Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe

Overview

General Information

Sample Name: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Analysis ID: 756014
MD5: b5678475c3c15fdafff2c5c8b49d5dc1
SHA1: 7407554011988292b3e3522e19edb5532f21ee4e
SHA256: 755c44b90198282d2494321b4cb18cab7e4426efd1b7f4a20f2a0793d68a2a1f
Tags: exe
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Sigma detected: Scheduled temp file as task from temp location
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe ReversingLabs: Detection: 34%
Yara detected FormBook
Source: Yara match File source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe ReversingLabs: Detection: 34%
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Joe Sandbox ML: detected
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Joe Sandbox ML: detected
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.mahalaburn.com/k0ud/"]}
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: www.mahalaburn.com/k0ud/
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: explorer.exe, 00000018.00000000.405613153.000000000F270000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.474698963.0000000001425000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.364042098.0000000001425000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.439327241.0000000001425000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.327538116.0000000000B47000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.coma%O
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.327538116.0000000000B47000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comlvfet
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334784566.0000000006532000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 16.2.bVgCuQEDo.exe.2f10600.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2632f48.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000002.509702733.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe PID: 2136, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: chkdsk.exe PID: 908, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 16.2.bVgCuQEDo.exe.2f10600.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2632f48.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000017.00000002.509702733.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe PID: 2136, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: chkdsk.exe PID: 908, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_0094C164 0_2_0094C164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_0094E5B0 0_2_0094E5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_0094E5A2 0_2_0094E5A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC06E8 0_2_04AC06E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC28D1 0_2_04AC28D1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC942D 0_2_04AC942D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC6589 0_2_04AC6589
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC6598 0_2_04AC6598
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC06D9 0_2_04AC06D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC2320 0_2_04AC2320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC2330 0_2_04AC2330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC6829 0_2_04AC6829
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_04AC6838 0_2_04AC6838
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_07B90758 0_2_07B90758
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_07B90748 0_2_07B90748
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Code function: 16_2_013FC164 16_2_013FC164
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Code function: 16_2_013FE5B0 16_2_013FE5B0
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Code function: 16_2_013FE5A3 16_2_013FE5A3
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Code function: 16_2_085F0040 16_2_085F0040
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Code function: 16_2_085F0031 16_2_085F0031
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108F900 18_2_0108F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A4120 18_2_010A4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141002 18_2_01141002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115E824 18_2_0115E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA830 18_2_010AA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B090 18_2_0109B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011520A8 18_2_011520A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011528EC 18_2_011528EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114231B 18_2_0114231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01152B28 18_2_01152B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AAB40 18_2_010AAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0112CB4F 18_2_0112CB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B138B 18_2_010B138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AEB9A 18_2_010AEB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0112EB8A 18_2_0112EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BEBB0 18_2_010BEBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114DBD2 18_2_0114DBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011403DA 18_2_011403DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BABD8 18_2_010BABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010D8BE8 18_2_010D8BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011323E3 18_2_011323E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0113FA2B 18_2_0113FA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011522AE 18_2_011522AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011532A9 18_2_011532A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114E2C5 18_2_0114E2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01152D07 18_2_01152D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01080D20 18_2_01080D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01151D55 18_2_01151D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B65A0 18_2_010B65A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011525DD 18_2_011525DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109D5E0 18_2_0109D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109841F 18_2_0109841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114D466 18_2_0114D466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115DFCE 18_2_0115DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01151FF1 18_2_01151FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011467E2 18_2_011467E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114D616 18_2_0114D616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A5600 18_2_010A5600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A6E30 18_2_010A6E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01131EB6 18_2_01131EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01152EF7 18_2_01152EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004012A4 18_2_004012A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00422926 18_2_00422926
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00421340 18_2_00421340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0040B437 18_2_0040B437
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004044C7 18_2_004044C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004044BE 18_2_004044BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00422514 18_2_00422514
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004215DC 18_2_004215DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0040FE67 18_2_0040FE67
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004046E7 18_2_004046E7
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: String function: 0108B150 appears 154 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: String function: 01115720 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: String function: 010DD08C appears 37 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9860 NtQuerySystemInformation,LdrInitializeThunk, 18_2_010C9860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9660 NtAllocateVirtualMemory,LdrInitializeThunk, 18_2_010C9660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C96E0 NtFreeVirtualMemory,LdrInitializeThunk, 18_2_010C96E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9910 NtAdjustPrivilegesToken, 18_2_010C9910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9950 NtQueueApcThread, 18_2_010C9950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C99A0 NtCreateSection, 18_2_010C99A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C99D0 NtCreateProcessEx, 18_2_010C99D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9820 NtEnumerateKey, 18_2_010C9820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010CB040 NtSuspendThread, 18_2_010CB040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9840 NtDelayExecution, 18_2_010C9840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C98A0 NtWriteVirtualMemory, 18_2_010C98A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C98F0 NtReadVirtualMemory, 18_2_010C98F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9B00 NtSetValueKey, 18_2_010C9B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010CA3B0 NtGetContextThread, 18_2_010CA3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9A00 NtProtectVirtualMemory, 18_2_010C9A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9A10 NtQuerySection, 18_2_010C9A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9A20 NtResumeThread, 18_2_010C9A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9A50 NtCreateFile, 18_2_010C9A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9A80 NtOpenDirectoryObject, 18_2_010C9A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9520 NtWaitForSingleObject, 18_2_010C9520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010CAD30 NtSetContextThread, 18_2_010CAD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9540 NtReadFile, 18_2_010C9540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9560 NtWriteFile, 18_2_010C9560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C95D0 NtClose, 18_2_010C95D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C95F0 NtQueryInformationFile, 18_2_010C95F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010CA710 NtOpenProcessToken, 18_2_010CA710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9710 NtQueryInformationToken, 18_2_010C9710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9730 NtQueryVirtualMemory, 18_2_010C9730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9760 NtOpenProcess, 18_2_010C9760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010CA770 NtOpenThread, 18_2_010CA770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9770 NtSetInformationFile, 18_2_010C9770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9780 NtMapViewOfSection, 18_2_010C9780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C97A0 NtUnmapViewOfSection, 18_2_010C97A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9FE0 NtCreateMutant, 18_2_010C9FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9610 NtEnumerateValueKey, 18_2_010C9610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9650 NtQueryValueKey, 18_2_010C9650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9670 NtQueryInformationProcess, 18_2_010C9670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C96D0 NtCreateKey, 18_2_010C96D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041E067 NtAllocateVirtualMemory, 18_2_0041E067
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004012A4 NtProtectVirtualMemory, 18_2_004012A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DE87 NtCreateFile, 18_2_0041DE87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DF37 NtReadFile, 18_2_0041DF37
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DFB7 NtClose, 18_2_0041DFB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041E062 NtAllocateVirtualMemory, 18_2_0041E062
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004014E9 NtProtectVirtualMemory, 18_2_004014E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DED9 NtReadFile, 18_2_0041DED9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DE81 NtCreateFile, 18_2_0041DE81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DF81 NtReadFile, 18_2_0041DF81
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334117112.0000000004AF0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.336275341.0000000006CB0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.334036482.0000000004AD0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265911908.0000000000104000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameiKkH.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.328757871.0000000000FE8000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330934926.000000000117F000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.325498544.0000000000E3B000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Binary or memory string: OriginalFilenameiKkH.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: bVgCuQEDo.exe.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe ReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
Source: C:\Windows\explorer.exe Process created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe File created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe File created: C:\Users\user\AppData\Local\Temp\tmpA32E.tmp Jump to behavior
Source: classification engine Classification label: mal100.troj.evad.winEXE@23/11@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265756583.0000000000022000.00000002.00000001.01000000.00000003.sdmp, bVgCuQEDo.exe.0.dr Binary or memory string: insert into User_Transportation(UserID,TransportationID) values (@UserID,@TransID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265756583.0000000000022000.00000002.00000001.01000000.00000003.sdmp, bVgCuQEDo.exe.0.dr Binary or memory string: insert into TourPlace(Name,Location,TicketPrice) values (@name,@location,@ticket);
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000000.265756583.0000000000022000.00000002.00000001.01000000.00000003.sdmp, bVgCuQEDo.exe.0.dr Binary or memory string: insert into User_TourPlace(UserID,TourPlaceID) values (@UserID,@TourplaceID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4272:120:WilError_01
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Mutant created: \Sessions\1\BaseNamedObjects\hJsqLKixTYpYBEkvNIEUwIPhHoo
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1400:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2680:120:WilError_01
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe String found in binary or memory: AddUserButton'AddUserPhoneTextbox'AdduserEmailtextbox-Adduserpasswordtextbox
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe String found in binary or memory: Username:-AddusertextBoxUsernameCash
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000003.327603496.0000000000EC9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000012.00000002.330019683.0000000001060000.00000040.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000017.00000002.510842522.0000000001970000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.511638904.0000000004F68000.00000004.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.540613519.000000000521F000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000002.538597996.0000000005100000.00000040.00000800.00020000.00000000.sdmp, chkdsk.exe, 0000001B.00000003.505532333.0000000004DC3000.00000004.00000800.00020000.00000000.sdmp
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 0_2_0094F972 pushad ; iretd 0_2_0094F979
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Code function: 16_2_013FF973 pushad ; iretd 16_2_013FF979
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010DD0D1 push ecx; ret 18_2_010DD0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0042107C push eax; ret 18_2_004210CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041A0CB push ecx; iretd 18_2_0041A0CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004210C9 push eax; ret 18_2_004210CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004210D2 push eax; ret 18_2_00421139
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0042209F push ebx; ret 18_2_004220A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00422926 push ebp; ret 18_2_00422DD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00421133 push eax; ret 18_2_00421139
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_004199F7 push edi; iretd 18_2_004199F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0040A30B push esp; ret 18_2_0040A311
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00405428 push ss; iretd 18_2_00405431
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00421CB3 push edx; iretd 18_2_00421CBA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_00419E1A push cs; ret 18_2_00419E1B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0041DFE1 push es; retf 18_2_0041DFE2
Source: initial sample Static PE information: section name: .text entropy: 7.649605681917304
Source: initial sample Static PE information: section name: .text entropy: 7.649605681917304
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe File created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to dropped file

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: 16.2.bVgCuQEDo.exe.2ef2e30.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.bVgCuQEDo.exe.2f10600.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2650718.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe.2632f48.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe PID: 5592, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: bVgCuQEDo.exe PID: 1500, type: MEMORYSTR
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.330634433.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000002.328148596.0000000002611000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe WMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe TID: 5576 Thread sleep time: -38122s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe TID: 5596 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5752 Thread sleep time: -3689348814741908s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2108 Thread sleep count: 8818 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5928 Thread sleep time: -4611686018427385s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe TID: 1536 Thread sleep time: -38122s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe TID: 6132 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B6B90 rdtsc 18_2_010B6B90
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 8610 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 8818 Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0 Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe API coverage: 1.7 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Thread delayed: delay time: 38122 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Thread delayed: delay time: 38122 Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000003.308065715.000000000079F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware
Source: explorer.exe, 00000018.00000000.451335841.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe, 00000000.00000003.308065715.000000000079F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_VideoController(Standard display types)VMwareE673__12Win32_VideoController1222RG_1VideoController120060621000000.000000-000.902.201display.infMSBDA53Z6XYTLPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsCKBN36KZ
Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: #l"SOFTWARE\VMware, Inc.\VMware Tools
Source: bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWARE
Source: explorer.exe, 00000018.00000000.389248876.0000000007166000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
Source: explorer.exe, 00000018.00000000.451335841.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000018.00000000.450556289.0000000008FD3000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
Source: explorer.exe, 00000018.00000000.451335841.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
Source: explorer.exe, 00000018.00000000.477722712.0000000005063000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: bVgCuQEDo.exe, 00000010.00000002.360601754.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: #l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: explorer.exe, 00000018.00000000.450556289.0000000008FD3000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: bVgCuQEDo.exe, 00000010.00000002.365234756.00000000031B6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Source: explorer.exe, 00000018.00000000.492885633.000000000F62F000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Mail
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B6B90 rdtsc 18_2_010B6B90
Enables debug privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089100 mov eax, dword ptr fs:[00000030h] 18_2_01089100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089100 mov eax, dword ptr fs:[00000030h] 18_2_01089100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089100 mov eax, dword ptr fs:[00000030h] 18_2_01089100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h] 18_2_010A4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h] 18_2_010A4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h] 18_2_010A4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A4120 mov eax, dword ptr fs:[00000030h] 18_2_010A4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A4120 mov ecx, dword ptr fs:[00000030h] 18_2_010A4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083138 mov ecx, dword ptr fs:[00000030h] 18_2_01083138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B513A mov eax, dword ptr fs:[00000030h] 18_2_010B513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B513A mov eax, dword ptr fs:[00000030h] 18_2_010B513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141951 mov eax, dword ptr fs:[00000030h] 18_2_01141951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB944 mov eax, dword ptr fs:[00000030h] 18_2_010AB944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB944 mov eax, dword ptr fs:[00000030h] 18_2_010AB944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108395E mov eax, dword ptr fs:[00000030h] 18_2_0108395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108395E mov eax, dword ptr fs:[00000030h] 18_2_0108395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108C962 mov eax, dword ptr fs:[00000030h] 18_2_0108C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158966 mov eax, dword ptr fs:[00000030h] 18_2_01158966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114E962 mov eax, dword ptr fs:[00000030h] 18_2_0114E962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108B171 mov eax, dword ptr fs:[00000030h] 18_2_0108B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108B171 mov eax, dword ptr fs:[00000030h] 18_2_0108B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AC182 mov eax, dword ptr fs:[00000030h] 18_2_010AC182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BA185 mov eax, dword ptr fs:[00000030h] 18_2_010BA185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108519E mov eax, dword ptr fs:[00000030h] 18_2_0108519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108519E mov ecx, dword ptr fs:[00000030h] 18_2_0108519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B2990 mov eax, dword ptr fs:[00000030h] 18_2_010B2990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4190 mov eax, dword ptr fs:[00000030h] 18_2_010B4190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114A189 mov eax, dword ptr fs:[00000030h] 18_2_0114A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114A189 mov ecx, dword ptr fs:[00000030h] 18_2_0114A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B61A0 mov eax, dword ptr fs:[00000030h] 18_2_010B61A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B61A0 mov eax, dword ptr fs:[00000030h] 18_2_010B61A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011051BE mov eax, dword ptr fs:[00000030h] 18_2_011051BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011051BE mov eax, dword ptr fs:[00000030h] 18_2_011051BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011051BE mov eax, dword ptr fs:[00000030h] 18_2_011051BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011051BE mov eax, dword ptr fs:[00000030h] 18_2_011051BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h] 18_2_011449A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h] 18_2_011449A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h] 18_2_011449A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011449A4 mov eax, dword ptr fs:[00000030h] 18_2_011449A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov ecx, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A99BF mov eax, dword ptr fs:[00000030h] 18_2_010A99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011069A6 mov eax, dword ptr fs:[00000030h] 18_2_011069A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011419D8 mov eax, dword ptr fs:[00000030h] 18_2_011419D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010831E0 mov eax, dword ptr fs:[00000030h] 18_2_010831E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108B1E1 mov eax, dword ptr fs:[00000030h] 18_2_0108B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108B1E1 mov eax, dword ptr fs:[00000030h] 18_2_0108B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108B1E1 mov eax, dword ptr fs:[00000030h] 18_2_0108B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011141E8 mov eax, dword ptr fs:[00000030h] 18_2_011141E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01154015 mov eax, dword ptr fs:[00000030h] 18_2_01154015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01154015 mov eax, dword ptr fs:[00000030h] 18_2_01154015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01107016 mov eax, dword ptr fs:[00000030h] 18_2_01107016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01107016 mov eax, dword ptr fs:[00000030h] 18_2_01107016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01107016 mov eax, dword ptr fs:[00000030h] 18_2_01107016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h] 18_2_0109B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h] 18_2_0109B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h] 18_2_0109B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B02A mov eax, dword ptr fs:[00000030h] 18_2_0109B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B002D mov eax, dword ptr fs:[00000030h] 18_2_010B002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B002D mov eax, dword ptr fs:[00000030h] 18_2_010B002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B002D mov eax, dword ptr fs:[00000030h] 18_2_010B002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B002D mov eax, dword ptr fs:[00000030h] 18_2_010B002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B002D mov eax, dword ptr fs:[00000030h] 18_2_010B002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h] 18_2_010AA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h] 18_2_010AA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h] 18_2_010AA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA830 mov eax, dword ptr fs:[00000030h] 18_2_010AA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141843 mov eax, dword ptr fs:[00000030h] 18_2_01141843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085050 mov eax, dword ptr fs:[00000030h] 18_2_01085050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085050 mov eax, dword ptr fs:[00000030h] 18_2_01085050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085050 mov eax, dword ptr fs:[00000030h] 18_2_01085050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A0050 mov eax, dword ptr fs:[00000030h] 18_2_010A0050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A0050 mov eax, dword ptr fs:[00000030h] 18_2_010A0050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01151074 mov eax, dword ptr fs:[00000030h] 18_2_01151074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142073 mov eax, dword ptr fs:[00000030h] 18_2_01142073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AF86D mov eax, dword ptr fs:[00000030h] 18_2_010AF86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089080 mov eax, dword ptr fs:[00000030h] 18_2_01089080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083880 mov eax, dword ptr fs:[00000030h] 18_2_01083880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083880 mov eax, dword ptr fs:[00000030h] 18_2_01083880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01103884 mov eax, dword ptr fs:[00000030h] 18_2_01103884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01103884 mov eax, dword ptr fs:[00000030h] 18_2_01103884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C90AF mov eax, dword ptr fs:[00000030h] 18_2_010C90AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h] 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h] 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h] 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h] 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h] 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B20A0 mov eax, dword ptr fs:[00000030h] 18_2_010B20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BF0BF mov ecx, dword ptr fs:[00000030h] 18_2_010BF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BF0BF mov eax, dword ptr fs:[00000030h] 18_2_010BF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BF0BF mov eax, dword ptr fs:[00000030h] 18_2_010BF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h] 18_2_0111B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111B8D0 mov ecx, dword ptr fs:[00000030h] 18_2_0111B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h] 18_2_0111B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h] 18_2_0111B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h] 18_2_0111B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111B8D0 mov eax, dword ptr fs:[00000030h] 18_2_0111B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011418CA mov eax, dword ptr fs:[00000030h] 18_2_011418CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010858EC mov eax, dword ptr fs:[00000030h] 18_2_010858EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010840E1 mov eax, dword ptr fs:[00000030h] 18_2_010840E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010840E1 mov eax, dword ptr fs:[00000030h] 18_2_010840E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010840E1 mov eax, dword ptr fs:[00000030h] 18_2_010840E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB8E4 mov eax, dword ptr fs:[00000030h] 18_2_010AB8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB8E4 mov eax, dword ptr fs:[00000030h] 18_2_010AB8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA309 mov eax, dword ptr fs:[00000030h] 18_2_010AA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114131B mov eax, dword ptr fs:[00000030h] 18_2_0114131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108DB40 mov eax, dword ptr fs:[00000030h] 18_2_0108DB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158B58 mov eax, dword ptr fs:[00000030h] 18_2_01158B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108F358 mov eax, dword ptr fs:[00000030h] 18_2_0108F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h] 18_2_010B3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h] 18_2_010B3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h] 18_2_010B3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3B5A mov eax, dword ptr fs:[00000030h] 18_2_010B3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108DB60 mov ecx, dword ptr fs:[00000030h] 18_2_0108DB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3B7A mov eax, dword ptr fs:[00000030h] 18_2_010B3B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3B7A mov eax, dword ptr fs:[00000030h] 18_2_010B3B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109F370 mov eax, dword ptr fs:[00000030h] 18_2_0109F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109F370 mov eax, dword ptr fs:[00000030h] 18_2_0109F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109F370 mov eax, dword ptr fs:[00000030h] 18_2_0109F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B138B mov eax, dword ptr fs:[00000030h] 18_2_010B138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B138B mov eax, dword ptr fs:[00000030h] 18_2_010B138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B138B mov eax, dword ptr fs:[00000030h] 18_2_010B138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01091B8F mov eax, dword ptr fs:[00000030h] 18_2_01091B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01091B8F mov eax, dword ptr fs:[00000030h] 18_2_01091B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AEB9A mov eax, dword ptr fs:[00000030h] 18_2_010AEB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AEB9A mov eax, dword ptr fs:[00000030h] 18_2_010AEB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0113D380 mov ecx, dword ptr fs:[00000030h] 18_2_0113D380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0112EB8A mov ecx, dword ptr fs:[00000030h] 18_2_0112EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0112EB8A mov eax, dword ptr fs:[00000030h] 18_2_0112EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0112EB8A mov eax, dword ptr fs:[00000030h] 18_2_0112EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0112EB8A mov eax, dword ptr fs:[00000030h] 18_2_0112EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BB390 mov eax, dword ptr fs:[00000030h] 18_2_010BB390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B2397 mov eax, dword ptr fs:[00000030h] 18_2_010B2397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084B94 mov edi, dword ptr fs:[00000030h] 18_2_01084B94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114138A mov eax, dword ptr fs:[00000030h] 18_2_0114138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158BB6 mov eax, dword ptr fs:[00000030h] 18_2_01158BB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4BAD mov eax, dword ptr fs:[00000030h] 18_2_010B4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4BAD mov eax, dword ptr fs:[00000030h] 18_2_010B4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4BAD mov eax, dword ptr fs:[00000030h] 18_2_010B4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01159BBE mov eax, dword ptr fs:[00000030h] 18_2_01159BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01155BA5 mov eax, dword ptr fs:[00000030h] 18_2_01155BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141BA8 mov eax, dword ptr fs:[00000030h] 18_2_01141BA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B53C5 mov eax, dword ptr fs:[00000030h] 18_2_010B53C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011053CA mov eax, dword ptr fs:[00000030h] 18_2_011053CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011053CA mov eax, dword ptr fs:[00000030h] 18_2_011053CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01081BE9 mov eax, dword ptr fs:[00000030h] 18_2_01081BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010ADBE9 mov eax, dword ptr fs:[00000030h] 18_2_010ADBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h] 18_2_010B03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h] 18_2_010B03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h] 18_2_010B03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h] 18_2_010B03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h] 18_2_010B03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B03E2 mov eax, dword ptr fs:[00000030h] 18_2_010B03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011323E3 mov ecx, dword ptr fs:[00000030h] 18_2_011323E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011323E3 mov ecx, dword ptr fs:[00000030h] 18_2_011323E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011323E3 mov eax, dword ptr fs:[00000030h] 18_2_011323E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114AA16 mov eax, dword ptr fs:[00000030h] 18_2_0114AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114AA16 mov eax, dword ptr fs:[00000030h] 18_2_0114AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01098A0A mov eax, dword ptr fs:[00000030h] 18_2_01098A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A3A1C mov eax, dword ptr fs:[00000030h] 18_2_010A3A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085210 mov eax, dword ptr fs:[00000030h] 18_2_01085210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085210 mov ecx, dword ptr fs:[00000030h] 18_2_01085210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085210 mov eax, dword ptr fs:[00000030h] 18_2_01085210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085210 mov eax, dword ptr fs:[00000030h] 18_2_01085210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108AA16 mov eax, dword ptr fs:[00000030h] 18_2_0108AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108AA16 mov eax, dword ptr fs:[00000030h] 18_2_0108AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C4A2C mov eax, dword ptr fs:[00000030h] 18_2_010C4A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C4A2C mov eax, dword ptr fs:[00000030h] 18_2_010C4A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AA229 mov eax, dword ptr fs:[00000030h] 18_2_010AA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084A20 mov eax, dword ptr fs:[00000030h] 18_2_01084A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084A20 mov eax, dword ptr fs:[00000030h] 18_2_01084A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01088239 mov eax, dword ptr fs:[00000030h] 18_2_01088239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01088239 mov eax, dword ptr fs:[00000030h] 18_2_01088239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01088239 mov eax, dword ptr fs:[00000030h] 18_2_01088239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h] 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h] 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h] 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h] 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h] 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB236 mov eax, dword ptr fs:[00000030h] 18_2_010AB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141229 mov eax, dword ptr fs:[00000030h] 18_2_01141229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114EA55 mov eax, dword ptr fs:[00000030h] 18_2_0114EA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01114257 mov eax, dword ptr fs:[00000030h] 18_2_01114257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089240 mov eax, dword ptr fs:[00000030h] 18_2_01089240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089240 mov eax, dword ptr fs:[00000030h] 18_2_01089240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089240 mov eax, dword ptr fs:[00000030h] 18_2_01089240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01089240 mov eax, dword ptr fs:[00000030h] 18_2_01089240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141A5F mov eax, dword ptr fs:[00000030h] 18_2_01141A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C5A69 mov eax, dword ptr fs:[00000030h] 18_2_010C5A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C5A69 mov eax, dword ptr fs:[00000030h] 18_2_010C5A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C5A69 mov eax, dword ptr fs:[00000030h] 18_2_010C5A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0113B260 mov eax, dword ptr fs:[00000030h] 18_2_0113B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0113B260 mov eax, dword ptr fs:[00000030h] 18_2_0113B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C927A mov eax, dword ptr fs:[00000030h] 18_2_010C927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158A62 mov eax, dword ptr fs:[00000030h] 18_2_01158A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114129A mov eax, dword ptr fs:[00000030h] 18_2_0114129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BD294 mov eax, dword ptr fs:[00000030h] 18_2_010BD294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BD294 mov eax, dword ptr fs:[00000030h] 18_2_010BD294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01081AA0 mov eax, dword ptr fs:[00000030h] 18_2_01081AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B5AA0 mov eax, dword ptr fs:[00000030h] 18_2_010B5AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B5AA0 mov eax, dword ptr fs:[00000030h] 18_2_010B5AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h] 18_2_010852A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h] 18_2_010852A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h] 18_2_010852A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h] 18_2_010852A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010852A5 mov eax, dword ptr fs:[00000030h] 18_2_010852A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B12BD mov esi, dword ptr fs:[00000030h] 18_2_010B12BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B12BD mov eax, dword ptr fs:[00000030h] 18_2_010B12BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B12BD mov eax, dword ptr fs:[00000030h] 18_2_010B12BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109AAB0 mov eax, dword ptr fs:[00000030h] 18_2_0109AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109AAB0 mov eax, dword ptr fs:[00000030h] 18_2_0109AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BFAB0 mov eax, dword ptr fs:[00000030h] 18_2_010BFAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B2ACB mov eax, dword ptr fs:[00000030h] 18_2_010B2ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083ACA mov eax, dword ptr fs:[00000030h] 18_2_01083ACA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085AC0 mov eax, dword ptr fs:[00000030h] 18_2_01085AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085AC0 mov eax, dword ptr fs:[00000030h] 18_2_01085AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01085AC0 mov eax, dword ptr fs:[00000030h] 18_2_01085AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010812D4 mov eax, dword ptr fs:[00000030h] 18_2_010812D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B2AE4 mov eax, dword ptr fs:[00000030h] 18_2_010B2AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144AEF mov eax, dword ptr fs:[00000030h] 18_2_01144AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01143518 mov eax, dword ptr fs:[00000030h] 18_2_01143518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01143518 mov eax, dword ptr fs:[00000030h] 18_2_01143518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01143518 mov eax, dword ptr fs:[00000030h] 18_2_01143518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158D34 mov eax, dword ptr fs:[00000030h] 18_2_01158D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0110A537 mov eax, dword ptr fs:[00000030h] 18_2_0110A537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BF527 mov eax, dword ptr fs:[00000030h] 18_2_010BF527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BF527 mov eax, dword ptr fs:[00000030h] 18_2_010BF527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BF527 mov eax, dword ptr fs:[00000030h] 18_2_010BF527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114E539 mov eax, dword ptr fs:[00000030h] 18_2_0114E539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4D3B mov eax, dword ptr fs:[00000030h] 18_2_010B4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4D3B mov eax, dword ptr fs:[00000030h] 18_2_010B4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4D3B mov eax, dword ptr fs:[00000030h] 18_2_010B4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108AD30 mov eax, dword ptr fs:[00000030h] 18_2_0108AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01093D34 mov eax, dword ptr fs:[00000030h] 18_2_01093D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108354C mov eax, dword ptr fs:[00000030h] 18_2_0108354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108354C mov eax, dword ptr fs:[00000030h] 18_2_0108354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C3D43 mov eax, dword ptr fs:[00000030h] 18_2_010C3D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01103540 mov eax, dword ptr fs:[00000030h] 18_2_01103540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01133D40 mov eax, dword ptr fs:[00000030h] 18_2_01133D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A7D50 mov eax, dword ptr fs:[00000030h] 18_2_010A7D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C4D51 mov eax, dword ptr fs:[00000030h] 18_2_010C4D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C4D51 mov eax, dword ptr fs:[00000030h] 18_2_010C4D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h] 18_2_010A8D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h] 18_2_010A8D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h] 18_2_010A8D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h] 18_2_010A8D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A8D76 mov eax, dword ptr fs:[00000030h] 18_2_010A8D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AC577 mov eax, dword ptr fs:[00000030h] 18_2_010AC577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AC577 mov eax, dword ptr fs:[00000030h] 18_2_010AC577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h] 18_2_01082D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h] 18_2_01082D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h] 18_2_01082D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h] 18_2_01082D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082D8A mov eax, dword ptr fs:[00000030h] 18_2_01082D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BFD9B mov eax, dword ptr fs:[00000030h] 18_2_010BFD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BFD9B mov eax, dword ptr fs:[00000030h] 18_2_010BFD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h] 18_2_0114B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h] 18_2_0114B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h] 18_2_0114B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114B581 mov eax, dword ptr fs:[00000030h] 18_2_0114B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01142D82 mov eax, dword ptr fs:[00000030h] 18_2_01142D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083591 mov eax, dword ptr fs:[00000030h] 18_2_01083591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B35A1 mov eax, dword ptr fs:[00000030h] 18_2_010B35A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B65A0 mov eax, dword ptr fs:[00000030h] 18_2_010B65A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B65A0 mov eax, dword ptr fs:[00000030h] 18_2_010B65A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B65A0 mov eax, dword ptr fs:[00000030h] 18_2_010B65A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011505AC mov eax, dword ptr fs:[00000030h] 18_2_011505AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011505AC mov eax, dword ptr fs:[00000030h] 18_2_011505AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B1DB5 mov eax, dword ptr fs:[00000030h] 18_2_010B1DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B1DB5 mov eax, dword ptr fs:[00000030h] 18_2_010B1DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B1DB5 mov eax, dword ptr fs:[00000030h] 18_2_010B1DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0113FDD3 mov eax, dword ptr fs:[00000030h] 18_2_0113FDD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010815C1 mov eax, dword ptr fs:[00000030h] 18_2_010815C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h] 18_2_01106DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h] 18_2_01106DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h] 18_2_01106DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106DC9 mov ecx, dword ptr fs:[00000030h] 18_2_01106DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h] 18_2_01106DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106DC9 mov eax, dword ptr fs:[00000030h] 18_2_01106DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01138DF1 mov eax, dword ptr fs:[00000030h] 18_2_01138DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109D5E0 mov eax, dword ptr fs:[00000030h] 18_2_0109D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109D5E0 mov eax, dword ptr fs:[00000030h] 18_2_0109D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h] 18_2_0114FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h] 18_2_0114FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h] 18_2_0114FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0114FDE2 mov eax, dword ptr fs:[00000030h] 18_2_0114FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010895F0 mov eax, dword ptr fs:[00000030h] 18_2_010895F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010895F0 mov ecx, dword ptr fs:[00000030h] 18_2_010895F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158C14 mov eax, dword ptr fs:[00000030h] 18_2_01158C14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141C06 mov eax, dword ptr fs:[00000030h] 18_2_01141C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115740D mov eax, dword ptr fs:[00000030h] 18_2_0115740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115740D mov eax, dword ptr fs:[00000030h] 18_2_0115740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115740D mov eax, dword ptr fs:[00000030h] 18_2_0115740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h] 18_2_01106C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h] 18_2_01106C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h] 18_2_01106C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106C0A mov eax, dword ptr fs:[00000030h] 18_2_01106C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BBC2C mov eax, dword ptr fs:[00000030h] 18_2_010BBC2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084439 mov eax, dword ptr fs:[00000030h] 18_2_01084439
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3C3E mov eax, dword ptr fs:[00000030h] 18_2_010B3C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3C3E mov eax, dword ptr fs:[00000030h] 18_2_010B3C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3C3E mov eax, dword ptr fs:[00000030h] 18_2_010B3C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B433 mov eax, dword ptr fs:[00000030h] 18_2_0109B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B433 mov eax, dword ptr fs:[00000030h] 18_2_0109B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109B433 mov eax, dword ptr fs:[00000030h] 18_2_0109B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BA44B mov eax, dword ptr fs:[00000030h] 18_2_010BA44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111C450 mov eax, dword ptr fs:[00000030h] 18_2_0111C450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111C450 mov eax, dword ptr fs:[00000030h] 18_2_0111C450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158C75 mov eax, dword ptr fs:[00000030h] 18_2_01158C75
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A746D mov eax, dword ptr fs:[00000030h] 18_2_010A746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BAC7B mov eax, dword ptr fs:[00000030h] 18_2_010BAC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C5C70 mov eax, dword ptr fs:[00000030h] 18_2_010C5C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB477 mov eax, dword ptr fs:[00000030h] 18_2_010AB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01144496 mov eax, dword ptr fs:[00000030h] 18_2_01144496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01081480 mov eax, dword ptr fs:[00000030h] 18_2_01081480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109849B mov eax, dword ptr fs:[00000030h] 18_2_0109849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108649B mov eax, dword ptr fs:[00000030h] 18_2_0108649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108649B mov eax, dword ptr fs:[00000030h] 18_2_0108649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084CB0 mov eax, dword ptr fs:[00000030h] 18_2_01084CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158CD6 mov eax, dword ptr fs:[00000030h] 18_2_01158CD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082CDB mov eax, dword ptr fs:[00000030h] 18_2_01082CDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106CF0 mov eax, dword ptr fs:[00000030h] 18_2_01106CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106CF0 mov eax, dword ptr fs:[00000030h] 18_2_01106CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01106CF0 mov eax, dword ptr fs:[00000030h] 18_2_01106CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011414FB mov eax, dword ptr fs:[00000030h] 18_2_011414FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111FF10 mov eax, dword ptr fs:[00000030h] 18_2_0111FF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0111FF10 mov eax, dword ptr fs:[00000030h] 18_2_0111FF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BA70E mov eax, dword ptr fs:[00000030h] 18_2_010BA70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BA70E mov eax, dword ptr fs:[00000030h] 18_2_010BA70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115070D mov eax, dword ptr fs:[00000030h] 18_2_0115070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0115070D mov eax, dword ptr fs:[00000030h] 18_2_0115070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B4710 mov eax, dword ptr fs:[00000030h] 18_2_010B4710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AF716 mov eax, dword ptr fs:[00000030h] 18_2_010AF716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084F2E mov eax, dword ptr fs:[00000030h] 18_2_01084F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01084F2E mov eax, dword ptr fs:[00000030h] 18_2_01084F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB73D mov eax, dword ptr fs:[00000030h] 18_2_010AB73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AB73D mov eax, dword ptr fs:[00000030h] 18_2_010AB73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B3F33 mov eax, dword ptr fs:[00000030h] 18_2_010B3F33
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BE730 mov eax, dword ptr fs:[00000030h] 18_2_010BE730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01141751 mov eax, dword ptr fs:[00000030h] 18_2_01141751
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010BDF4C mov eax, dword ptr fs:[00000030h] 18_2_010BDF4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109EF40 mov eax, dword ptr fs:[00000030h] 18_2_0109EF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108A745 mov eax, dword ptr fs:[00000030h] 18_2_0108A745
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0109FF60 mov eax, dword ptr fs:[00000030h] 18_2_0109FF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AE760 mov eax, dword ptr fs:[00000030h] 18_2_010AE760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010AE760 mov eax, dword ptr fs:[00000030h] 18_2_010AE760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01158F6A mov eax, dword ptr fs:[00000030h] 18_2_01158F6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01107794 mov eax, dword ptr fs:[00000030h] 18_2_01107794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01107794 mov eax, dword ptr fs:[00000030h] 18_2_01107794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01107794 mov eax, dword ptr fs:[00000030h] 18_2_01107794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01098794 mov eax, dword ptr fs:[00000030h] 18_2_01098794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov ecx, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01082FB0 mov eax, dword ptr fs:[00000030h] 18_2_01082FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_011417D2 mov eax, dword ptr fs:[00000030h] 18_2_011417D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083FC5 mov eax, dword ptr fs:[00000030h] 18_2_01083FC5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083FC5 mov eax, dword ptr fs:[00000030h] 18_2_01083FC5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01083FC5 mov eax, dword ptr fs:[00000030h] 18_2_01083FC5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010B37EB mov eax, dword ptr fs:[00000030h] 18_2_010B37EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A97ED mov eax, dword ptr fs:[00000030h] 18_2_010A97ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C37F5 mov eax, dword ptr fs:[00000030h] 18_2_010C37F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_01112E14 mov eax, dword ptr fs:[00000030h] 18_2_01112E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108C600 mov eax, dword ptr fs:[00000030h] 18_2_0108C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108C600 mov eax, dword ptr fs:[00000030h] 18_2_0108C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_0108C600 mov eax, dword ptr fs:[00000030h] 18_2_0108C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010A5600 mov eax, dword ptr fs:[00000030h] 18_2_010A5600
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\chkdsk.exe Process queried: DebugPort
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Code function: 18_2_010C9860 NtQuerySystemInformation,LdrInitializeThunk, 18_2_010C9860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Sample uses process hollowing technique
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Section unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: C80000 Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Section loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Section loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and write Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe base: 400000 value starts with: 4D5A Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Thread APC queued: target process: C:\Windows\explorer.exe Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Thread register set: target process: 3452 Jump to behavior
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpA32E.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bVgCuQEDo" /XML "C:\Users\user\AppData\Local\Temp\tmpEC0E.tmp Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Process created: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Jump to behavior
Source: explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.475446310.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.364838469.0000000001980000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Program ManagerT7<=ge
Source: explorer.exe, 00000018.00000000.482082204.0000000006770000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.400937623.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.475446310.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.364838469.0000000001980000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: explorer.exe, 00000018.00000000.438991980.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.474226196.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.362319149.0000000001378000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CProgmanile
Source: explorer.exe, 00000018.00000000.439720508.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.475446310.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.364838469.0000000001980000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Queries volume information: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bVgCuQEDo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 00000018.00000000.458798122.000000001018B000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.533460019.0000000000C40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.329666151.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.537923698.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.531965809.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 756014 Sample: SecuriteInfo.com.Win32.Cryp... Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 51 Malicious sample detected (through community Yara rule) 2->51 53 Sigma detected: Scheduled temp file as task from temp location 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 5 other signatures 2->57 8 bVgCuQEDo.exe 5 2->8         started        11 SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe 7 2->11         started        process3 file4 59 Multi AV Scanner detection for dropped file 8->59 61 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->61 63 Machine Learning detection for dropped file 8->63 14 bVgCuQEDo.exe 8->14         started        17 schtasks.exe 1 8->17         started        19 bVgCuQEDo.exe 8->19         started        21 bVgCuQEDo.exe 8->21         started        43 C:\Users\user\AppData\Roaming\bVgCuQEDo.exe, PE32 11->43 dropped 45 C:\Users\...\bVgCuQEDo.exe:Zone.Identifier, ASCII 11->45 dropped 47 C:\Users\user\AppData\Local\...\tmpA32E.tmp, XML 11->47 dropped 49 SecuriteInfo.com.W....22726.1920.exe.log, ASCII 11->49 dropped 65 Uses schtasks.exe or at.exe to add and modify task schedules 11->65 67 Adds a directory exclusion to Windows Defender 11->67 69 Injects a PE file into a foreign processes 11->69 23 powershell.exe 19 11->23         started        25 powershell.exe 19 11->25         started        27 schtasks.exe 1 11->27         started        29 SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe 11->29         started        signatures5 process6 signatures7 71 Modifies the context of a thread in another process (thread injection) 14->71 73 Maps a DLL or memory area into another process 14->73 75 Sample uses process hollowing technique 14->75 77 Queues an APC in another process (thread injection) 14->77 31 explorer.exe 14->31 injected 33 conhost.exe 17->33         started        35 conhost.exe 23->35         started        37 conhost.exe 25->37         started        39 conhost.exe 27->39         started        process8 process9 41 chkdsk.exe 31->41         started       
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
www.mahalaburn.com/k0ud/ true
  • Avira URL Cloud: safe
 low