fs:[00000030h] 1_2_0153AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153AA16 mov eax, dword ptr fs:[00000030h] 1_2_0153AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01553A1C mov eax, dword ptr fs:[00000030h] 1_2_01553A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FAA16 mov eax, dword ptr fs:[00000030h] 1_2_015FAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FAA16 mov eax, dword ptr fs:[00000030h] 1_2_015FAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov ecx, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154BA00 mov eax, dword ptr fs:[00000030h] 1_2_0154BA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01548A0A mov eax, dword ptr fs:[00000030h] 1_2_01548A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 mov eax, dword ptr fs:[00000030h] 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 mov eax, dword ptr fs:[00000030h] 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 mov eax, dword ptr fs:[00000030h] 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 mov eax, dword ptr fs:[00000030h] 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 mov eax, dword ptr fs:[00000030h] 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B236 mov eax, dword ptr fs:[00000030h] 1_2_0155B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01538239 mov eax, dword ptr fs:[00000030h] 1_2_01538239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01538239 mov eax, dword ptr fs:[00000030h] 1_2_01538239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01538239 mov eax, dword ptr fs:[00000030h] 1_2_01538239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01534A20 mov eax, dword ptr fs:[00000030h] 1_2_01534A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01534A20 mov eax, dword ptr fs:[00000030h] 1_2_01534A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1229 mov eax, dword ptr fs:[00000030h] 1_2_015F1229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01574A2C mov eax, dword ptr fs:[00000030h] 1_2_01574A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01574A2C mov eax, dword ptr fs:[00000030h] 1_2_01574A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155A229 mov eax, dword ptr fs:[00000030h] 1_2_0155A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015312D4 mov eax, dword ptr fs:[00000030h] 1_2_015312D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535AC0 mov eax, dword ptr fs:[00000030h] 1_2_01535AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535AC0 mov eax, dword ptr fs:[00000030h] 1_2_01535AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01535AC0 mov eax, dword ptr fs:[00000030h] 1_2_01535AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01533ACA mov eax, dword ptr fs:[00000030h] 1_2_01533ACA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562ACB mov eax, dword ptr fs:[00000030h] 1_2_01562ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F4AEF mov eax, dword ptr fs:[00000030h] 1_2_015F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562AE4 mov eax, dword ptr fs:[00000030h] 1_2_01562AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608ADD mov eax, dword ptr fs:[00000030h] 1_2_01608ADD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156D294 mov eax, dword ptr fs:[00000030h] 1_2_0156D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156D294 mov eax, dword ptr fs:[00000030h] 1_2_0156D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F129A mov eax, dword ptr fs:[00000030h] 1_2_015F129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156DA88 mov eax, dword ptr fs:[00000030h] 1_2_0156DA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156DA88 mov eax, dword ptr fs:[00000030h] 1_2_0156DA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154AAB0 mov eax, dword ptr fs:[00000030h] 1_2_0154AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154AAB0 mov eax, dword ptr fs:[00000030h] 1_2_0154AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156FAB0 mov eax, dword ptr fs:[00000030h] 1_2_0156FAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015612BD mov esi, dword ptr fs:[00000030h] 1_2_015612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015612BD mov eax, dword ptr fs:[00000030h] 1_2_015612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015612BD mov eax, dword ptr fs:[00000030h] 1_2_015612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01531AA0 mov eax, dword ptr fs:[00000030h] 1_2_01531AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015462A0 mov eax, dword ptr fs:[00000030h] 1_2_015462A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015462A0 mov eax, dword ptr fs:[00000030h] 1_2_015462A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015462A0 mov eax, dword ptr fs:[00000030h] 1_2_015462A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015462A0 mov eax, dword ptr fs:[00000030h] 1_2_015462A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015352A5 mov eax, dword ptr fs:[00000030h] 1_2_015352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015352A5 mov eax, dword ptr fs:[00000030h] 1_2_015352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015352A5 mov eax, dword ptr fs:[00000030h] 1_2_015352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015352A5 mov eax, dword ptr fs:[00000030h] 1_2_015352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015352A5 mov eax, dword ptr fs:[00000030h] 1_2_015352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01565AA0 mov eax, dword ptr fs:[00000030h] 1_2_01565AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01565AA0 mov eax, dword ptr fs:[00000030h] 1_2_01565AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01557D50 mov eax, dword ptr fs:[00000030h] 1_2_01557D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01574D51 mov eax, dword ptr fs:[00000030h] 1_2_01574D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01574D51 mov eax, dword ptr fs:[00000030h] 1_2_01574D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01573D43 mov eax, dword ptr fs:[00000030h] 1_2_01573D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E8D47 mov eax, dword ptr fs:[00000030h] 1_2_015E8D47
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B3540 mov eax, dword ptr fs:[00000030h] 1_2_015B3540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E3D40 mov eax, dword ptr fs:[00000030h] 1_2_015E3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153354C mov eax, dword ptr fs:[00000030h] 1_2_0153354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153354C mov eax, dword ptr fs:[00000030h] 1_2_0153354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155C577 mov eax, dword ptr fs:[00000030h] 1_2_0155C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155C577 mov eax, dword ptr fs:[00000030h] 1_2_0155C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01558D76 mov eax, dword ptr fs:[00000030h] 1_2_01558D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01558D76 mov eax, dword ptr fs:[00000030h] 1_2_01558D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01558D76 mov eax, dword ptr fs:[00000030h] 1_2_01558D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01558D76 mov eax, dword ptr fs:[00000030h] 1_2_01558D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01558D76 mov eax, dword ptr fs:[00000030h] 1_2_01558D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F3518 mov eax, dword ptr fs:[00000030h] 1_2_015F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F3518 mov eax, dword ptr fs:[00000030h] 1_2_015F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F3518 mov eax, dword ptr fs:[00000030h] 1_2_015F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153751A mov eax, dword ptr fs:[00000030h] 1_2_0153751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153751A mov eax, dword ptr fs:[00000030h] 1_2_0153751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153751A mov eax, dword ptr fs:[00000030h] 1_2_0153751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153751A mov eax, dword ptr fs:[00000030h] 1_2_0153751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608D34 mov eax, dword ptr fs:[00000030h] 1_2_01608D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015DCD04 mov eax, dword ptr fs:[00000030h] 1_2_015DCD04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01543D34 mov eax, dword ptr fs:[00000030h] 1_2_01543D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0153AD30 mov eax, dword ptr fs:[00000030h] 1_2_0153AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FE539 mov eax, dword ptr fs:[00000030h] 1_2_015FE539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015BA537 mov eax, dword ptr fs:[00000030h] 1_2_015BA537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564D3B mov eax, dword ptr fs:[00000030h] 1_2_01564D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564D3B mov eax, dword ptr fs:[00000030h] 1_2_01564D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01564D3B mov eax, dword ptr fs:[00000030h] 1_2_01564D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156F527 mov eax, dword ptr fs:[00000030h] 1_2_0156F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156F527 mov eax, dword ptr fs:[00000030h] 1_2_0156F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156F527 mov eax, dword ptr fs:[00000030h] 1_2_0156F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015EFDD3 mov eax, dword ptr fs:[00000030h] 1_2_015EFDD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6DC9 mov eax, dword ptr fs:[00000030h] 1_2_015B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6DC9 mov eax, dword ptr fs:[00000030h] 1_2_015B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6DC9 mov eax, dword ptr fs:[00000030h] 1_2_015B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6DC9 mov ecx, dword ptr fs:[00000030h] 1_2_015B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6DC9 mov eax, dword ptr fs:[00000030h] 1_2_015B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6DC9 mov eax, dword ptr fs:[00000030h] 1_2_015B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015315C1 mov eax, dword ptr fs:[00000030h] 1_2_015315C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015395F0 mov eax, dword ptr fs:[00000030h] 1_2_015395F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015395F0 mov ecx, dword ptr fs:[00000030h] 1_2_015395F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015E8DF1 mov eax, dword ptr fs:[00000030h] 1_2_015E8DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154D5E0 mov eax, dword ptr fs:[00000030h] 1_2_0154D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0154D5E0 mov eax, dword ptr fs:[00000030h] 1_2_0154D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015695EC mov eax, dword ptr fs:[00000030h] 1_2_015695EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FFDE2 mov eax, dword ptr fs:[00000030h] 1_2_015FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FFDE2 mov eax, dword ptr fs:[00000030h] 1_2_015FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FFDE2 mov eax, dword ptr fs:[00000030h] 1_2_015FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FFDE2 mov eax, dword ptr fs:[00000030h] 1_2_015FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01533591 mov eax, dword ptr fs:[00000030h] 1_2_01533591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016005AC mov eax, dword ptr fs:[00000030h] 1_2_016005AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_016005AC mov eax, dword ptr fs:[00000030h] 1_2_016005AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156FD9B mov eax, dword ptr fs:[00000030h] 1_2_0156FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156FD9B mov eax, dword ptr fs:[00000030h] 1_2_0156FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562581 mov eax, dword ptr fs:[00000030h] 1_2_01562581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562581 mov eax, dword ptr fs:[00000030h] 1_2_01562581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562581 mov eax, dword ptr fs:[00000030h] 1_2_01562581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01562581 mov eax, dword ptr fs:[00000030h] 1_2_01562581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01532D8A mov eax, dword ptr fs:[00000030h] 1_2_01532D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01532D8A mov eax, dword ptr fs:[00000030h] 1_2_01532D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01532D8A mov eax, dword ptr fs:[00000030h] 1_2_01532D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01532D8A mov eax, dword ptr fs:[00000030h] 1_2_01532D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01532D8A mov eax, dword ptr fs:[00000030h] 1_2_01532D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F2D82 mov eax, dword ptr fs:[00000030h] 1_2_015F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FB581 mov eax, dword ptr fs:[00000030h] 1_2_015FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FB581 mov eax, dword ptr fs:[00000030h] 1_2_015FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FB581 mov eax, dword ptr fs:[00000030h] 1_2_015FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015FB581 mov eax, dword ptr fs:[00000030h] 1_2_015FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01561DB5 mov eax, dword ptr fs:[00000030h] 1_2_01561DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01561DB5 mov eax, dword ptr fs:[00000030h] 1_2_01561DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01561DB5 mov eax, dword ptr fs:[00000030h] 1_2_01561DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015665A0 mov eax, dword ptr fs:[00000030h] 1_2_015665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015665A0 mov eax, dword ptr fs:[00000030h] 1_2_015665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015665A0 mov eax, dword ptr fs:[00000030h] 1_2_015665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015635A1 mov eax, dword ptr fs:[00000030h] 1_2_015635A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CC450 mov eax, dword ptr fs:[00000030h] 1_2_015CC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015CC450 mov eax, dword ptr fs:[00000030h] 1_2_015CC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608C75 mov eax, dword ptr fs:[00000030h] 1_2_01608C75
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156A44B mov eax, dword ptr fs:[00000030h] 1_2_0156A44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155B477 mov eax, dword ptr fs:[00000030h] 1_2_0155B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01575C70 mov eax, dword ptr fs:[00000030h] 1_2_01575C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0156AC7B mov eax, dword ptr fs:[00000030h] 1_2_0156AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01608450 mov eax, dword ptr fs:[00000030h] 1_2_01608450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_0155746D mov eax, dword ptr fs:[00000030h] 1_2_0155746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6C0A mov eax, dword ptr fs:[00000030h] 1_2_015B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6C0A mov eax, dword ptr fs:[00000030h] 1_2_015B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6C0A mov eax, dword ptr fs:[00000030h] 1_2_015B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015B6C0A mov eax, dword ptr fs:[00000030h] 1_2_015B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_015F1C06 mov eax, dword ptr fs:[00000030h] 1_2_015F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01552430 mov eax, dword ptr fs:[00000030h] 1_2_01552430
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Code function: 1_2_01579860 NtQuerySystemInformation,LdrInitializeThunk, 1_2_01579860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 1.0.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.44aef60.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe.45233b0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000000.262712520.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.270529665.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 755894 Sample: SecuriteInfo.com.Win32.Cryp... Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 14 Malicious sample detected (through community Yara rule) 2->14 16 Antivirus detection for URL or domain 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 5 other signatures 2->20 6 SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe 3 2->6         started        process3 file4 12 SecuriteInfo.com.W...16304.13478.exe.log, ASCII 6->12 dropped 22 Tries to detect virtualization through RDTSC time measurements 6->22 24 Injects a PE file into a foreign processes 6->24 10 SecuriteInfo.com.Win32.CrypterX-gen.16304.13478.exe 6->10         started        signatures5 process6
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
www.2635westkaylaneprescott.com/ndgi/ true
  • 1%, Virustotal, Browse
  • Avira URL Cloud: malware
 low