Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1737431170.0000000002D68000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1741165267.00000000056D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmE |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sajatypeworks.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1741882938.0000000005712000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sakkal.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sandoll.co.kr |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.tiro.com |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.typography.netD |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.urwpp.deDPlease |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1742504415.0000000006E72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.zhongyicts.com.cn |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20a |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CC8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002D72000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002C10000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002C39000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003F66000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CC8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003D14000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E43000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003C7A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E49000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E1E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003CA5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003F41000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003CEF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003F66000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CC8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003C9F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003D14000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E43000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003C7A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E49000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003E1E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003CA5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003F41000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4173648860.0000000003CEF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002CC8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe, 00000004.00000002.4171196895.0000000002DAD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: 4.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 4.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3f42e50.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3f42e50.5.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3f42e50.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3da9138.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3da9138.6.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3da9138.6.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3f42e50.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3f42e50.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3da9138.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3da9138.6.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000004.00000002.4169573077.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.1738966608.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe PID: 7252, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe PID: 7472, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mpclient.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wmitomi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, Rsjwms4Wh8At7jltVf.cs |
High entropy of concatenated method names: 'saV14aRn5H', 'moE1P52r93', 'TKw1lioyLO', 'Tgp1pca6Bh', 'Cmy1we7IUo', 'Wgq1DupFs5', 'CaI1Mi57nK', 'Lbw1sLeqBx', 'idZ13c8NAv', 'O0T1mxeA09' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, hnb1mywmKd17dlbrAS.cs |
High entropy of concatenated method names: 'Dispose', 'mR89ae4IBQ', 'SJdk0qMKGV', 'puBVVvKaKN', 'tps9oyNhKU', 'PRD9z8IgcF', 'ProcessDialogKey', 'E2dk8n82kY', 't9gk9jtrH3', 'mBmkkAPsqe' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, LVNaJWsMIVA7LTLASE.cs |
High entropy of concatenated method names: 'zu7RHG1UCo', 'vEbR0GP5w9', 'Eo1RnLElCC', 'zSyRb4C8gr', 'L0DRqt1jRb', 'TXZRg6Ppie', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, D33N8oUtGVx7cDxPuT.cs |
High entropy of concatenated method names: 'Lp7JThJpMH', 'q8ZJr8Jvgu', 'xaoJqZNHsW', 'CwFJX9qL4U', 'BgjJ0sJB97', 'HlbJnZxrmw', 'UUJJbpHxl3', 'TmgJgfpCvS', 'OX8Jiv5yws', 'f4pJfSeAAh' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, zQyvpDqyxKTxd6tm0NN.cs |
High entropy of concatenated method names: 'GR7x4eMqyc', 'Kq8xPbdu6R', 'J7BxlIIphe', 'GQ7xpT3Nxd', 'LmaxwG8D2Y', 'R9hxDqi7L0', 'Ax6xMaB0Zt', 'NxYxs9KyRH', 'MlHx3p2K2W', 'VG5xmLUKfn' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, ksWtZCxKsl0TxRCTo8.cs |
High entropy of concatenated method names: 'GMr1LFkylo', 'hBS1ywuum5', 'ro41O5nLLW', 'VWvOoTrbwJ', 'x5aOzGVTLw', 'IAf18nrD6A', 'n5n19G5FS1', 'fBl1kLDsu7', 'j8A1QDxhFt', 'QhN1d7YRXe' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, pLwTg0qqY9GrvEoZXIs.cs |
High entropy of concatenated method names: 'ToString', 'a145Q4j8pu', 'KEt5dvERQh', 'DdN5I8eM0e', 'f0E5LRPIbe', 'wT056EPSsu', 'gSU5yxunrt', 'Gsw5EYZYIa', 'f7knYFscmhRWVWPDeQu', 'mTw6y3s22lokcZlLY0g' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, E0RYX9X2eibsstJT2l.cs |
High entropy of concatenated method names: 'MToQIXKWBI', 'I3SQLs48n8', 'uf5Q6q4VEy', 'KWqQy0BBF1', 'UBEQEkuB7E', 'mIqQOFIKAA', 'wXWQ1wxG4a', 'sO5QKUDr8X', 'UTHQ7jmngF', 'T7eQFOJ0LT' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, lDlgAUP9SyyXYURNLR.cs |
High entropy of concatenated method names: 'EJi4pnojSnyAHRWqhYg', 'ErevP5orqMYelnaL321', 'kFEORtVAdX', 'Ku5Ox8stk6', 'OVRO5Ji6lb', 'CxNx8bo8umiUIrPhE6k', 'lIrvcSoddavqGvXHa7M' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, sC7nprRRvT8OJFZjOZ.cs |
High entropy of concatenated method names: 'rIk91RDsii', 'EuM9KyEpgg', 'KVG9F5wdH3', 'bJN9UWuJYc', 'ATy9J00PbH', 'l2k9e5iRIA', 'vgjpq3mDGeNj5ln0ix', 'wBXtHAIWQFkdYio0Cv', 'BC899EETi8', 'CUS9QYaSid' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, fSdvMKZMagrtwMm7Ri.cs |
High entropy of concatenated method names: 'lq2yprocYj', 'nEuyDyGS7y', 'IYryswC2ld', 'nvAy3Hoa8O', 'hRjyJPOISS', 'jDsyeSX940', 'o7iyCsHSMo', 'DnVyR9lYX6', 'DTQyx7NjxD', 'mKPy5h79Hy' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, O9PymkJ3NMlC2399qj.cs |
High entropy of concatenated method names: 'JKQhsEQCnj', 'o1Ah3VGbtY', 'GAThHYAQtH', 'Enah09bSsm', 'XX6hbdHFie', 'lgehgYG4SG', 'TZAhf0svRZ', 'TJEhckoEtg', 'RcthTZ3osW', 'FO5hjXiRBb' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, pBjySHqM5QnwRNWaSBd.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q9V5qOaeUr', 'h9u5XNVCx7', 'ufn5G8oA96', 'hl95AuUrbM', 'hsu5SjNYox', 'xFD5N7vpyl', 'Skh5Ydgfbf' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, xGB0Wf6bc0bOdc8jTI.cs |
High entropy of concatenated method names: 'kTtEwQ9SoG', 'kClEM2Olvv', 'OTJynuxQtD', 'jUNybontt7', 'lvTyg7lONl', 'Up9yi4TYcW', 'myLyfre4Cc', 'fSgycK60ak', 'kBRyWA5x19', 'hseyTKO9Er' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, KdpVO0auC752URy1LH.cs |
High entropy of concatenated method names: 'ToString', 'Po7ejc2CtV', 'Li3e0yrEQ1', 'gqcenHUq3F', 'cTYebFVO9p', 'n2CegR7eyF', 'kTfeiJlr7P', 'jBIefowaER', 'jS7ecR3arw', 'iuMeWWiTPi' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, AnptoFjC7pNu1LqbY6.cs |
High entropy of concatenated method names: 'CxkCFyqNu8', 'tj9CULHR6k', 'ToString', 'jC5CL1HVrm', 'MYdC69JfMJ', 'f0gCy1rBOY', 'pTuCEljQqC', 'NKNCOjgG2b', 'YOeC1GsAfv', 'GMgCKDLHCP' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, qyT5B9fG4eENyHVdsw.cs |
High entropy of concatenated method names: 'GDqlxlYY4', 'hF5peEa0M', 'o9TDoN5Sa', 'wU4MruruE', 'K6k3fAj0h', 'DvImOJLqB', 'zPRJ50FG9eMejJkPmf', 'xSdN05GCNU8MZjBOu4', 'LtVR8YQni', 'nNH5UoFYi' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, ojeKecA3ycAgUvCgAn.cs |
High entropy of concatenated method names: 'BIix9SCJrv', 'PtdxQIBCLk', 'IYPxdRPe6o', 'J5cxL9cHMs', 'CZAx6rxAZF', 'DFAxEvYZXS', 'VmAxOPV1Wm', 'AjdRYjjrNi', 'K6VRuXW5nW', 'EtMRayGmQ3' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, kIOpWCowqWShKUKAee.cs |
High entropy of concatenated method names: 'fE5OI5NlLu', 'JfaO6bhCVu', 'PbdOEEUXYB', 'HStO1rReIi', 'FpJOKcMl0A', 'Ae8ESKhqgT', 'xT8ENk6Jhd', 'ISGEY5g6xW', 'Gq6EuAu9tU', 'O17EaNTZyA' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, KSQ07YHqchvMXla9N1.cs |
High entropy of concatenated method names: 'KKiRLLy6UN', 'HyrR6tuCpv', 'I8FRyKkQtY', 'FLLREStOBv', 'y0gROgqMIT', 'fE7R1G5hdk', 'gYnRKgLSgW', 'eixR7pHk04', 'g1yRFMTaBb', 'qkbRU4rFDr' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.3fc7870.4.raw.unpack, Uel8r1lQF2PkteGZrv.cs |
High entropy of concatenated method names: 'ltB6qcLvY0', 'brs6XHEJGa', 'WxM6GUBM0C', 'vP96AccmpA', 'YcG6SWCc1l', 'ePZ6NA8XmP', 'GaS6YUKp4S', 'ygy6uRCKrX', 'miQ6aI944q', 's4k6o6UxDd' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.56a0000.7.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.2d9fcdc.1.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, Rsjwms4Wh8At7jltVf.cs |
High entropy of concatenated method names: 'saV14aRn5H', 'moE1P52r93', 'TKw1lioyLO', 'Tgp1pca6Bh', 'Cmy1we7IUo', 'Wgq1DupFs5', 'CaI1Mi57nK', 'Lbw1sLeqBx', 'idZ13c8NAv', 'O0T1mxeA09' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, hnb1mywmKd17dlbrAS.cs |
High entropy of concatenated method names: 'Dispose', 'mR89ae4IBQ', 'SJdk0qMKGV', 'puBVVvKaKN', 'tps9oyNhKU', 'PRD9z8IgcF', 'ProcessDialogKey', 'E2dk8n82kY', 't9gk9jtrH3', 'mBmkkAPsqe' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, LVNaJWsMIVA7LTLASE.cs |
High entropy of concatenated method names: 'zu7RHG1UCo', 'vEbR0GP5w9', 'Eo1RnLElCC', 'zSyRb4C8gr', 'L0DRqt1jRb', 'TXZRg6Ppie', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, D33N8oUtGVx7cDxPuT.cs |
High entropy of concatenated method names: 'Lp7JThJpMH', 'q8ZJr8Jvgu', 'xaoJqZNHsW', 'CwFJX9qL4U', 'BgjJ0sJB97', 'HlbJnZxrmw', 'UUJJbpHxl3', 'TmgJgfpCvS', 'OX8Jiv5yws', 'f4pJfSeAAh' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, zQyvpDqyxKTxd6tm0NN.cs |
High entropy of concatenated method names: 'GR7x4eMqyc', 'Kq8xPbdu6R', 'J7BxlIIphe', 'GQ7xpT3Nxd', 'LmaxwG8D2Y', 'R9hxDqi7L0', 'Ax6xMaB0Zt', 'NxYxs9KyRH', 'MlHx3p2K2W', 'VG5xmLUKfn' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, ksWtZCxKsl0TxRCTo8.cs |
High entropy of concatenated method names: 'GMr1LFkylo', 'hBS1ywuum5', 'ro41O5nLLW', 'VWvOoTrbwJ', 'x5aOzGVTLw', 'IAf18nrD6A', 'n5n19G5FS1', 'fBl1kLDsu7', 'j8A1QDxhFt', 'QhN1d7YRXe' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, pLwTg0qqY9GrvEoZXIs.cs |
High entropy of concatenated method names: 'ToString', 'a145Q4j8pu', 'KEt5dvERQh', 'DdN5I8eM0e', 'f0E5LRPIbe', 'wT056EPSsu', 'gSU5yxunrt', 'Gsw5EYZYIa', 'f7knYFscmhRWVWPDeQu', 'mTw6y3s22lokcZlLY0g' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, E0RYX9X2eibsstJT2l.cs |
High entropy of concatenated method names: 'MToQIXKWBI', 'I3SQLs48n8', 'uf5Q6q4VEy', 'KWqQy0BBF1', 'UBEQEkuB7E', 'mIqQOFIKAA', 'wXWQ1wxG4a', 'sO5QKUDr8X', 'UTHQ7jmngF', 'T7eQFOJ0LT' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, lDlgAUP9SyyXYURNLR.cs |
High entropy of concatenated method names: 'EJi4pnojSnyAHRWqhYg', 'ErevP5orqMYelnaL321', 'kFEORtVAdX', 'Ku5Ox8stk6', 'OVRO5Ji6lb', 'CxNx8bo8umiUIrPhE6k', 'lIrvcSoddavqGvXHa7M' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, sC7nprRRvT8OJFZjOZ.cs |
High entropy of concatenated method names: 'rIk91RDsii', 'EuM9KyEpgg', 'KVG9F5wdH3', 'bJN9UWuJYc', 'ATy9J00PbH', 'l2k9e5iRIA', 'vgjpq3mDGeNj5ln0ix', 'wBXtHAIWQFkdYio0Cv', 'BC899EETi8', 'CUS9QYaSid' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, fSdvMKZMagrtwMm7Ri.cs |
High entropy of concatenated method names: 'lq2yprocYj', 'nEuyDyGS7y', 'IYryswC2ld', 'nvAy3Hoa8O', 'hRjyJPOISS', 'jDsyeSX940', 'o7iyCsHSMo', 'DnVyR9lYX6', 'DTQyx7NjxD', 'mKPy5h79Hy' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, O9PymkJ3NMlC2399qj.cs |
High entropy of concatenated method names: 'JKQhsEQCnj', 'o1Ah3VGbtY', 'GAThHYAQtH', 'Enah09bSsm', 'XX6hbdHFie', 'lgehgYG4SG', 'TZAhf0svRZ', 'TJEhckoEtg', 'RcthTZ3osW', 'FO5hjXiRBb' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, pBjySHqM5QnwRNWaSBd.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q9V5qOaeUr', 'h9u5XNVCx7', 'ufn5G8oA96', 'hl95AuUrbM', 'hsu5SjNYox', 'xFD5N7vpyl', 'Skh5Ydgfbf' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, xGB0Wf6bc0bOdc8jTI.cs |
High entropy of concatenated method names: 'kTtEwQ9SoG', 'kClEM2Olvv', 'OTJynuxQtD', 'jUNybontt7', 'lvTyg7lONl', 'Up9yi4TYcW', 'myLyfre4Cc', 'fSgycK60ak', 'kBRyWA5x19', 'hseyTKO9Er' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, KdpVO0auC752URy1LH.cs |
High entropy of concatenated method names: 'ToString', 'Po7ejc2CtV', 'Li3e0yrEQ1', 'gqcenHUq3F', 'cTYebFVO9p', 'n2CegR7eyF', 'kTfeiJlr7P', 'jBIefowaER', 'jS7ecR3arw', 'iuMeWWiTPi' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, AnptoFjC7pNu1LqbY6.cs |
High entropy of concatenated method names: 'CxkCFyqNu8', 'tj9CULHR6k', 'ToString', 'jC5CL1HVrm', 'MYdC69JfMJ', 'f0gCy1rBOY', 'pTuCEljQqC', 'NKNCOjgG2b', 'YOeC1GsAfv', 'GMgCKDLHCP' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, qyT5B9fG4eENyHVdsw.cs |
High entropy of concatenated method names: 'GDqlxlYY4', 'hF5peEa0M', 'o9TDoN5Sa', 'wU4MruruE', 'K6k3fAj0h', 'DvImOJLqB', 'zPRJ50FG9eMejJkPmf', 'xSdN05GCNU8MZjBOu4', 'LtVR8YQni', 'nNH5UoFYi' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, ojeKecA3ycAgUvCgAn.cs |
High entropy of concatenated method names: 'BIix9SCJrv', 'PtdxQIBCLk', 'IYPxdRPe6o', 'J5cxL9cHMs', 'CZAx6rxAZF', 'DFAxEvYZXS', 'VmAxOPV1Wm', 'AjdRYjjrNi', 'K6VRuXW5nW', 'EtMRayGmQ3' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, kIOpWCowqWShKUKAee.cs |
High entropy of concatenated method names: 'fE5OI5NlLu', 'JfaO6bhCVu', 'PbdOEEUXYB', 'HStO1rReIi', 'FpJOKcMl0A', 'Ae8ESKhqgT', 'xT8ENk6Jhd', 'ISGEY5g6xW', 'Gq6EuAu9tU', 'O17EaNTZyA' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, KSQ07YHqchvMXla9N1.cs |
High entropy of concatenated method names: 'KKiRLLy6UN', 'HyrR6tuCpv', 'I8FRyKkQtY', 'FLLREStOBv', 'y0gROgqMIT', 'fE7R1G5hdk', 'gYnRKgLSgW', 'eixR7pHk04', 'g1yRFMTaBb', 'qkbRU4rFDr' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.77a0000.8.raw.unpack, Uel8r1lQF2PkteGZrv.cs |
High entropy of concatenated method names: 'ltB6qcLvY0', 'brs6XHEJGa', 'WxM6GUBM0C', 'vP96AccmpA', 'YcG6SWCc1l', 'ePZ6NA8XmP', 'GaS6YUKp4S', 'ygy6uRCKrX', 'miQ6aI944q', 's4k6o6UxDd' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.2d4f16c.3.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.2d966c4.0.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe.2d45b54.2.raw.unpack, JK.cs |
High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599773 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599672 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599125 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598906 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598797 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598687 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598577 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598468 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598359 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598250 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598140 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598031 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597922 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597812 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597703 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597593 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597484 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597375 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597265 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597156 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597046 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596718 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596276 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596172 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596062 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595953 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595843 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595625 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595297 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594968 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7272 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7644 |
Thread sleep time: -4611686018427385s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -27670116110564310s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7780 |
Thread sleep count: 7912 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7780 |
Thread sleep count: 1956 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599773s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599125s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -599015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598906s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598797s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598577s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598468s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598359s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598250s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598140s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -598031s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597922s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597812s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597703s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597593s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597484s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597375s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597265s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597156s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -597046s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596937s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596828s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596718s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596609s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596500s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596390s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596276s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596172s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -596062s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595953s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595843s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595734s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595625s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595515s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595187s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -595078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -594968s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -594859s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -594750s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe TID: 7776 |
Thread sleep time: -594640s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599773 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599672 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599125 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598906 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598797 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598687 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598577 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598468 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598359 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598250 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598140 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 598031 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597922 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597812 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597703 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597593 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597484 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597375 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597265 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597156 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 597046 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596718 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596276 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596172 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 596062 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595953 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595843 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595625 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595297 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594968 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.1497.25511.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |