Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe

Overview

General Information

Sample name: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Analysis ID: 1500930
MD5: 870e59c51a8f4c9b4461dee1d15d1599
SHA1: 227c9c74d5ad5cbcfb1838ce4248e485518fb95e
SHA256: 6139902e3873552385dfc103fe1db9ba336bbce8d3db180cbfb588352c055776
Tags: exe
Infos:

Detection

FormBook
Score: 96
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe ReversingLabs: Detection: 34%
Yara detected FormBook
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 4x nop then jmp 06F03FE5h 0_2_06F0393D
Source: Amcache.hve.14.dr String found in binary or memory: http://upx.sf.net

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0042CCA7 NtClose, 10_2_0042CCA7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02DF0 NtQuerySystemInformation,LdrInitializeThunk, 10_2_02E02DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E04340 NtSetContextThread, 10_2_02E04340
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E04650 NtSuspendThread, 10_2_02E04650
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02AF0 NtWriteFile, 10_2_02E02AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02AD0 NtReadFile, 10_2_02E02AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02AB0 NtWaitForSingleObject, 10_2_02E02AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02BE0 NtQueryValueKey, 10_2_02E02BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02BF0 NtAllocateVirtualMemory, 10_2_02E02BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02BA0 NtEnumerateValueKey, 10_2_02E02BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02B80 NtQueryInformationFile, 10_2_02E02B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02B60 NtClose, 10_2_02E02B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02EE0 NtQueueApcThread, 10_2_02E02EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02EA0 NtAdjustPrivilegesToken, 10_2_02E02EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02E80 NtReadVirtualMemory, 10_2_02E02E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02E30 NtWriteVirtualMemory, 10_2_02E02E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02FE0 NtCreateFile, 10_2_02E02FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02FA0 NtQuerySection, 10_2_02E02FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02FB0 NtResumeThread, 10_2_02E02FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02F90 NtProtectVirtualMemory, 10_2_02E02F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02F60 NtCreateProcessEx, 10_2_02E02F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02F30 NtCreateSection, 10_2_02E02F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02CF0 NtOpenProcess, 10_2_02E02CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02CC0 NtQueryVirtualMemory, 10_2_02E02CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02CA0 NtQueryInformationToken, 10_2_02E02CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02C60 NtCreateKey, 10_2_02E02C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02C70 NtFreeVirtualMemory, 10_2_02E02C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02C00 NtQueryInformationProcess, 10_2_02E02C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02DD0 NtDelayExecution, 10_2_02E02DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02DB0 NtEnumerateKey, 10_2_02E02DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02D30 NtUnmapViewOfSection, 10_2_02E02D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02D00 NtSetInformationFile, 10_2_02E02D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02D10 NtMapViewOfSection, 10_2_02E02D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E03090 NtSetValueKey, 10_2_02E03090
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E03010 NtOpenDirectoryObject, 10_2_02E03010
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E035C0 NtCreateMutant, 10_2_02E035C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E039B0 NtGetContextThread, 10_2_02E039B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E03D70 NtOpenThread, 10_2_02E03D70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E03D10 NtOpenProcessToken, 10_2_02E03D10
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D8DFB8 0_2_04D8DFB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D86C80 0_2_04D86C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D86C71 0_2_04D86C71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D8DFA8 0_2_04D8DFA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D848C4 0_2_04D848C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_0537C578 0_2_0537C578
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_0537F540 0_2_0537F540
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_0537F108 0_2_0537F108
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_05370006 0_2_05370006
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_05370040 0_2_05370040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_0537F978 0_2_0537F978
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_06F015D0 0_2_06F015D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_06F01198 0_2_06F01198
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0040E8FE 10_2_0040E8FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00410887 10_2_00410887
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0040E907 10_2_0040E907
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00403124 10_2_00403124
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004039E4 10_2_004039E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0042F247 10_2_0042F247
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00401A94 10_2_00401A94
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00401440 10_2_00401440
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00404CA3 10_2_00404CA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0041065E 10_2_0041065E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00410667 10_2_00410667
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00402E14 10_2_00402E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00416FC7 10_2_00416FC7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E502C0 10_2_02E502C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E903E6 10_2_02E903E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE3F0 10_2_02DDE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8A352 10_2_02E8A352
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E881CC 10_2_02E881CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E901AA 10_2_02E901AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E841A2 10_2_02E841A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E58158 10_2_02E58158
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0100 10_2_02DC0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6A118 10_2_02E6A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEC6E0 10_2_02DEC6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCC7C0 10_2_02DCC7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF4750 10_2_02DF4750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7E4F6 10_2_02E7E4F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E82446 10_2_02E82446
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E74420 10_2_02E74420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E90591 10_2_02E90591
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E86BD7 10_2_02E86BD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8AB40 10_2_02E8AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE8F0 10_2_02DFE8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB68B8 10_2_02DB68B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDA840 10_2_02DDA840
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD2840 10_2_02DD2840
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E9A9A6 10_2_02E9A9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE6962 10_2_02DE6962
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8EEDB 10_2_02E8EEDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2E90 10_2_02DE2E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8CE93 10_2_02E8CE93
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0E59 10_2_02DD0E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8EE26 10_2_02E8EE26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC2FC8 10_2_02DC2FC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDCFE0 10_2_02DDCFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4EFA0 10_2_02E4EFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E44F40 10_2_02E44F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E12F28 10_2_02E12F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E72F30 10_2_02E72F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF0F30 10_2_02DF0F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0CF2 10_2_02DC0CF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70CB5 10_2_02E70CB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0C00 10_2_02DD0C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCADE0 10_2_02DCADE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE8DBF 10_2_02DE8DBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDAD00 10_2_02DDAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6CD1F 10_2_02E6CD1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E712ED 10_2_02E712ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEB2C0 10_2_02DEB2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD52A0 10_2_02DD52A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E1739A 10_2_02E1739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBD34C 10_2_02DBD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8132D 10_2_02E8132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E870E9 10_2_02E870E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8F0E0 10_2_02E8F0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD70C0 10_2_02DD70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7F0CC 10_2_02E7F0CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDB1B0 10_2_02DDB1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E9B16B 10_2_02E9B16B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0516C 10_2_02E0516C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBF172 10_2_02DBF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E816CC 10_2_02E816CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E15630 10_2_02E15630
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8F7B0 10_2_02E8F7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC1460 10_2_02DC1460
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8F43F 10_2_02E8F43F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E995C3 10_2_02E995C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6D5B0 10_2_02E6D5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E87571 10_2_02E87571
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7DAC6 10_2_02E7DAC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E15AA0 10_2_02E15AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E71AA3 10_2_02E71AA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6DAAC 10_2_02E6DAAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E43A6C 10_2_02E43A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8FA49 10_2_02E8FA49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E87A46 10_2_02E87A46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E45BF0 10_2_02E45BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0DBF9 10_2_02E0DBF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEFB80 10_2_02DEFB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8FB76 10_2_02E8FB76
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD38E0 10_2_02DD38E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3D800 10_2_02E3D800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD9950 10_2_02DD9950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEB950 10_2_02DEB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E65910 10_2_02E65910
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD9EB0 10_2_02DD9EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02D93FD2 10_2_02D93FD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02D93FD5 10_2_02D93FD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD1F92 10_2_02DD1F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8FFB1 10_2_02E8FFB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8FF09 10_2_02E8FF09
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8FCF2 10_2_02E8FCF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E49C32 10_2_02E49C32
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEFDC0 10_2_02DEFDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E87D73 10_2_02E87D73
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD3D40 10_2_02DD3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E81D5A 10_2_02E81D5A
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: String function: 02E3EA12 appears 86 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: String function: 02E05130 appears 58 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: String function: 02E17E54 appears 111 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: String function: 02DBB970 appears 280 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: String function: 02E4F290 appears 105 times
One or more processes crash
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 236
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1398186034.00000000027E1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1401284596.0000000006B70000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1401708341.00000000087B0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1397469720.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1398636005.00000000037E9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1401536258.0000000008684000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameummJ.exeB vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000000.1255242679.00000000004FC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameummJ.exeB vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002EBD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Binary or memory string: OriginalFilenameummJ.exeB vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Uses 32bit PE files
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, uFrBksj9HU9cLWRBKk.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, uFrBksj9HU9cLWRBKk.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal96.troj.evad.winEXE@4/6@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.log Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8116
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\9ed9094b-e382-48e7-b86e-a0e4671bbe98 Jump to behavior
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe ReversingLabs: Detection: 34%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 236
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.cs .Net Code: jSyHRR2n2D System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.28195b8.0.raw.unpack, .cs .Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.6b70000.4.raw.unpack, .cs .Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.cs .Net Code: jSyHRR2n2D System.Reflection.Assembly.Load(byte[])
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004488DB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 10_2_004488DB
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_026C47B1 push ebp; retf 0_2_026C4815
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D8CCEC push E93C04E8h; retf 0_2_04D8CCB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D88AEE push 8B5004D8h; iretd 0_2_04D88AF3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_04D8CAA8 push ACF004E8h; retf 0_2_04D8CAB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_053785DE push edx; iretd 0_2_053785DF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 0_2_06F070AD push FFFFFF8Bh; iretd 0_2_06F070AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00402040 push FFFFFFC2h; iretd 10_2_0040205C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00409028 push edx; iretd 10_2_0040903D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0040D909 push 00000049h; retf 10_2_0040D914
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004129C7 push edi; iretd 10_2_004129D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0040299A push cs; iretd 10_2_0040299D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004029B3 push 0000000Eh; iretd 10_2_004029B7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004129BE push edi; iretd 10_2_004129D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0042EAD7 push esi; ret 10_2_0042EAFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00402AF5 push edi; iretd 10_2_00402B0B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00419327 push 68868784h; retf 10_2_00419350
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00402BC9 push ecx; iretd 10_2_00402BCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00403C54 push eax; ret 10_2_00403C56
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00403400 push cs; iretd 10_2_00403401
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0040B43A push 0000005Fh; iretd 10_2_0040B44C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00447D15 push ecx; ret 10_2_00447D28
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00416E06 push ebp; ret 10_2_00416E07
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0040DE92 push 3C5FAE21h; ret 10_2_0040DEB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00411E9F push edx; iretd 10_2_00411EA9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00401F48 push FFFFFFC1h; iretd 10_2_00401F5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00401F48 push esp; iretd 10_2_00401F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00401F8A push esp; iretd 10_2_00401F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02D9225F pushad ; ret 10_2_02D927F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02D927FA pushad ; ret 10_2_02D927F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02D9283D push eax; iretd 10_2_02D92858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC09AD push ecx; mov dword ptr [esp], ecx 10_2_02DC09B6
Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Static PE information: section name: .text entropy: 7.980814067163431
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, Sjg2n1rfg1rgwRTsHA.cs High entropy of concatenated method names: 'YFdB3X5LPg', 'PDwB2Ayd7W', 'JfjBUlA5Kn', 'dmBB0ACiH8', 'viWB919VNL', 'oefBfMbt7t', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, Ct1x6TFpKd9ORvXgG7.cs High entropy of concatenated method names: 'pusOeh8Gec', 'tLQOZX6qZA', 'KuLOHyneJx', 'wIZO8IwsNX', 'ITlOgiDkxL', 'jOsOI4FSAy', 'JJ7O4aowJl', 'tEBBy865pM', 'A6wBn1St72', 'GSLBrJBvGi'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, yp6DNBxwcIJTi54C3H.cs High entropy of concatenated method names: 'Gw9RFUXK4', 'l1vphcZC9', 'gkPKn1qvt', 's2CdJpaN9', 'V5CC8umYi', 'u8eGkG1TU', 'TkjiH2nNqTyNvLJegt', 'emPi01PyJqWNMButIw', 'boTB9soaO', 'xlLVSpLFe'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.cs High entropy of concatenated method names: 'VRQZDiOXxP', 'PavZ8vh6S8', 'gwbZgyWePO', 'T4uZk6buyg', 'wMyZIcAhpT', 'fSMZ4iYfNc', 'pPjZSL6nkN', 'CpMZ6NvQ7y', 'YYAZ1Ermwb', 'dQ3ZT7wTPv'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, GrflPdztJajYxioWF4.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k5dONUEssJ', 'JgVOPHABqe', 'PsBOtfctll', 'SjuOWeP0QK', 'QsPOBmfGLB', 'rgoOOP8Slj', 'QsTOVqjpdq'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, AIrjvGoD09mHiapsVG.cs High entropy of concatenated method names: 'dbyS8KYYvH', 'r28Sk1nsV9', 'V5cS4m0nKJ', 'BcF4FgSHfS', 'Gdv4zIoAyY', 'oZxShJ2BKI', 'suSSesOXvo', 'D7ZSxRgv4G', 'wMhSZ4Qy6W', 'mGDSHaZqIB'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, RkLr55i5INQDC9Y2V1.cs High entropy of concatenated method names: 'X9pWTm1S1B', 'KisW74jhf7', 'ToString', 'bZnW8VlXFv', 'ikVWgc90US', 'C1LWkpfbN3', 'hR6WINUjw8', 'PriW40QK6x', 'svbWSFYvPW', 'ftXW6wBMN6'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, wKtZDynJ5ZVN8LDSBU.cs High entropy of concatenated method names: 'Sp8B8Sp9tX', 'd1QBgpL4oJ', 'C4VBkw8vrU', 'DtEBIhhep2', 'vTbB4CqrID', 'vX4BS8t7lD', 'uFXB6D1o2W', 'YxXB1redm4', 'R9oBTbclyI', 'tLTB7M98Cn'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, qUbH3w980KqZC4AiIF.cs High entropy of concatenated method names: 'DlIPbyT1P0', 'whwPMA8AXF', 'Bg7P9ZiT8h', 'JoXPvDF2WN', 'REPP2OFyRC', 'OuHPUlf6bL', 'TIEP06uH32', 'E0FPffCGsN', 'KREPE8QGgC', 'nZSPoFXZgW'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, tVKB2MehoMI39vpFSfF.cs High entropy of concatenated method names: 'KGtOXQPxm1', 'JLLOlE466X', 'HRvORli6oH', 'OyFOpjYOIU', 'QacO5eD8cJ', 'NvhOKSOGF0', 'MRcOdDNv7l', 'CXROj2gMf7', 'aniOC3x3Lp', 'wHbOGiZpR2'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, cm8RhBE9iuROxmKd5h.cs High entropy of concatenated method names: 'fcB4wZWMQl', 'XnW4iVDyjF', 'K974uilToE', 'ToString', 'JOJ4JbQ0qP', 'piK4ylF6AD', 'uHoIEN5HkLHXLOeRsup', 'r7AOI15j7Cry9vbhKyL', 'Wq5juX5NngvR1aqiPlR', 'ICcyR65TyIgLnR8s54r'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, iCeJfqHn4LUmYkBf9I.cs High entropy of concatenated method names: 'KlceSFrBks', 'RHUe69cLWR', 'evKeTK2joU', 'Hjue7BwAJI', 'Yc9eP41Wgk', 'ic3etMkqcY', 'bVkkfcAWLQhDCaA7JD', 'o2BvWay7tdBOxSX17M', 'j0ieeCEP9G', 'MQFeZam46P'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, X8pnHp0SIuPUrgajQX.cs High entropy of concatenated method names: 'nmd4sOGSTP', 'qHS4Xrhe87', 'Ruk4RhMvvN', 'eNf4pJNc8m', 'lmC4KW2iZ1', 'RWL4dp79Bk', 'DrI4Cw4HKG', 'PHF4GO2rEt', 'lA2C0L5ZxxAiJnQuHU6', 'oD5IOt5UQq79gUHbxIG'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, wuYEL1eZQd5D2DQNQw8.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mOfV9Y7HSb', 'yRoVvPbu6X', 'mt0VwymTLe', 'tgyVi7hgXi', 'JikVubEDlC', 'uMQVJU6jS7', 'ySMVyREud9'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, uFrBksj9HU9cLWRBKk.cs High entropy of concatenated method names: 'bSmg9mwl1c', 'wXsgvLdoeg', 'upggwuU2xa', 'mwlgiaG6bq', 'gdfguBKkg6', 'CFtgJZaFXA', 'PItgyb0U6c', 'Ys7gn8A3YN', 'zlagrIncjZ', 'QfvgFHORuN'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pgk4c33MkqcY9aED7p.cs High entropy of concatenated method names: 'kAT4DykM5D', 'jTA4gEyWGX', 'dRr4Ie8RRX', 'A0h4SXvaqN', 'BEU46mJASu', 'ToYIuw5FT4', 'FtFIJTBQZI', 'n1TIyJd7rv', 'cUnIna9vo8', 'oOLIrni3Ia'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, TpVBDPQJYd154clhki.cs High entropy of concatenated method names: 'r39SXwCMNv', 'K1wSlwLC2y', 'sv0SRSO5Fa', 'N6eSpM85MA', 'oLWS5saMba', 'FOJSKeiMp7', 'kgdSd6cJD2', 'zAgSjEc5Y0', 'YT8SCtaMj4', 'j2XSGXQOAX'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, WNSfMDCvKK2joU2juB.cs High entropy of concatenated method names: 'h2Akpf2mQD', 'Eh1kKG864l', 'w2Dkj0QrOV', 'JuqkCFu7xs', 'YbwkP07N0W', 'OKWktcWk2h', 'kiLkW9sMly', 'JJrkBlsNrB', 'n6tkO6BHeG', 'SFPkV6Tiur'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, P40ZASgLGLEWtmaXJW.cs High entropy of concatenated method names: 'Dispose', 'plmer2kbr5', 'YiPx2qt8EQ', 'vktBBWX5Hd', 'csKeFtZDyJ', 'BZVezN8LDS', 'ProcessDialogKey', 'rUwxhjg2n1', 'Jg1xergwRT', 'wHAxxKt1x6'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, SAJINQGTNBWs4Fc941.cs High entropy of concatenated method names: 'OMBI5jh2g1', 'c2aIdxLiJE', 'vCJkUZ8wS8', 'NE5k07VRI4', 'KLOkfGHKB4', 'CDskEco1s9', 'wPPkocWqIC', 'yCykYcMIGj', 'TBhkQw7gB3', 'W8GkbSjtrE'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, d3koBjJOZHFbPwKLd0.cs High entropy of concatenated method names: 'GkjWnjSXol', 'zwjWFUTaOm', 'volBhlmx0v', 'pJQBebKdG2', 'yY8Wqk1d8n', 'gPiWMuNwTa', 'ixFWAl9j7K', 'eorW912xSg', 'JeIWvahIJ2', 'UYJWw7kUdJ'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, FP9LkmAMVRYPuXxTmV.cs High entropy of concatenated method names: 'oXtNjEncIa', 'vfHNCppWAe', 'slmN3bkTc4', 'KnsN2lu1xY', 'j9qN0FApfc', 'KCMNfgiFPt', 'iggNo3DDoo', 'EnENYqBAkL', 'RP3NbVXC3g', 'YXNNqnaqvx'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, Sjg2n1rfg1rgwRTsHA.cs High entropy of concatenated method names: 'YFdB3X5LPg', 'PDwB2Ayd7W', 'JfjBUlA5Kn', 'dmBB0ACiH8', 'viWB919VNL', 'oefBfMbt7t', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, Ct1x6TFpKd9ORvXgG7.cs High entropy of concatenated method names: 'pusOeh8Gec', 'tLQOZX6qZA', 'KuLOHyneJx', 'wIZO8IwsNX', 'ITlOgiDkxL', 'jOsOI4FSAy', 'JJ7O4aowJl', 'tEBBy865pM', 'A6wBn1St72', 'GSLBrJBvGi'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, yp6DNBxwcIJTi54C3H.cs High entropy of concatenated method names: 'Gw9RFUXK4', 'l1vphcZC9', 'gkPKn1qvt', 's2CdJpaN9', 'V5CC8umYi', 'u8eGkG1TU', 'TkjiH2nNqTyNvLJegt', 'emPi01PyJqWNMButIw', 'boTB9soaO', 'xlLVSpLFe'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.cs High entropy of concatenated method names: 'VRQZDiOXxP', 'PavZ8vh6S8', 'gwbZgyWePO', 'T4uZk6buyg', 'wMyZIcAhpT', 'fSMZ4iYfNc', 'pPjZSL6nkN', 'CpMZ6NvQ7y', 'YYAZ1Ermwb', 'dQ3ZT7wTPv'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, GrflPdztJajYxioWF4.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k5dONUEssJ', 'JgVOPHABqe', 'PsBOtfctll', 'SjuOWeP0QK', 'QsPOBmfGLB', 'rgoOOP8Slj', 'QsTOVqjpdq'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, AIrjvGoD09mHiapsVG.cs High entropy of concatenated method names: 'dbyS8KYYvH', 'r28Sk1nsV9', 'V5cS4m0nKJ', 'BcF4FgSHfS', 'Gdv4zIoAyY', 'oZxShJ2BKI', 'suSSesOXvo', 'D7ZSxRgv4G', 'wMhSZ4Qy6W', 'mGDSHaZqIB'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, RkLr55i5INQDC9Y2V1.cs High entropy of concatenated method names: 'X9pWTm1S1B', 'KisW74jhf7', 'ToString', 'bZnW8VlXFv', 'ikVWgc90US', 'C1LWkpfbN3', 'hR6WINUjw8', 'PriW40QK6x', 'svbWSFYvPW', 'ftXW6wBMN6'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, wKtZDynJ5ZVN8LDSBU.cs High entropy of concatenated method names: 'Sp8B8Sp9tX', 'd1QBgpL4oJ', 'C4VBkw8vrU', 'DtEBIhhep2', 'vTbB4CqrID', 'vX4BS8t7lD', 'uFXB6D1o2W', 'YxXB1redm4', 'R9oBTbclyI', 'tLTB7M98Cn'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, qUbH3w980KqZC4AiIF.cs High entropy of concatenated method names: 'DlIPbyT1P0', 'whwPMA8AXF', 'Bg7P9ZiT8h', 'JoXPvDF2WN', 'REPP2OFyRC', 'OuHPUlf6bL', 'TIEP06uH32', 'E0FPffCGsN', 'KREPE8QGgC', 'nZSPoFXZgW'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, tVKB2MehoMI39vpFSfF.cs High entropy of concatenated method names: 'KGtOXQPxm1', 'JLLOlE466X', 'HRvORli6oH', 'OyFOpjYOIU', 'QacO5eD8cJ', 'NvhOKSOGF0', 'MRcOdDNv7l', 'CXROj2gMf7', 'aniOC3x3Lp', 'wHbOGiZpR2'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, cm8RhBE9iuROxmKd5h.cs High entropy of concatenated method names: 'fcB4wZWMQl', 'XnW4iVDyjF', 'K974uilToE', 'ToString', 'JOJ4JbQ0qP', 'piK4ylF6AD', 'uHoIEN5HkLHXLOeRsup', 'r7AOI15j7Cry9vbhKyL', 'Wq5juX5NngvR1aqiPlR', 'ICcyR65TyIgLnR8s54r'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, iCeJfqHn4LUmYkBf9I.cs High entropy of concatenated method names: 'KlceSFrBks', 'RHUe69cLWR', 'evKeTK2joU', 'Hjue7BwAJI', 'Yc9eP41Wgk', 'ic3etMkqcY', 'bVkkfcAWLQhDCaA7JD', 'o2BvWay7tdBOxSX17M', 'j0ieeCEP9G', 'MQFeZam46P'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, X8pnHp0SIuPUrgajQX.cs High entropy of concatenated method names: 'nmd4sOGSTP', 'qHS4Xrhe87', 'Ruk4RhMvvN', 'eNf4pJNc8m', 'lmC4KW2iZ1', 'RWL4dp79Bk', 'DrI4Cw4HKG', 'PHF4GO2rEt', 'lA2C0L5ZxxAiJnQuHU6', 'oD5IOt5UQq79gUHbxIG'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, wuYEL1eZQd5D2DQNQw8.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mOfV9Y7HSb', 'yRoVvPbu6X', 'mt0VwymTLe', 'tgyVi7hgXi', 'JikVubEDlC', 'uMQVJU6jS7', 'ySMVyREud9'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, uFrBksj9HU9cLWRBKk.cs High entropy of concatenated method names: 'bSmg9mwl1c', 'wXsgvLdoeg', 'upggwuU2xa', 'mwlgiaG6bq', 'gdfguBKkg6', 'CFtgJZaFXA', 'PItgyb0U6c', 'Ys7gn8A3YN', 'zlagrIncjZ', 'QfvgFHORuN'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pgk4c33MkqcY9aED7p.cs High entropy of concatenated method names: 'kAT4DykM5D', 'jTA4gEyWGX', 'dRr4Ie8RRX', 'A0h4SXvaqN', 'BEU46mJASu', 'ToYIuw5FT4', 'FtFIJTBQZI', 'n1TIyJd7rv', 'cUnIna9vo8', 'oOLIrni3Ia'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, TpVBDPQJYd154clhki.cs High entropy of concatenated method names: 'r39SXwCMNv', 'K1wSlwLC2y', 'sv0SRSO5Fa', 'N6eSpM85MA', 'oLWS5saMba', 'FOJSKeiMp7', 'kgdSd6cJD2', 'zAgSjEc5Y0', 'YT8SCtaMj4', 'j2XSGXQOAX'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, WNSfMDCvKK2joU2juB.cs High entropy of concatenated method names: 'h2Akpf2mQD', 'Eh1kKG864l', 'w2Dkj0QrOV', 'JuqkCFu7xs', 'YbwkP07N0W', 'OKWktcWk2h', 'kiLkW9sMly', 'JJrkBlsNrB', 'n6tkO6BHeG', 'SFPkV6Tiur'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, P40ZASgLGLEWtmaXJW.cs High entropy of concatenated method names: 'Dispose', 'plmer2kbr5', 'YiPx2qt8EQ', 'vktBBWX5Hd', 'csKeFtZDyJ', 'BZVezN8LDS', 'ProcessDialogKey', 'rUwxhjg2n1', 'Jg1xergwRT', 'wHAxxKt1x6'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, SAJINQGTNBWs4Fc941.cs High entropy of concatenated method names: 'OMBI5jh2g1', 'c2aIdxLiJE', 'vCJkUZ8wS8', 'NE5k07VRI4', 'KLOkfGHKB4', 'CDskEco1s9', 'wPPkocWqIC', 'yCykYcMIGj', 'TBhkQw7gB3', 'W8GkbSjtrE'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, d3koBjJOZHFbPwKLd0.cs High entropy of concatenated method names: 'GkjWnjSXol', 'zwjWFUTaOm', 'volBhlmx0v', 'pJQBebKdG2', 'yY8Wqk1d8n', 'gPiWMuNwTa', 'ixFWAl9j7K', 'eorW912xSg', 'JeIWvahIJ2', 'UYJWw7kUdJ'
Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, FP9LkmAMVRYPuXxTmV.cs High entropy of concatenated method names: 'oXtNjEncIa', 'vfHNCppWAe', 'slmN3bkTc4', 'KnsN2lu1xY', 'j9qN0FApfc', 'KCMNfgiFPt', 'iggNo3DDoo', 'EnENYqBAkL', 'RP3NbVXC3g', 'YXNNqnaqvx'
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe PID: 7396, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: 2620000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: 27E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: 2620000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: 8850000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: 6D00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: 9850000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: A850000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0096E rdtsc 10_2_02E0096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe API coverage: 0.3 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe TID: 7416 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: Amcache.hve.14.dr Binary or memory string: VMware
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.14.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.14.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.14.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.14.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.14.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.dr Binary or memory string: vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.14.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.14.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.14.dr Binary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.14.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.14.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.14.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.14.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.14.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.14.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0096E rdtsc 10_2_02E0096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02C0A LdrInitializeThunk, 10_2_02E02C0A
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004468DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 10_2_004468DC
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004488DB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 10_2_004488DB
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h] 10_2_02DCA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h] 10_2_02DCA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h] 10_2_02DCA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h] 10_2_02DCA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h] 10_2_02DCA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD02E1 mov eax, dword ptr fs:[00000030h] 10_2_02DD02E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD02E1 mov eax, dword ptr fs:[00000030h] 10_2_02DD02E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD02E1 mov eax, dword ptr fs:[00000030h] 10_2_02DD02E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E962D6 mov eax, dword ptr fs:[00000030h] 10_2_02E962D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h] 10_2_02E562A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E562A0 mov ecx, dword ptr fs:[00000030h] 10_2_02E562A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h] 10_2_02E562A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h] 10_2_02E562A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h] 10_2_02E562A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h] 10_2_02E562A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE284 mov eax, dword ptr fs:[00000030h] 10_2_02DFE284
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE284 mov eax, dword ptr fs:[00000030h] 10_2_02DFE284
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E40283 mov eax, dword ptr fs:[00000030h] 10_2_02E40283
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E40283 mov eax, dword ptr fs:[00000030h] 10_2_02E40283
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E40283 mov eax, dword ptr fs:[00000030h] 10_2_02E40283
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD02A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD02A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD02A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD02A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6259 mov eax, dword ptr fs:[00000030h] 10_2_02DC6259
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBA250 mov eax, dword ptr fs:[00000030h] 10_2_02DBA250
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h] 10_2_02E70274
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E48243 mov eax, dword ptr fs:[00000030h] 10_2_02E48243
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E48243 mov ecx, dword ptr fs:[00000030h] 10_2_02E48243
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB826B mov eax, dword ptr fs:[00000030h] 10_2_02DB826B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E9625D mov eax, dword ptr fs:[00000030h] 10_2_02E9625D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7A250 mov eax, dword ptr fs:[00000030h] 10_2_02E7A250
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7A250 mov eax, dword ptr fs:[00000030h] 10_2_02E7A250
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4260 mov eax, dword ptr fs:[00000030h] 10_2_02DC4260
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4260 mov eax, dword ptr fs:[00000030h] 10_2_02DC4260
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4260 mov eax, dword ptr fs:[00000030h] 10_2_02DC4260
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB823B mov eax, dword ptr fs:[00000030h] 10_2_02DB823B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h] 10_2_02DC83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h] 10_2_02DC83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h] 10_2_02DC83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h] 10_2_02DC83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF63FF mov eax, dword ptr fs:[00000030h] 10_2_02DF63FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E463C0 mov eax, dword ptr fs:[00000030h] 10_2_02E463C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7C3CD mov eax, dword ptr fs:[00000030h] 10_2_02E7C3CD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE3F0 mov eax, dword ptr fs:[00000030h] 10_2_02DDE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE3F0 mov eax, dword ptr fs:[00000030h] 10_2_02DDE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE3F0 mov eax, dword ptr fs:[00000030h] 10_2_02DDE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E643D4 mov eax, dword ptr fs:[00000030h] 10_2_02E643D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E643D4 mov eax, dword ptr fs:[00000030h] 10_2_02E643D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h] 10_2_02DD03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E3DB mov eax, dword ptr fs:[00000030h] 10_2_02E6E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E3DB mov eax, dword ptr fs:[00000030h] 10_2_02E6E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E3DB mov ecx, dword ptr fs:[00000030h] 10_2_02E6E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E3DB mov eax, dword ptr fs:[00000030h] 10_2_02E6E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB8397 mov eax, dword ptr fs:[00000030h] 10_2_02DB8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB8397 mov eax, dword ptr fs:[00000030h] 10_2_02DB8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB8397 mov eax, dword ptr fs:[00000030h] 10_2_02DB8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE438F mov eax, dword ptr fs:[00000030h] 10_2_02DE438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE438F mov eax, dword ptr fs:[00000030h] 10_2_02DE438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBE388 mov eax, dword ptr fs:[00000030h] 10_2_02DBE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBE388 mov eax, dword ptr fs:[00000030h] 10_2_02DBE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBE388 mov eax, dword ptr fs:[00000030h] 10_2_02DBE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6437C mov eax, dword ptr fs:[00000030h] 10_2_02E6437C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E9634F mov eax, dword ptr fs:[00000030h] 10_2_02E9634F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h] 10_2_02E42349
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E68350 mov ecx, dword ptr fs:[00000030h] 10_2_02E68350
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h] 10_2_02E4035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h] 10_2_02E4035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h] 10_2_02E4035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4035C mov ecx, dword ptr fs:[00000030h] 10_2_02E4035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h] 10_2_02E4035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h] 10_2_02E4035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8A352 mov eax, dword ptr fs:[00000030h] 10_2_02E8A352
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBC310 mov ecx, dword ptr fs:[00000030h] 10_2_02DBC310
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E98324 mov eax, dword ptr fs:[00000030h] 10_2_02E98324
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E98324 mov ecx, dword ptr fs:[00000030h] 10_2_02E98324
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E98324 mov eax, dword ptr fs:[00000030h] 10_2_02E98324
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E98324 mov eax, dword ptr fs:[00000030h] 10_2_02E98324
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE0310 mov ecx, dword ptr fs:[00000030h] 10_2_02DE0310
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA30B mov eax, dword ptr fs:[00000030h] 10_2_02DFA30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA30B mov eax, dword ptr fs:[00000030h] 10_2_02DFA30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA30B mov eax, dword ptr fs:[00000030h] 10_2_02DFA30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E460E0 mov eax, dword ptr fs:[00000030h] 10_2_02E460E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E020F0 mov ecx, dword ptr fs:[00000030h] 10_2_02E020F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBC0F0 mov eax, dword ptr fs:[00000030h] 10_2_02DBC0F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC80E9 mov eax, dword ptr fs:[00000030h] 10_2_02DC80E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBA0E3 mov ecx, dword ptr fs:[00000030h] 10_2_02DBA0E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E420DE mov eax, dword ptr fs:[00000030h] 10_2_02E420DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E580A8 mov eax, dword ptr fs:[00000030h] 10_2_02E580A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E860B8 mov eax, dword ptr fs:[00000030h] 10_2_02E860B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E860B8 mov ecx, dword ptr fs:[00000030h] 10_2_02E860B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC208A mov eax, dword ptr fs:[00000030h] 10_2_02DC208A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB80A0 mov eax, dword ptr fs:[00000030h] 10_2_02DB80A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC2050 mov eax, dword ptr fs:[00000030h] 10_2_02DC2050
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEC073 mov eax, dword ptr fs:[00000030h] 10_2_02DEC073
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46050 mov eax, dword ptr fs:[00000030h] 10_2_02E46050
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h] 10_2_02DDE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h] 10_2_02DDE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h] 10_2_02DDE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h] 10_2_02DDE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E56030 mov eax, dword ptr fs:[00000030h] 10_2_02E56030
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E44000 mov ecx, dword ptr fs:[00000030h] 10_2_02E44000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h] 10_2_02E62000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBA020 mov eax, dword ptr fs:[00000030h] 10_2_02DBA020
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBC020 mov eax, dword ptr fs:[00000030h] 10_2_02DBC020
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E961E5 mov eax, dword ptr fs:[00000030h] 10_2_02E961E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF01F8 mov eax, dword ptr fs:[00000030h] 10_2_02DF01F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E861C3 mov eax, dword ptr fs:[00000030h] 10_2_02E861C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E861C3 mov eax, dword ptr fs:[00000030h] 10_2_02E861C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h] 10_2_02E3E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h] 10_2_02E3E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E1D0 mov ecx, dword ptr fs:[00000030h] 10_2_02E3E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h] 10_2_02E3E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h] 10_2_02E3E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBA197 mov eax, dword ptr fs:[00000030h] 10_2_02DBA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBA197 mov eax, dword ptr fs:[00000030h] 10_2_02DBA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBA197 mov eax, dword ptr fs:[00000030h] 10_2_02DBA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E00185 mov eax, dword ptr fs:[00000030h] 10_2_02E00185
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E64180 mov eax, dword ptr fs:[00000030h] 10_2_02E64180
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E64180 mov eax, dword ptr fs:[00000030h] 10_2_02E64180
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7C188 mov eax, dword ptr fs:[00000030h] 10_2_02E7C188
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7C188 mov eax, dword ptr fs:[00000030h] 10_2_02E7C188
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h] 10_2_02E4019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h] 10_2_02E4019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h] 10_2_02E4019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h] 10_2_02E4019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6154 mov eax, dword ptr fs:[00000030h] 10_2_02DC6154
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6154 mov eax, dword ptr fs:[00000030h] 10_2_02DC6154
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBC156 mov eax, dword ptr fs:[00000030h] 10_2_02DBC156
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94164 mov eax, dword ptr fs:[00000030h] 10_2_02E94164
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94164 mov eax, dword ptr fs:[00000030h] 10_2_02E94164
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h] 10_2_02E54144
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h] 10_2_02E54144
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E54144 mov ecx, dword ptr fs:[00000030h] 10_2_02E54144
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h] 10_2_02E54144
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h] 10_2_02E54144
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E58158 mov eax, dword ptr fs:[00000030h] 10_2_02E58158
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h] 10_2_02E6E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF0124 mov eax, dword ptr fs:[00000030h] 10_2_02DF0124
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E80115 mov eax, dword ptr fs:[00000030h] 10_2_02E80115
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6A118 mov ecx, dword ptr fs:[00000030h] 10_2_02E6A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6A118 mov eax, dword ptr fs:[00000030h] 10_2_02E6A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6A118 mov eax, dword ptr fs:[00000030h] 10_2_02E6A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6A118 mov eax, dword ptr fs:[00000030h] 10_2_02E6A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h] 10_2_02E3E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h] 10_2_02E3E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h] 10_2_02E3E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h] 10_2_02E3E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E406F1 mov eax, dword ptr fs:[00000030h] 10_2_02E406F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E406F1 mov eax, dword ptr fs:[00000030h] 10_2_02E406F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA6C7 mov ebx, dword ptr fs:[00000030h] 10_2_02DFA6C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA6C7 mov eax, dword ptr fs:[00000030h] 10_2_02DFA6C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4690 mov eax, dword ptr fs:[00000030h] 10_2_02DC4690
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4690 mov eax, dword ptr fs:[00000030h] 10_2_02DC4690
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF66B0 mov eax, dword ptr fs:[00000030h] 10_2_02DF66B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC6A6 mov eax, dword ptr fs:[00000030h] 10_2_02DFC6A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8866E mov eax, dword ptr fs:[00000030h] 10_2_02E8866E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8866E mov eax, dword ptr fs:[00000030h] 10_2_02E8866E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDC640 mov eax, dword ptr fs:[00000030h] 10_2_02DDC640
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF2674 mov eax, dword ptr fs:[00000030h] 10_2_02DF2674
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA660 mov eax, dword ptr fs:[00000030h] 10_2_02DFA660
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA660 mov eax, dword ptr fs:[00000030h] 10_2_02DFA660
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h] 10_2_02DD260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3E609 mov eax, dword ptr fs:[00000030h] 10_2_02E3E609
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC262C mov eax, dword ptr fs:[00000030h] 10_2_02DC262C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02619 mov eax, dword ptr fs:[00000030h] 10_2_02E02619
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DDE627 mov eax, dword ptr fs:[00000030h] 10_2_02DDE627
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF6620 mov eax, dword ptr fs:[00000030h] 10_2_02DF6620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF8620 mov eax, dword ptr fs:[00000030h] 10_2_02DF8620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4E7E1 mov eax, dword ptr fs:[00000030h] 10_2_02E4E7E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCC7C0 mov eax, dword ptr fs:[00000030h] 10_2_02DCC7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC47FB mov eax, dword ptr fs:[00000030h] 10_2_02DC47FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC47FB mov eax, dword ptr fs:[00000030h] 10_2_02DC47FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E407C3 mov eax, dword ptr fs:[00000030h] 10_2_02E407C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE27ED mov eax, dword ptr fs:[00000030h] 10_2_02DE27ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE27ED mov eax, dword ptr fs:[00000030h] 10_2_02DE27ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE27ED mov eax, dword ptr fs:[00000030h] 10_2_02DE27ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E747A0 mov eax, dword ptr fs:[00000030h] 10_2_02E747A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6678E mov eax, dword ptr fs:[00000030h] 10_2_02E6678E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC07AF mov eax, dword ptr fs:[00000030h] 10_2_02DC07AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0750 mov eax, dword ptr fs:[00000030h] 10_2_02DC0750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF674D mov esi, dword ptr fs:[00000030h] 10_2_02DF674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF674D mov eax, dword ptr fs:[00000030h] 10_2_02DF674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF674D mov eax, dword ptr fs:[00000030h] 10_2_02DF674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8770 mov eax, dword ptr fs:[00000030h] 10_2_02DC8770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h] 10_2_02DD0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02750 mov eax, dword ptr fs:[00000030h] 10_2_02E02750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E02750 mov eax, dword ptr fs:[00000030h] 10_2_02E02750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E44755 mov eax, dword ptr fs:[00000030h] 10_2_02E44755
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4E75D mov eax, dword ptr fs:[00000030h] 10_2_02E4E75D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0710 mov eax, dword ptr fs:[00000030h] 10_2_02DC0710
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF0710 mov eax, dword ptr fs:[00000030h] 10_2_02DF0710
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3C730 mov eax, dword ptr fs:[00000030h] 10_2_02E3C730
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC700 mov eax, dword ptr fs:[00000030h] 10_2_02DFC700
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF273C mov eax, dword ptr fs:[00000030h] 10_2_02DF273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF273C mov ecx, dword ptr fs:[00000030h] 10_2_02DF273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF273C mov eax, dword ptr fs:[00000030h] 10_2_02DF273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC720 mov eax, dword ptr fs:[00000030h] 10_2_02DFC720
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC720 mov eax, dword ptr fs:[00000030h] 10_2_02DFC720
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC04E5 mov ecx, dword ptr fs:[00000030h] 10_2_02DC04E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4A4B0 mov eax, dword ptr fs:[00000030h] 10_2_02E4A4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF44B0 mov ecx, dword ptr fs:[00000030h] 10_2_02DF44B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC64AB mov eax, dword ptr fs:[00000030h] 10_2_02DC64AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7A49A mov eax, dword ptr fs:[00000030h] 10_2_02E7A49A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE245A mov eax, dword ptr fs:[00000030h] 10_2_02DE245A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4C460 mov ecx, dword ptr fs:[00000030h] 10_2_02E4C460
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB645D mov eax, dword ptr fs:[00000030h] 10_2_02DB645D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h] 10_2_02DFE443
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEA470 mov eax, dword ptr fs:[00000030h] 10_2_02DEA470
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEA470 mov eax, dword ptr fs:[00000030h] 10_2_02DEA470
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEA470 mov eax, dword ptr fs:[00000030h] 10_2_02DEA470
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E7A456 mov eax, dword ptr fs:[00000030h] 10_2_02E7A456
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h] 10_2_02E46420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF8402 mov eax, dword ptr fs:[00000030h] 10_2_02DF8402
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF8402 mov eax, dword ptr fs:[00000030h] 10_2_02DF8402
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF8402 mov eax, dword ptr fs:[00000030h] 10_2_02DF8402
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA430 mov eax, dword ptr fs:[00000030h] 10_2_02DFA430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBE420 mov eax, dword ptr fs:[00000030h] 10_2_02DBE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBE420 mov eax, dword ptr fs:[00000030h] 10_2_02DBE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBE420 mov eax, dword ptr fs:[00000030h] 10_2_02DBE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBC427 mov eax, dword ptr fs:[00000030h] 10_2_02DBC427
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC65D0 mov eax, dword ptr fs:[00000030h] 10_2_02DC65D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA5D0 mov eax, dword ptr fs:[00000030h] 10_2_02DFA5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA5D0 mov eax, dword ptr fs:[00000030h] 10_2_02DFA5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE5CF mov eax, dword ptr fs:[00000030h] 10_2_02DFE5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE5CF mov eax, dword ptr fs:[00000030h] 10_2_02DFE5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC5ED mov eax, dword ptr fs:[00000030h] 10_2_02DFC5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC5ED mov eax, dword ptr fs:[00000030h] 10_2_02DFC5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h] 10_2_02DEE5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC25E0 mov eax, dword ptr fs:[00000030h] 10_2_02DC25E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFE59C mov eax, dword ptr fs:[00000030h] 10_2_02DFE59C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E405A7 mov eax, dword ptr fs:[00000030h] 10_2_02E405A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E405A7 mov eax, dword ptr fs:[00000030h] 10_2_02E405A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E405A7 mov eax, dword ptr fs:[00000030h] 10_2_02E405A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF4588 mov eax, dword ptr fs:[00000030h] 10_2_02DF4588
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC2582 mov eax, dword ptr fs:[00000030h] 10_2_02DC2582
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC2582 mov ecx, dword ptr fs:[00000030h] 10_2_02DC2582
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE45B1 mov eax, dword ptr fs:[00000030h] 10_2_02DE45B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE45B1 mov eax, dword ptr fs:[00000030h] 10_2_02DE45B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8550 mov eax, dword ptr fs:[00000030h] 10_2_02DC8550
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8550 mov eax, dword ptr fs:[00000030h] 10_2_02DC8550
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF656A mov eax, dword ptr fs:[00000030h] 10_2_02DF656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF656A mov eax, dword ptr fs:[00000030h] 10_2_02DF656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF656A mov eax, dword ptr fs:[00000030h] 10_2_02DF656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h] 10_2_02DEE53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h] 10_2_02DEE53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h] 10_2_02DEE53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h] 10_2_02DEE53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h] 10_2_02DEE53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E56500 mov eax, dword ptr fs:[00000030h] 10_2_02E56500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h] 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h] 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h] 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h] 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h] 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h] 10_2_02DD0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h] 10_2_02E94500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0AD0 mov eax, dword ptr fs:[00000030h] 10_2_02DC0AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF4AD0 mov eax, dword ptr fs:[00000030h] 10_2_02DF4AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF4AD0 mov eax, dword ptr fs:[00000030h] 10_2_02DF4AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E16ACC mov eax, dword ptr fs:[00000030h] 10_2_02E16ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E16ACC mov eax, dword ptr fs:[00000030h] 10_2_02E16ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E16ACC mov eax, dword ptr fs:[00000030h] 10_2_02E16ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFAAEE mov eax, dword ptr fs:[00000030h] 10_2_02DFAAEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFAAEE mov eax, dword ptr fs:[00000030h] 10_2_02DFAAEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E16AA4 mov eax, dword ptr fs:[00000030h] 10_2_02E16AA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF8A90 mov edx, dword ptr fs:[00000030h] 10_2_02DF8A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h] 10_2_02DCEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94A80 mov eax, dword ptr fs:[00000030h] 10_2_02E94A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8AA0 mov eax, dword ptr fs:[00000030h] 10_2_02DC8AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8AA0 mov eax, dword ptr fs:[00000030h] 10_2_02DC8AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0A5B mov eax, dword ptr fs:[00000030h] 10_2_02DD0A5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0A5B mov eax, dword ptr fs:[00000030h] 10_2_02DD0A5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6EA60 mov eax, dword ptr fs:[00000030h] 10_2_02E6EA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h] 10_2_02DC6A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3CA72 mov eax, dword ptr fs:[00000030h] 10_2_02E3CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3CA72 mov eax, dword ptr fs:[00000030h] 10_2_02E3CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFCA6F mov eax, dword ptr fs:[00000030h] 10_2_02DFCA6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFCA6F mov eax, dword ptr fs:[00000030h] 10_2_02DFCA6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFCA6F mov eax, dword ptr fs:[00000030h] 10_2_02DFCA6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFCA38 mov eax, dword ptr fs:[00000030h] 10_2_02DFCA38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE4A35 mov eax, dword ptr fs:[00000030h] 10_2_02DE4A35
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE4A35 mov eax, dword ptr fs:[00000030h] 10_2_02DE4A35
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEEA2E mov eax, dword ptr fs:[00000030h] 10_2_02DEEA2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4CA11 mov eax, dword ptr fs:[00000030h] 10_2_02E4CA11
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFCA24 mov eax, dword ptr fs:[00000030h] 10_2_02DFCA24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0BCD mov eax, dword ptr fs:[00000030h] 10_2_02DC0BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0BCD mov eax, dword ptr fs:[00000030h] 10_2_02DC0BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0BCD mov eax, dword ptr fs:[00000030h] 10_2_02DC0BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4CBF0 mov eax, dword ptr fs:[00000030h] 10_2_02E4CBF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE0BCB mov eax, dword ptr fs:[00000030h] 10_2_02DE0BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE0BCB mov eax, dword ptr fs:[00000030h] 10_2_02DE0BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE0BCB mov eax, dword ptr fs:[00000030h] 10_2_02DE0BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEEBFC mov eax, dword ptr fs:[00000030h] 10_2_02DEEBFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8BF0 mov eax, dword ptr fs:[00000030h] 10_2_02DC8BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8BF0 mov eax, dword ptr fs:[00000030h] 10_2_02DC8BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC8BF0 mov eax, dword ptr fs:[00000030h] 10_2_02DC8BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6EBD0 mov eax, dword ptr fs:[00000030h] 10_2_02E6EBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E74BB0 mov eax, dword ptr fs:[00000030h] 10_2_02E74BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E74BB0 mov eax, dword ptr fs:[00000030h] 10_2_02E74BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0BBE mov eax, dword ptr fs:[00000030h] 10_2_02DD0BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD0BBE mov eax, dword ptr fs:[00000030h] 10_2_02DD0BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DB8B50 mov eax, dword ptr fs:[00000030h] 10_2_02DB8B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E68B42 mov eax, dword ptr fs:[00000030h] 10_2_02E68B42
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DBCB7E mov eax, dword ptr fs:[00000030h] 10_2_02DBCB7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E56B40 mov eax, dword ptr fs:[00000030h] 10_2_02E56B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E56B40 mov eax, dword ptr fs:[00000030h] 10_2_02E56B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8AB40 mov eax, dword ptr fs:[00000030h] 10_2_02E8AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E74B4B mov eax, dword ptr fs:[00000030h] 10_2_02E74B4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E74B4B mov eax, dword ptr fs:[00000030h] 10_2_02E74B4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6EB50 mov eax, dword ptr fs:[00000030h] 10_2_02E6EB50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h] 10_2_02E92B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h] 10_2_02E92B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h] 10_2_02E92B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h] 10_2_02E92B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E88B28 mov eax, dword ptr fs:[00000030h] 10_2_02E88B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E88B28 mov eax, dword ptr fs:[00000030h] 10_2_02E88B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E94B00 mov eax, dword ptr fs:[00000030h] 10_2_02E94B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h] 10_2_02E3EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEEB20 mov eax, dword ptr fs:[00000030h] 10_2_02DEEB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEEB20 mov eax, dword ptr fs:[00000030h] 10_2_02DEEB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8A8E4 mov eax, dword ptr fs:[00000030h] 10_2_02E8A8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DEE8C0 mov eax, dword ptr fs:[00000030h] 10_2_02DEE8C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC8F9 mov eax, dword ptr fs:[00000030h] 10_2_02DFC8F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFC8F9 mov eax, dword ptr fs:[00000030h] 10_2_02DFC8F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E908C0 mov eax, dword ptr fs:[00000030h] 10_2_02E908C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC0887 mov eax, dword ptr fs:[00000030h] 10_2_02DC0887
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4C89D mov eax, dword ptr fs:[00000030h] 10_2_02E4C89D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4859 mov eax, dword ptr fs:[00000030h] 10_2_02DC4859
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC4859 mov eax, dword ptr fs:[00000030h] 10_2_02DC4859
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF0854 mov eax, dword ptr fs:[00000030h] 10_2_02DF0854
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E56870 mov eax, dword ptr fs:[00000030h] 10_2_02E56870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E56870 mov eax, dword ptr fs:[00000030h] 10_2_02E56870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4E872 mov eax, dword ptr fs:[00000030h] 10_2_02E4E872
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4E872 mov eax, dword ptr fs:[00000030h] 10_2_02E4E872
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD2840 mov ecx, dword ptr fs:[00000030h] 10_2_02DD2840
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6483A mov eax, dword ptr fs:[00000030h] 10_2_02E6483A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E6483A mov eax, dword ptr fs:[00000030h] 10_2_02E6483A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h] 10_2_02DE2835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h] 10_2_02DE2835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h] 10_2_02DE2835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2835 mov ecx, dword ptr fs:[00000030h] 10_2_02DE2835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h] 10_2_02DE2835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h] 10_2_02DE2835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DFA830 mov eax, dword ptr fs:[00000030h] 10_2_02DFA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4C810 mov eax, dword ptr fs:[00000030h] 10_2_02E4C810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4E9E0 mov eax, dword ptr fs:[00000030h] 10_2_02E4E9E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h] 10_2_02DCA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF49D0 mov eax, dword ptr fs:[00000030h] 10_2_02DF49D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E569C0 mov eax, dword ptr fs:[00000030h] 10_2_02E569C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF29F9 mov eax, dword ptr fs:[00000030h] 10_2_02DF29F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DF29F9 mov eax, dword ptr fs:[00000030h] 10_2_02DF29F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E8A9D3 mov eax, dword ptr fs:[00000030h] 10_2_02E8A9D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E489B3 mov esi, dword ptr fs:[00000030h] 10_2_02E489B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E489B3 mov eax, dword ptr fs:[00000030h] 10_2_02E489B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E489B3 mov eax, dword ptr fs:[00000030h] 10_2_02E489B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC09AD mov eax, dword ptr fs:[00000030h] 10_2_02DC09AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DC09AD mov eax, dword ptr fs:[00000030h] 10_2_02DC09AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h] 10_2_02DD29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0096E mov eax, dword ptr fs:[00000030h] 10_2_02E0096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0096E mov edx, dword ptr fs:[00000030h] 10_2_02E0096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E0096E mov eax, dword ptr fs:[00000030h] 10_2_02E0096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E4C97C mov eax, dword ptr fs:[00000030h] 10_2_02E4C97C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E64978 mov eax, dword ptr fs:[00000030h] 10_2_02E64978
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E64978 mov eax, dword ptr fs:[00000030h] 10_2_02E64978
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_02E40946 mov eax, dword ptr fs:[00000030h] 10_2_02E40946
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_004468DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 10_2_004468DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_0044838B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_0044838B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Code function: 10_2_00447EBF GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 10_2_00447EBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.14.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500930 Sample: SecuriteInfo.com.W32.MSIL_K... Startdate: 29/08/2024 Architecture: WINDOWS Score: 96 17 Malicious sample detected (through community Yara rule) 2->17 19 Antivirus / Scanner detection for submitted sample 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 5 other signatures 2->23 7 SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe 3 2->7         started        process3 file4 15 SecuriteInfo.com.W...30020.14911.exe.log, ASCII 7->15 dropped 25 Injects a PE file into a foreign processes 7->25 11 SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe 7->11         started        signatures5 process6 process7 13 WerFault.exe 19 16 11->13         started       
No contacted IP infos