Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp |
Malware Configuration Extractor: FormBook {"C2 list": ["www.imperiumtowns.xyz/b3es/"], "decoy": ["sweets.wtf", "apextama.com", "tygbs.com", "kumaoedu.com", "bestbathroomremodeling.club", "lnshykj.com", "nelsonanddima.com", "falunap.info", "codyhinrichs.com", "2797vip.com", "danutka.com", "3o2t307a.com", "kellymariewest.com", "profilelonn.online", "procan.website", "sopjimmy.com", "xn--skdarkae-55ac80i.net", "entitymanaged.com", "melitadahl.art", "joineguru.net", "good-meme.com", "creditconepts.com", "narafconstruction.com", "paspsichologa.com", "rancho365.com", "rimplefeel.com", "kingsub.online", "cnsrdns.com", "billythepainter.com", "clientevirtualpdf.net", "marycruzruiz.com", "renaultcikmaparca.xyz", "1600156.com", "paymallmart.info", "garafe.com", "fredrikk.net", "gogo-tunisia.space", "center-me.com", "xiaohuayhq.com", "xn--h49a60xt7azzcm91a.com", "unidiliobobo.info", "libertypolestore.com", "20111210.net", "atraofix.online", "furniron.com", "mingyun58.com", "shfesmua.com", "rdougdigital.life", "safsip.com", "melon.town", "sagihigaibengo.net", "ethnicsbyak.com", "designoffaitheventsllc.com", "dpmforensics.com", "ripple-us.net", "fuyouhin-happiness.com", "conceptweb.online", "l453.net", "zenars.com", "mepcoonlinebill.com", "oonn99.xyz", "dackus.energy", "articvas.com", "yayuanlin.com"]} |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237103546.00000000053AB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://en.wikip |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fontfabrik.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comF |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comFPx |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242284956.00000000053B6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comFgx |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comOx |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241146831.00000000053B6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.coma |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comals |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comcoma |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comdKx |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comessedBx |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comgrita |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comlvfetPx |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comm |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comoitu |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.comyux |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.c |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237783564.00000000053AE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237951551.00000000053AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/T |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.236833345.00000000053BB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/nt |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242944051.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243359577.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243191419.00000000053B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243076980.00000000053B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/ |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239980903.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240051220.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240088210.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239918940.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240133807.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239944814.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239899581.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240110528.00000000053BB000.00000004 |