Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe

Overview

General Information

Sample Name: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Analysis ID: 756187
MD5: 2364501a86685f9a53d37d339549cee5
SHA1: ebacf33c1e9f53048a8e808429671ed489dc285d
SHA256: 74a3379894a1b92cb381a128c7fe7c5f97e1a12df02588ec816d1a4fc5dc0a25
Tags: exe
Infos:

Detection

FormBook
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection

barindex
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe ReversingLabs: Detection: 50%
Source: Yara match File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Joe Sandbox ML: detected
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack Avira: Label: TR/Crypt.ZPACK.Gen
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.imperiumtowns.xyz/b3es/"], "decoy": ["sweets.wtf", "apextama.com", "tygbs.com", "kumaoedu.com", "bestbathroomremodeling.club", "lnshykj.com", "nelsonanddima.com", "falunap.info", "codyhinrichs.com", "2797vip.com", "danutka.com", "3o2t307a.com", "kellymariewest.com", "profilelonn.online", "procan.website", "sopjimmy.com", "xn--skdarkae-55ac80i.net", "entitymanaged.com", "melitadahl.art", "joineguru.net", "good-meme.com", "creditconepts.com", "narafconstruction.com", "paspsichologa.com", "rancho365.com", "rimplefeel.com", "kingsub.online", "cnsrdns.com", "billythepainter.com", "clientevirtualpdf.net", "marycruzruiz.com", "renaultcikmaparca.xyz", "1600156.com", "paymallmart.info", "garafe.com", "fredrikk.net", "gogo-tunisia.space", "center-me.com", "xiaohuayhq.com", "xn--h49a60xt7azzcm91a.com", "unidiliobobo.info", "libertypolestore.com", "20111210.net", "atraofix.online", "furniron.com", "mingyun58.com", "shfesmua.com", "rdougdigital.life", "safsip.com", "melon.town", "sagihigaibengo.net", "ethnicsbyak.com", "designoffaitheventsllc.com", "dpmforensics.com", "ripple-us.net", "fuyouhin-happiness.com", "conceptweb.online", "l453.net", "zenars.com", "mepcoonlinebill.com", "oonn99.xyz", "dackus.energy", "articvas.com", "yayuanlin.com"]}
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp

Networking

barindex
Source: Malware configuration extractor URLs: www.imperiumtowns.xyz/b3es/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237103546.00000000053AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://en.wikip
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comF
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comFPx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242284956.00000000053B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comFgx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comOx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241146831.00000000053B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.coma
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comals
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241314930.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comcoma
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comdKx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comessedBx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comgrita
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240603222.00000000053B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comlvfetPx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.254193387.00000000053B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comm
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240670623.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comoitu
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241550871.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240742786.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241616644.00000000053BA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.241336054.00000000053BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comyux
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.c
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237766559.00000000053A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237783564.00000000053AE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.237951551.00000000053AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/T
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.236833345.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/nt
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242944051.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243359577.00000000053B6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243191419.00000000053B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.243076980.00000000053B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242734447.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242880246.00000000053B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239980903.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240051220.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240088210.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239918940.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240133807.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239944814.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239899581.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240110528.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.240166526.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239744541.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239850577.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239808719.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239830507.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239706031.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/(x
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/6x
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Ox
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Px
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/gx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Kx
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239615103.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239638756.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239686574.00000000053BB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/os
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.239447034.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/ux
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.242595921.00000000053A5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.monotype.
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.235284225.00000000053BB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.238183730.00000000053DE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.275925764.00000000065B2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud

barindex
Source: Yara match File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

barindex
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 5948, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 5948, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 0_2_00A7C164 0_2_00A7C164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 0_2_00A7E5A2 0_2_00A7E5A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 0_2_00A7E5B0 0_2_00A7E5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103F900 2_2_0103F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01054120 2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036800 2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1002 2_2_010F1002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110E824 2_2_0110E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A830 2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B090 2_2_0104B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011020A8 2_2_011020A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011028EC 2_2_011028EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F231B 2_2_010F231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01102B28 2_2_01102B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010DCB4F 2_2_010DCB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105AB40 2_2_0105AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010DEB8A 2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106138B 2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105EB9A 2_2_0105EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106EBB0 2_2_0106EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F03DA 2_2_010F03DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FDBD2 2_2_010FDBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106ABD8 2_2_0106ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01088BE8 2_2_01088BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E23E3 2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010EFA2B 2_2_010EFA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011032A9 2_2_011032A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011022AE 2_2_011022AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FE2C5 2_2_010FE2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01102D07 2_2_01102D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01030D20 2_2_01030D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01101D55 2_2_01101D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062581 2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010665A0 2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011025DD 2_2_011025DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104D5E0 2_2_0104D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104841F 2_2_0104841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FD466 2_2_010FD466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110DFCE 2_2_0110DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01101FF1 2_2_01101FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F67E2 2_2_010F67E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01055600 2_2_01055600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FD616 2_2_010FD616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01056E30 2_2_01056E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E1EB6 2_2_010E1EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01102EF7 2_2_01102EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: String function: 010C5720 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: String function: 0103B150 appears 154 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: String function: 0108D08C appears 39 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079860 NtQuerySystemInformation,LdrInitializeThunk, 2_2_01079860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079660 NtAllocateVirtualMemory,LdrInitializeThunk, 2_2_01079660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010796E0 NtFreeVirtualMemory,LdrInitializeThunk, 2_2_010796E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079910 NtAdjustPrivilegesToken, 2_2_01079910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079950 NtQueueApcThread, 2_2_01079950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010799A0 NtCreateSection, 2_2_010799A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010799D0 NtCreateProcessEx, 2_2_010799D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079820 NtEnumerateKey, 2_2_01079820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079840 NtDelayExecution, 2_2_01079840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0107B040 NtSuspendThread, 2_2_0107B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010798A0 NtWriteVirtualMemory, 2_2_010798A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010798F0 NtReadVirtualMemory, 2_2_010798F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079B00 NtSetValueKey, 2_2_01079B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0107A3B0 NtGetContextThread, 2_2_0107A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079A00 NtProtectVirtualMemory, 2_2_01079A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079A10 NtQuerySection, 2_2_01079A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079A20 NtResumeThread, 2_2_01079A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079A50 NtCreateFile, 2_2_01079A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079A80 NtOpenDirectoryObject, 2_2_01079A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079520 NtWaitForSingleObject, 2_2_01079520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0107AD30 NtSetContextThread, 2_2_0107AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079540 NtReadFile, 2_2_01079540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079560 NtWriteFile, 2_2_01079560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010795D0 NtClose, 2_2_010795D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010795F0 NtQueryInformationFile, 2_2_010795F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0107A710 NtOpenProcessToken, 2_2_0107A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079710 NtQueryInformationToken, 2_2_01079710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079730 NtQueryVirtualMemory, 2_2_01079730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079760 NtOpenProcess, 2_2_01079760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0107A770 NtOpenThread, 2_2_0107A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079770 NtSetInformationFile, 2_2_01079770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079780 NtMapViewOfSection, 2_2_01079780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010797A0 NtUnmapViewOfSection, 2_2_010797A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079FE0 NtCreateMutant, 2_2_01079FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079610 NtEnumerateValueKey, 2_2_01079610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079650 NtQueryValueKey, 2_2_01079650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079670 NtQueryInformationProcess, 2_2_01079670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010796D0 NtCreateKey, 2_2_010796D0
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.277100354.0000000006E70000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamehlqt.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.258176308.0000000000F9A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.260500799.000000000112F000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.254473886.0000000000DEC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Binary or memory string: OriginalFilenamehlqt.exeB vs SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe ReversingLabs: Detection: 50%
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.log Jump to behavior
Source: classification engine Classification label: mal88.troj.evad.winEXE@5/1@0/0
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: insert into User_Transportation(UserID,TransportationID) values (@UserID,@TransID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: insert into TourPlace(Name,Location,TicketPrice) values (@name,@location,@ticket);
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000000.231950472.0000000000082000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: insert into User_TourPlace(UserID,TourPlaceID) values (@UserID,@TourplaceID);
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Mutant created: \Sessions\1\BaseNamedObjects\hrCPkPTHlBkxv
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000003.236688691.00000000053BB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: a trademark of the Microsoft group of companies.slnt
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe String found in binary or memory: AddUserButton'AddUserPhoneTextbox'AdduserEmailtextbox-Adduserpasswordtextbox
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe String found in binary or memory: Username:-AddusertextBoxUsernameCash
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000002.259630294.0000000001010000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.256483159.0000000000E7B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000002.00000003.253297062.0000000000CD6000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0108D0D1 push ecx; ret 2_2_0108D0E4
Source: initial sample Static PE information: section name: .text entropy: 7.650390698554388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23f0738.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.23d2f68.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe PID: 2804, type: MEMORYSTR
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.256915328.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe RDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe RDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe TID: 6000 Thread sleep time: -38122s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe TID: 5984 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01066B90 rdtsc 2_2_01066B90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe API coverage: 0.6 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Thread delayed: delay time: 38122 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe, 00000000.00000002.258835814.00000000024C6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01066B90 rdtsc 2_2_01066B90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039100 mov eax, dword ptr fs:[00000030h] 2_2_01039100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039100 mov eax, dword ptr fs:[00000030h] 2_2_01039100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039100 mov eax, dword ptr fs:[00000030h] 2_2_01039100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h] 2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h] 2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h] 2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01054120 mov eax, dword ptr fs:[00000030h] 2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01054120 mov ecx, dword ptr fs:[00000030h] 2_2_01054120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01033138 mov ecx, dword ptr fs:[00000030h] 2_2_01033138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106513A mov eax, dword ptr fs:[00000030h] 2_2_0106513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106513A mov eax, dword ptr fs:[00000030h] 2_2_0106513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B944 mov eax, dword ptr fs:[00000030h] 2_2_0105B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B944 mov eax, dword ptr fs:[00000030h] 2_2_0105B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103395E mov eax, dword ptr fs:[00000030h] 2_2_0103395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103395E mov eax, dword ptr fs:[00000030h] 2_2_0103395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1951 mov eax, dword ptr fs:[00000030h] 2_2_010F1951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103C962 mov eax, dword ptr fs:[00000030h] 2_2_0103C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FE962 mov eax, dword ptr fs:[00000030h] 2_2_010FE962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103B171 mov eax, dword ptr fs:[00000030h] 2_2_0103B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103B171 mov eax, dword ptr fs:[00000030h] 2_2_0103B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108966 mov eax, dword ptr fs:[00000030h] 2_2_01108966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106A185 mov eax, dword ptr fs:[00000030h] 2_2_0106A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FA189 mov eax, dword ptr fs:[00000030h] 2_2_010FA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FA189 mov ecx, dword ptr fs:[00000030h] 2_2_010FA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105C182 mov eax, dword ptr fs:[00000030h] 2_2_0105C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062990 mov eax, dword ptr fs:[00000030h] 2_2_01062990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064190 mov eax, dword ptr fs:[00000030h] 2_2_01064190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103519E mov eax, dword ptr fs:[00000030h] 2_2_0103519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103519E mov ecx, dword ptr fs:[00000030h] 2_2_0103519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010661A0 mov eax, dword ptr fs:[00000030h] 2_2_010661A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010661A0 mov eax, dword ptr fs:[00000030h] 2_2_010661A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h] 2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h] 2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h] 2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F49A4 mov eax, dword ptr fs:[00000030h] 2_2_010F49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B69A6 mov eax, dword ptr fs:[00000030h] 2_2_010B69A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h] 2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h] 2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h] 2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B51BE mov eax, dword ptr fs:[00000030h] 2_2_010B51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov ecx, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010599BF mov eax, dword ptr fs:[00000030h] 2_2_010599BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F19D8 mov eax, dword ptr fs:[00000030h] 2_2_010F19D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103B1E1 mov eax, dword ptr fs:[00000030h] 2_2_0103B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103B1E1 mov eax, dword ptr fs:[00000030h] 2_2_0103B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103B1E1 mov eax, dword ptr fs:[00000030h] 2_2_0103B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010331E0 mov eax, dword ptr fs:[00000030h] 2_2_010331E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010C41E8 mov eax, dword ptr fs:[00000030h] 2_2_010C41E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011089E7 mov eax, dword ptr fs:[00000030h] 2_2_011089E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036800 mov eax, dword ptr fs:[00000030h] 2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036800 mov eax, dword ptr fs:[00000030h] 2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036800 mov eax, dword ptr fs:[00000030h] 2_2_01036800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01104015 mov eax, dword ptr fs:[00000030h] 2_2_01104015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01104015 mov eax, dword ptr fs:[00000030h] 2_2_01104015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B7016 mov eax, dword ptr fs:[00000030h] 2_2_010B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B7016 mov eax, dword ptr fs:[00000030h] 2_2_010B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B7016 mov eax, dword ptr fs:[00000030h] 2_2_010B7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064020 mov edi, dword ptr fs:[00000030h] 2_2_01064020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h] 2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h] 2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h] 2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h] 2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106002D mov eax, dword ptr fs:[00000030h] 2_2_0106002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h] 2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h] 2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h] 2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B02A mov eax, dword ptr fs:[00000030h] 2_2_0104B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h] 2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h] 2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h] 2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A830 mov eax, dword ptr fs:[00000030h] 2_2_0105A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1843 mov eax, dword ptr fs:[00000030h] 2_2_010F1843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035050 mov eax, dword ptr fs:[00000030h] 2_2_01035050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035050 mov eax, dword ptr fs:[00000030h] 2_2_01035050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035050 mov eax, dword ptr fs:[00000030h] 2_2_01035050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01050050 mov eax, dword ptr fs:[00000030h] 2_2_01050050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01050050 mov eax, dword ptr fs:[00000030h] 2_2_01050050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01101074 mov eax, dword ptr fs:[00000030h] 2_2_01101074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105F86D mov eax, dword ptr fs:[00000030h] 2_2_0105F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2073 mov eax, dword ptr fs:[00000030h] 2_2_010F2073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039080 mov eax, dword ptr fs:[00000030h] 2_2_01039080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01033880 mov eax, dword ptr fs:[00000030h] 2_2_01033880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01033880 mov eax, dword ptr fs:[00000030h] 2_2_01033880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B3884 mov eax, dword ptr fs:[00000030h] 2_2_010B3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B3884 mov eax, dword ptr fs:[00000030h] 2_2_010B3884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h] 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h] 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h] 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h] 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h] 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010620A0 mov eax, dword ptr fs:[00000030h] 2_2_010620A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010790AF mov eax, dword ptr fs:[00000030h] 2_2_010790AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h] 2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h] 2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h] 2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428AE mov ecx, dword ptr fs:[00000030h] 2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h] 2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428AE mov eax, dword ptr fs:[00000030h] 2_2_010428AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106F0BF mov ecx, dword ptr fs:[00000030h] 2_2_0106F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106F0BF mov eax, dword ptr fs:[00000030h] 2_2_0106F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106F0BF mov eax, dword ptr fs:[00000030h] 2_2_0106F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F18CA mov eax, dword ptr fs:[00000030h] 2_2_010F18CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h] 2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CB8D0 mov ecx, dword ptr fs:[00000030h] 2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h] 2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h] 2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h] 2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CB8D0 mov eax, dword ptr fs:[00000030h] 2_2_010CB8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B8E4 mov eax, dword ptr fs:[00000030h] 2_2_0105B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B8E4 mov eax, dword ptr fs:[00000030h] 2_2_0105B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010340E1 mov eax, dword ptr fs:[00000030h] 2_2_010340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010340E1 mov eax, dword ptr fs:[00000030h] 2_2_010340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010340E1 mov eax, dword ptr fs:[00000030h] 2_2_010340E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010358EC mov eax, dword ptr fs:[00000030h] 2_2_010358EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428FD mov eax, dword ptr fs:[00000030h] 2_2_010428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428FD mov eax, dword ptr fs:[00000030h] 2_2_010428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010428FD mov eax, dword ptr fs:[00000030h] 2_2_010428FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A309 mov eax, dword ptr fs:[00000030h] 2_2_0105A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F131B mov eax, dword ptr fs:[00000030h] 2_2_010F131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103DB40 mov eax, dword ptr fs:[00000030h] 2_2_0103DB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108B58 mov eax, dword ptr fs:[00000030h] 2_2_01108B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103F358 mov eax, dword ptr fs:[00000030h] 2_2_0103F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h] 2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h] 2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h] 2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063B5A mov eax, dword ptr fs:[00000030h] 2_2_01063B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103DB60 mov ecx, dword ptr fs:[00000030h] 2_2_0103DB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104F370 mov eax, dword ptr fs:[00000030h] 2_2_0104F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104F370 mov eax, dword ptr fs:[00000030h] 2_2_0104F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104F370 mov eax, dword ptr fs:[00000030h] 2_2_0104F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063B7A mov eax, dword ptr fs:[00000030h] 2_2_01063B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063B7A mov eax, dword ptr fs:[00000030h] 2_2_01063B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F138A mov eax, dword ptr fs:[00000030h] 2_2_010F138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010DEB8A mov ecx, dword ptr fs:[00000030h] 2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010DEB8A mov eax, dword ptr fs:[00000030h] 2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010DEB8A mov eax, dword ptr fs:[00000030h] 2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010DEB8A mov eax, dword ptr fs:[00000030h] 2_2_010DEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01041B8F mov eax, dword ptr fs:[00000030h] 2_2_01041B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01041B8F mov eax, dword ptr fs:[00000030h] 2_2_01041B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106138B mov eax, dword ptr fs:[00000030h] 2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106138B mov eax, dword ptr fs:[00000030h] 2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106138B mov eax, dword ptr fs:[00000030h] 2_2_0106138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010ED380 mov ecx, dword ptr fs:[00000030h] 2_2_010ED380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062397 mov eax, dword ptr fs:[00000030h] 2_2_01062397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106B390 mov eax, dword ptr fs:[00000030h] 2_2_0106B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034B94 mov edi, dword ptr fs:[00000030h] 2_2_01034B94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105EB9A mov eax, dword ptr fs:[00000030h] 2_2_0105EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105EB9A mov eax, dword ptr fs:[00000030h] 2_2_0105EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108BB6 mov eax, dword ptr fs:[00000030h] 2_2_01108BB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1BA8 mov eax, dword ptr fs:[00000030h] 2_2_010F1BA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064BAD mov eax, dword ptr fs:[00000030h] 2_2_01064BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064BAD mov eax, dword ptr fs:[00000030h] 2_2_01064BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064BAD mov eax, dword ptr fs:[00000030h] 2_2_01064BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01109BBE mov eax, dword ptr fs:[00000030h] 2_2_01109BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01105BA5 mov eax, dword ptr fs:[00000030h] 2_2_01105BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B53CA mov eax, dword ptr fs:[00000030h] 2_2_010B53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B53CA mov eax, dword ptr fs:[00000030h] 2_2_010B53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010653C5 mov eax, dword ptr fs:[00000030h] 2_2_010653C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h] 2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h] 2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h] 2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h] 2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h] 2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010603E2 mov eax, dword ptr fs:[00000030h] 2_2_010603E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01031BE9 mov eax, dword ptr fs:[00000030h] 2_2_01031BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105DBE9 mov eax, dword ptr fs:[00000030h] 2_2_0105DBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E23E3 mov ecx, dword ptr fs:[00000030h] 2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E23E3 mov ecx, dword ptr fs:[00000030h] 2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E23E3 mov eax, dword ptr fs:[00000030h] 2_2_010E23E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01048A0A mov eax, dword ptr fs:[00000030h] 2_2_01048A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035210 mov eax, dword ptr fs:[00000030h] 2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035210 mov ecx, dword ptr fs:[00000030h] 2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035210 mov eax, dword ptr fs:[00000030h] 2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035210 mov eax, dword ptr fs:[00000030h] 2_2_01035210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103AA16 mov eax, dword ptr fs:[00000030h] 2_2_0103AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103AA16 mov eax, dword ptr fs:[00000030h] 2_2_0103AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01053A1C mov eax, dword ptr fs:[00000030h] 2_2_01053A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FAA16 mov eax, dword ptr fs:[00000030h] 2_2_010FAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FAA16 mov eax, dword ptr fs:[00000030h] 2_2_010FAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034A20 mov eax, dword ptr fs:[00000030h] 2_2_01034A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034A20 mov eax, dword ptr fs:[00000030h] 2_2_01034A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1229 mov eax, dword ptr fs:[00000030h] 2_2_010F1229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01074A2C mov eax, dword ptr fs:[00000030h] 2_2_01074A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01074A2C mov eax, dword ptr fs:[00000030h] 2_2_01074A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105A229 mov eax, dword ptr fs:[00000030h] 2_2_0105A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h] 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h] 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h] 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h] 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h] 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B236 mov eax, dword ptr fs:[00000030h] 2_2_0105B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01038239 mov eax, dword ptr fs:[00000030h] 2_2_01038239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01038239 mov eax, dword ptr fs:[00000030h] 2_2_01038239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01038239 mov eax, dword ptr fs:[00000030h] 2_2_01038239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h] 2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h] 2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h] 2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01039240 mov eax, dword ptr fs:[00000030h] 2_2_01039240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1A5F mov eax, dword ptr fs:[00000030h] 2_2_010F1A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FEA55 mov eax, dword ptr fs:[00000030h] 2_2_010FEA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010C4257 mov eax, dword ptr fs:[00000030h] 2_2_010C4257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010EB260 mov eax, dword ptr fs:[00000030h] 2_2_010EB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010EB260 mov eax, dword ptr fs:[00000030h] 2_2_010EB260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01075A69 mov eax, dword ptr fs:[00000030h] 2_2_01075A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01075A69 mov eax, dword ptr fs:[00000030h] 2_2_01075A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01075A69 mov eax, dword ptr fs:[00000030h] 2_2_01075A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108A62 mov eax, dword ptr fs:[00000030h] 2_2_01108A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0107927A mov eax, dword ptr fs:[00000030h] 2_2_0107927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106D294 mov eax, dword ptr fs:[00000030h] 2_2_0106D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106D294 mov eax, dword ptr fs:[00000030h] 2_2_0106D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F129A mov eax, dword ptr fs:[00000030h] 2_2_010F129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01031AA0 mov eax, dword ptr fs:[00000030h] 2_2_01031AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h] 2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h] 2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h] 2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h] 2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010352A5 mov eax, dword ptr fs:[00000030h] 2_2_010352A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01065AA0 mov eax, dword ptr fs:[00000030h] 2_2_01065AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01065AA0 mov eax, dword ptr fs:[00000030h] 2_2_01065AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104AAB0 mov eax, dword ptr fs:[00000030h] 2_2_0104AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104AAB0 mov eax, dword ptr fs:[00000030h] 2_2_0104AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106FAB0 mov eax, dword ptr fs:[00000030h] 2_2_0106FAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010612BD mov esi, dword ptr fs:[00000030h] 2_2_010612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010612BD mov eax, dword ptr fs:[00000030h] 2_2_010612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010612BD mov eax, dword ptr fs:[00000030h] 2_2_010612BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035AC0 mov eax, dword ptr fs:[00000030h] 2_2_01035AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035AC0 mov eax, dword ptr fs:[00000030h] 2_2_01035AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01035AC0 mov eax, dword ptr fs:[00000030h] 2_2_01035AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01033ACA mov eax, dword ptr fs:[00000030h] 2_2_01033ACA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062ACB mov eax, dword ptr fs:[00000030h] 2_2_01062ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108ADD mov eax, dword ptr fs:[00000030h] 2_2_01108ADD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010312D4 mov eax, dword ptr fs:[00000030h] 2_2_010312D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4AEF mov eax, dword ptr fs:[00000030h] 2_2_010F4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062AE4 mov eax, dword ptr fs:[00000030h] 2_2_01062AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F3518 mov eax, dword ptr fs:[00000030h] 2_2_010F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F3518 mov eax, dword ptr fs:[00000030h] 2_2_010F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F3518 mov eax, dword ptr fs:[00000030h] 2_2_010F3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106F527 mov eax, dword ptr fs:[00000030h] 2_2_0106F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106F527 mov eax, dword ptr fs:[00000030h] 2_2_0106F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106F527 mov eax, dword ptr fs:[00000030h] 2_2_0106F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108D34 mov eax, dword ptr fs:[00000030h] 2_2_01108D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01043D34 mov eax, dword ptr fs:[00000030h] 2_2_01043D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103AD30 mov eax, dword ptr fs:[00000030h] 2_2_0103AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FE539 mov eax, dword ptr fs:[00000030h] 2_2_010FE539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010BA537 mov eax, dword ptr fs:[00000030h] 2_2_010BA537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064D3B mov eax, dword ptr fs:[00000030h] 2_2_01064D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064D3B mov eax, dword ptr fs:[00000030h] 2_2_01064D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064D3B mov eax, dword ptr fs:[00000030h] 2_2_01064D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01073D43 mov eax, dword ptr fs:[00000030h] 2_2_01073D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B3540 mov eax, dword ptr fs:[00000030h] 2_2_010B3540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E3D40 mov eax, dword ptr fs:[00000030h] 2_2_010E3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103354C mov eax, dword ptr fs:[00000030h] 2_2_0103354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103354C mov eax, dword ptr fs:[00000030h] 2_2_0103354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01057D50 mov eax, dword ptr fs:[00000030h] 2_2_01057D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01074D51 mov eax, dword ptr fs:[00000030h] 2_2_01074D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01074D51 mov eax, dword ptr fs:[00000030h] 2_2_01074D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105C577 mov eax, dword ptr fs:[00000030h] 2_2_0105C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105C577 mov eax, dword ptr fs:[00000030h] 2_2_0105C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h] 2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h] 2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h] 2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h] 2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01058D76 mov eax, dword ptr fs:[00000030h] 2_2_01058D76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h] 2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h] 2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h] 2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01062581 mov eax, dword ptr fs:[00000030h] 2_2_01062581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h] 2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h] 2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h] 2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h] 2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032D8A mov eax, dword ptr fs:[00000030h] 2_2_01032D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F2D82 mov eax, dword ptr fs:[00000030h] 2_2_010F2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h] 2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h] 2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h] 2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FB581 mov eax, dword ptr fs:[00000030h] 2_2_010FB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01033591 mov eax, dword ptr fs:[00000030h] 2_2_01033591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106FD9B mov eax, dword ptr fs:[00000030h] 2_2_0106FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106FD9B mov eax, dword ptr fs:[00000030h] 2_2_0106FD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010665A0 mov eax, dword ptr fs:[00000030h] 2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010665A0 mov eax, dword ptr fs:[00000030h] 2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010665A0 mov eax, dword ptr fs:[00000030h] 2_2_010665A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010635A1 mov eax, dword ptr fs:[00000030h] 2_2_010635A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01061DB5 mov eax, dword ptr fs:[00000030h] 2_2_01061DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01061DB5 mov eax, dword ptr fs:[00000030h] 2_2_01061DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01061DB5 mov eax, dword ptr fs:[00000030h] 2_2_01061DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011005AC mov eax, dword ptr fs:[00000030h] 2_2_011005AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_011005AC mov eax, dword ptr fs:[00000030h] 2_2_011005AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h] 2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h] 2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h] 2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6DC9 mov ecx, dword ptr fs:[00000030h] 2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h] 2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6DC9 mov eax, dword ptr fs:[00000030h] 2_2_010B6DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010315C1 mov eax, dword ptr fs:[00000030h] 2_2_010315C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010EFDD3 mov eax, dword ptr fs:[00000030h] 2_2_010EFDD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104D5E0 mov eax, dword ptr fs:[00000030h] 2_2_0104D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104D5E0 mov eax, dword ptr fs:[00000030h] 2_2_0104D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010695EC mov eax, dword ptr fs:[00000030h] 2_2_010695EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h] 2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h] 2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h] 2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010FFDE2 mov eax, dword ptr fs:[00000030h] 2_2_010FFDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010395F0 mov eax, dword ptr fs:[00000030h] 2_2_010395F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010395F0 mov ecx, dword ptr fs:[00000030h] 2_2_010395F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010E8DF1 mov eax, dword ptr fs:[00000030h] 2_2_010E8DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h] 2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h] 2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h] 2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6C0A mov eax, dword ptr fs:[00000030h] 2_2_010B6C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108C14 mov eax, dword ptr fs:[00000030h] 2_2_01108C14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1C06 mov eax, dword ptr fs:[00000030h] 2_2_010F1C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110740D mov eax, dword ptr fs:[00000030h] 2_2_0110740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110740D mov eax, dword ptr fs:[00000030h] 2_2_0110740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110740D mov eax, dword ptr fs:[00000030h] 2_2_0110740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106BC2C mov eax, dword ptr fs:[00000030h] 2_2_0106BC2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B433 mov eax, dword ptr fs:[00000030h] 2_2_0104B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B433 mov eax, dword ptr fs:[00000030h] 2_2_0104B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104B433 mov eax, dword ptr fs:[00000030h] 2_2_0104B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063C3E mov eax, dword ptr fs:[00000030h] 2_2_01063C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063C3E mov eax, dword ptr fs:[00000030h] 2_2_01063C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063C3E mov eax, dword ptr fs:[00000030h] 2_2_01063C3E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034439 mov eax, dword ptr fs:[00000030h] 2_2_01034439
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108450 mov eax, dword ptr fs:[00000030h] 2_2_01108450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106A44B mov eax, dword ptr fs:[00000030h] 2_2_0106A44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CC450 mov eax, dword ptr fs:[00000030h] 2_2_010CC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CC450 mov eax, dword ptr fs:[00000030h] 2_2_010CC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108C75 mov eax, dword ptr fs:[00000030h] 2_2_01108C75
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105746D mov eax, dword ptr fs:[00000030h] 2_2_0105746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B477 mov eax, dword ptr fs:[00000030h] 2_2_0105B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01075C70 mov eax, dword ptr fs:[00000030h] 2_2_01075C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106AC7B mov eax, dword ptr fs:[00000030h] 2_2_0106AC7B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01031480 mov eax, dword ptr fs:[00000030h] 2_2_01031480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103649B mov eax, dword ptr fs:[00000030h] 2_2_0103649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103649B mov eax, dword ptr fs:[00000030h] 2_2_0103649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F4496 mov eax, dword ptr fs:[00000030h] 2_2_010F4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104849B mov eax, dword ptr fs:[00000030h] 2_2_0104849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01109CB3 mov eax, dword ptr fs:[00000030h] 2_2_01109CB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034CB0 mov eax, dword ptr fs:[00000030h] 2_2_01034CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108CD6 mov eax, dword ptr fs:[00000030h] 2_2_01108CD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032CDB mov eax, dword ptr fs:[00000030h] 2_2_01032CDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F14FB mov eax, dword ptr fs:[00000030h] 2_2_010F14FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6CF0 mov eax, dword ptr fs:[00000030h] 2_2_010B6CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6CF0 mov eax, dword ptr fs:[00000030h] 2_2_010B6CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B6CF0 mov eax, dword ptr fs:[00000030h] 2_2_010B6CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106A70E mov eax, dword ptr fs:[00000030h] 2_2_0106A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106A70E mov eax, dword ptr fs:[00000030h] 2_2_0106A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105F716 mov eax, dword ptr fs:[00000030h] 2_2_0105F716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01064710 mov eax, dword ptr fs:[00000030h] 2_2_01064710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CFF10 mov eax, dword ptr fs:[00000030h] 2_2_010CFF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010CFF10 mov eax, dword ptr fs:[00000030h] 2_2_010CFF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110070D mov eax, dword ptr fs:[00000030h] 2_2_0110070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0110070D mov eax, dword ptr fs:[00000030h] 2_2_0110070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034F2E mov eax, dword ptr fs:[00000030h] 2_2_01034F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01034F2E mov eax, dword ptr fs:[00000030h] 2_2_01034F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036730 mov eax, dword ptr fs:[00000030h] 2_2_01036730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036730 mov eax, dword ptr fs:[00000030h] 2_2_01036730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01036730 mov eax, dword ptr fs:[00000030h] 2_2_01036730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01063F33 mov eax, dword ptr fs:[00000030h] 2_2_01063F33
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106E730 mov eax, dword ptr fs:[00000030h] 2_2_0106E730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B73D mov eax, dword ptr fs:[00000030h] 2_2_0105B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105B73D mov eax, dword ptr fs:[00000030h] 2_2_0105B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104EF40 mov eax, dword ptr fs:[00000030h] 2_2_0104EF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0103A745 mov eax, dword ptr fs:[00000030h] 2_2_0103A745
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0106DF4C mov eax, dword ptr fs:[00000030h] 2_2_0106DF4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010F1751 mov eax, dword ptr fs:[00000030h] 2_2_010F1751
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0104FF60 mov eax, dword ptr fs:[00000030h] 2_2_0104FF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105E760 mov eax, dword ptr fs:[00000030h] 2_2_0105E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_0105E760 mov eax, dword ptr fs:[00000030h] 2_2_0105E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01108F6A mov eax, dword ptr fs:[00000030h] 2_2_01108F6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01048794 mov eax, dword ptr fs:[00000030h] 2_2_01048794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B7794 mov eax, dword ptr fs:[00000030h] 2_2_010B7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B7794 mov eax, dword ptr fs:[00000030h] 2_2_010B7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_010B7794 mov eax, dword ptr fs:[00000030h] 2_2_010B7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov ecx, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01032FB0 mov eax, dword ptr fs:[00000030h] 2_2_01032FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Code function: 2_2_01079860 NtQuerySystemInformation,LdrInitializeThunk, 2_2_01079860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

barindex
Source: Yara match File source: 2.0.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.3706fe0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.845.22447.exe.36777c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000000.252621166.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.266786451.000000000364F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
No contacted IP infos