Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe
Analysis ID: 1532108
MD5: c176313b73cb225cdf30935df4541b3d
SHA1: 383d2c973d98f8290934f2825853ff8bcb074700
SHA256: 16c1fbcec95d0c8fc26b4e491b8a89759ee10491992be8b8fc552ee4a18c87ad
Tags: exe
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Avira: detected
Antivirus detection for URL or domain
Source: https://steamcommunity.com/profiles/76561199724331900 URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ URL Reputation: Label: malware
Found malware configuration
Source: 2.2.SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe.400000.0.unpack Malware Configuration Extractor: LummaC {"C2 url": ["trustterwowqm.shop", "clearancek.site", "bathdoomgaz.store", "licendfilteo.site", "dissapoiznw.store", "studennotediw.store", "eaglepawnoy.store", "spirittunek.store", "mobbipenju.store"], "Build id": "tLYMe5--deli333"}
Multi AV Scanner detection for domain / URL
Source: sergei-esenin.com Virustotal: Detection: 17% Perma Link
Source: spirittunek.store Virustotal: Detection: 21% Perma Link
Source: trustterwowqm.shop Virustotal: Detection: 13% Perma Link
Source: mobbipenju.store Virustotal: Detection: 21% Perma Link
Source: eaglepawnoy.store Virustotal: Detection: 18% Perma Link
Source: bathdoomgaz.store Virustotal: Detection: 21% Perma Link
Source: licendfilteo.site Virustotal: Detection: 15% Perma Link
Source: clearancek.site Virustotal: Detection: 17% Perma Link
Source: dissapoiznw.store Virustotal: Detection: 21% Perma Link
Source: studennotediw.store Virustotal: Detection: 17% Perma Link
Source: trustterwowqm.shop Virustotal: Detection: 13% Perma Link
Source: studennotediw.store Virustotal: Detection: 17% Perma Link
Source: eaglepawnoy.store Virustotal: Detection: 18% Perma Link
Source: dissapoiznw.store Virustotal: Detection: 21% Perma Link
Source: bathdoomgaz.store Virustotal: Detection: 21% Perma Link
Source: https://sergei-esenin.com/$ Virustotal: Detection: 13% Perma Link
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe ReversingLabs: Detection: 31%
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Virustotal: Detection: 39% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 94.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: clearancek.site
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: licendfilteo.site
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: spirittunek.store
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: bathdoomgaz.store
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: studennotediw.store
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: dissapoiznw.store
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: eaglepawnoy.store
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: mobbipenju.store
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: trustterwowqm.shop
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000002.00000002.1918584823.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: tLYMe5--deli333
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008A9E7A FindFirstFileExW, 0_2_008A9E7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008A9E7A FindFirstFileExW, 1_2_008A9E7A
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4fcd41ef5bd1bb1eef35edf91e0472dd0e67f4_c344819e_eb7b3698-abbc-426e-9b28-efb2146c17e6\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_438eb18848ed4e6f3b2d695612a780d8ea1a6_33b06696_b83e288e-4fb5-4ed2-a616-c3d78ea46cdb\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00908000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h 0_2_00902070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_008EC19D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 0_2_008E6130
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h 0_2_009062B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_008E6390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp ecx 0_2_008D43B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ecx], al 0_2_008F234F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_008F234F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_008F234F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then inc edi 0_2_008D44CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+0Ch] 0_2_008F2462
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ecx], al 0_2_008F2462
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00908520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp eax 0_2_008D2687
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 0_2_0090466A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then push esi 0_2_008EE783
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_009027C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 0_2_00904716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_008F2900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_0090490A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+40h] 0_2_008D2948
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 0_2_008C2A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00904A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+000000C0h] 0_2_008D0A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [ebp-18h] 0_2_008CCB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_008E0B0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi] 0_2_008CAB10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_008CCCE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+000001C0h] 0_2_008D0CFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [esi+edx], bl 0_2_008CAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp byte ptr [eax+01h], 00000000h 0_2_008E6EEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ebx, byte ptr [eax+esi] 0_2_00904F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov dword ptr [esp+2Ch], ebp 0_2_00906F10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+0Ch] 0_2_008F3021
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp ecx 0_2_00907074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 0_2_008ED1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00907168
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_008CB290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [esi], ax 0_2_008E92A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_009032D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 0_2_008ED24C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_008EF3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h 0_2_008ED3D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_008EF310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp eax 0_2_0090736B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov edx, dword ptr [esp] 0_2_008BF41F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_008CF41B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp byte ptr [esi], 00000000h 0_2_008E7438
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h 0_2_008EB460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h 0_2_008EB460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [ebx], ax 0_2_008ED590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then push 00000000h 0_2_008C15E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, edi 0_2_008E770E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp byte ptr [edi], 00000000h 0_2_008D372A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+0Ch] 0_2_008F1776
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7789B0CBh 0_2_00905820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp byte ptr [esi+01h], 00000000h 0_2_008CD843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx edx, byte ptr [ecx+eax] 0_2_008CD960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov dword ptr [esp], 00000000h 0_2_008D9970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ecx], al 0_2_008F1AFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_008F1AFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_008F1AFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 0_2_00905A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_008F9BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_008DDBC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_00907BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_00907BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then lea eax, dword ptr [edi+04h] 0_2_008EBBE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 0_2_008C3B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00901C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 0_2_008FFC30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_00907D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_00907D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then push ebx 0_2_008D3D73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h 0_2_00907ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh 0_2_00907ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [ebx], ax 0_2_008DFF98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_008DBF55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_0040D390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 2_2_0044676A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 2_2_00446A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 2_2_00449CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 2_2_00449CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ebx, byte ptr [eax+esi] 2_2_00447082
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h 2_2_00444170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_0044A100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+0Ch] 2_2_00435121
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_004491F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp eax 2_2_004491F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 2_2_00428230
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 2_2_0042F2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 2_2_004453D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [esi], ax 2_2_0042B3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h 2_2_004483B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 2_2_0042F46A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 2_2_00431410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h 2_2_0042F4D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], cx 2_2_00428490
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 2_2_004314B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h 2_2_0042D560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h 2_2_0042D560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+0Ch] 2_2_0043456A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ecx], al 2_2_0043456A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 2_2_0041151B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov edx, dword ptr [esp] 2_2_0040151F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then inc edi 2_2_004165CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_0044A620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp eax 2_2_0041463D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+40h] 2_2_0041463D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then push 00000000h 2_2_004036E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [ebx], ax 2_2_0042F690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esi+0Ch] 2_2_0043387B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 2_2_00446816
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp byte ptr [edi], 00000000h 2_2_0041582B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 2_2_004448C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then push esi 2_2_00430883
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp byte ptr [esi+01h], 00000000h 2_2_0040F943
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7789B0CBh 2_2_00447920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], cx 2_2_0042D9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx edx, byte ptr [ecx+eax] 2_2_0040FA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov dword ptr [esp], 00000000h 2_2_0041BA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [edi], al 2_2_00434A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then lea eax, dword ptr [edi+04h] 2_2_0042DB64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+000000C0h] 2_2_00412B6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [ebx], ax 2_2_00421B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 2_2_00447B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_00446B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ecx], al 2_2_00433BD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_00433BD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_00433BD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], dx 2_2_00422BEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 2_2_00404B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi] 2_2_0040CC10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 2_2_00405C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_0041FCC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [ebp-18h] 2_2_0040EC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_00434C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_00434C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 2_2_0043BCA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov byte ptr [esi+edx], bl 2_2_0040CD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_00443D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 2_2_00441D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 2_2_0040EDE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp ecx 2_2_00448DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_00448DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp eax 2_2_00448DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+000001C0h] 2_2_00412DFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov word ptr [eax], dx 2_2_0041DD90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 2_2_00449E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 2_2_00449E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov dword ptr [esp+2Ch], ebp 2_2_00448ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp ecx 2_2_00448ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then mov eax, dword ptr [esp] 2_2_00448ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then jmp eax 2_2_00448ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h 2_2_00449FD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh 2_2_00449FD0

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:51901 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:50359 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:64271 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056174 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop) : 192.168.2.4:60422 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:49515 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:54720 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:64865 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:57258 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:53303 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.206.204:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.206.204:443
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49735 -> 172.67.206.204:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 172.67.206.204:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: trustterwowqm.shop
Source: Malware configuration extractor URLs: clearancek.site
Source: Malware configuration extractor URLs: bathdoomgaz.store
Source: Malware configuration extractor URLs: licendfilteo.site
Source: Malware configuration extractor URLs: dissapoiznw.store
Source: Malware configuration extractor URLs: studennotediw.store
Source: Malware configuration extractor URLs: eaglepawnoy.store
Source: Malware configuration extractor URLs: spirittunek.store
Source: Malware configuration extractor URLs: mobbipenju.store
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View IP Address: 172.67.206.204 172.67.206.204
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=47JuexSbWQVr1ssGx4yQxentsQn.LeX1WyFSzC4Cbos-1728725044-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 81Host: sergei-esenin.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=aabf4626129df8a40703b61b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 12 Oct 2024 09:24:03 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: trustterwowqm.shop
Source: global traffic DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic DNS traffic detected: DNS query: studennotediw.store
Source: global traffic DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic DNS traffic detected: DNS query: spirittunek.store
Source: global traffic DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic DNS traffic detected: DNS query: clearancek.site
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: sergei-esenin.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Amcache.hve.5.dr String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C84000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/$
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C78000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/apik:
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/apiws(
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1918863940.0000000000A1B000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: https://steamcommuact=recive_message&ver=4.0&lid=tLYMe5--deli333&j=5c9b8674a630d9101b46733aa37f15ec
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/6
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C84000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C84000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/t
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734655519.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cloudflare.com/learning/access-manag
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734605392.0000000000CB3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cloudflare.com/learning/access-managQ
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734655519.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734674117.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734351328.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727558354.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1727623116.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49735 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004396A0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 2_2_004396A0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004396A0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 2_2_004396A0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008D0080 0_2_008D0080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008A4023 0_2_008A4023
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_009062B0 0_2_009062B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008CC300 0_2_008CC300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C8360 0_2_008C8360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008FE5C0 0_2_008FE5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_0089C6FE 0_2_0089C6FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_009027C0 0_2_009027C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008E2930 0_2_008E2930
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008ECB02 0_2_008ECB02
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008FCCE0 0_2_008FCCE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008BEF00 0_2_008BEF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00896F3C 0_2_00896F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008EB081 0_2_008EB081
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008F70A0 0_2_008F70A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008BF19D 0_2_008BF19D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008A9144 0_2_008A9144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C3290 0_2_008C3290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C52A0 0_2_008C52A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008BF2FD 0_2_008BF2FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008BF23A 0_2_008BF23A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008F73A0 0_2_008F73A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C332A 0_2_008C332A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C9450 0_2_008C9450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008EB460 0_2_008EB460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C15E0 0_2_008C15E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008CF790 0_2_008CF790
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008F5880 0_2_008F5880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008AD875 0_2_008AD875
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008F5AB0 0_2_008F5AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008DDBC0 0_2_008DDBC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_0089FBD0 0_2_0089FBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C5CA0 0_2_008C5CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00891CD2 0_2_00891CD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C7C51 0_2_008C7C51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00905DD0 0_2_00905DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008ABEF1 0_2_008ABEF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00891F1A 0_2_00891F1A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008C9F60 0_2_008C9F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008A4023 1_2_008A4023
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008AD875 1_2_008AD875
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008A9144 1_2_008A9144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_0089FBD0 1_2_0089FBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00891CD2 1_2_00891CD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_0089C6FE 1_2_0089C6FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008ABEF1 1_2_008ABEF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00891F1A 1_2_00891F1A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00896F3C 1_2_00896F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004406C0 2_2_004406C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0040FFE0 2_2_0040FFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0040C060 2_2_0040C060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00401000 2_2_00401000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00447082 2_2_00447082
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00409110 2_2_00409110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004491F0 2_2_004491F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00412180 2_2_00412180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042D181 2_2_0042D181
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004391A0 2_2_004391A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0040129D 2_2_0040129D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00405340 2_2_00405340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042D181 2_2_0042D181
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004073A0 2_2_004073A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004483B0 2_2_004483B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0040A460 2_2_0040A460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0040E400 2_2_0040E400
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004394A0 2_2_004394A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0040B550 2_2_0040B550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042D560 2_2_0042D560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004305E0 2_2_004305E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004036E0 2_2_004036E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042B69D 2_2_0042B69D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004448C0 2_2_004448C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004298E2 2_2_004298E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00411890 2_2_00411890
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042E977 2_2_0042E977
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00409903 2_2_00409903
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004489D7 2_2_004489D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00437980 2_2_00437980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042D9A0 2_2_0042D9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042FA20 2_2_0042FA20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00424A30 2_2_00424A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042CAF0 2_2_0042CAF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00406B60 2_2_00406B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042DB64 2_2_0042DB64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00448B00 2_2_00448B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00409B1C 2_2_00409B1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00437BB0 2_2_00437BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0042EC02 2_2_0042EC02
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0041FCC0 2_2_0041FCC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0043EDE0 2_2_0043EDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00448DE0 2_2_00448DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00407DA0 2_2_00407DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00432E33 2_2_00432E33
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00448ED0 2_2_00448ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_00447ED0 2_2_00447ED0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 008A36CA appears 34 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 008DB870 appears 155 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 0089D615 appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 0089B3D1 appears 32 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 0041D970 appears 155 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 008CAA10 appears 96 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 00897830 appears 104 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: String function: 0040CB10 appears 45 times
One or more processes crash
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 268
PE / OLE file has an invalid certificate
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: invalid certificate
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Section: .data ZLIB complexity 0.9913750656512605
Source: classification engine Classification label: mal100.troj.evad.winEXE@8/13@11/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0043FDBB CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,SysStringLen, 2_2_0043FDBB
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7472
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7532
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\3a8b6103-90f2-4dd7-81c1-b4c11b28a585 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Command line argument: MZx 0_2_00892198
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Command line argument: MZx 0_2_00892198
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Command line argument: MZx 0_2_00892198
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe ReversingLabs: Detection: 31%
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Virustotal: Detection: 39%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 268
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1676
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 476
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00892198 push eax; ret 0_2_00892392
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00896E4B push ecx; ret 0_2_00896E5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008D374A push eax; retf 0_2_008D374F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00892198 push eax; ret 1_2_00892392
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00896E4B push ecx; ret 1_2_00896E5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_0041584A push eax; retf 2_2_0041584F
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe API coverage: 4.0 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe TID: 7572 Thread sleep time: -60000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008A9E7A FindFirstFileExW, 0_2_008A9E7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008A9E7A FindFirstFileExW, 1_2_008A9E7A
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4fcd41ef5bd1bb1eef35edf91e0472dd0e67f4_c344819e_eb7b3698-abbc-426e-9b28-efb2146c17e6\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_438eb18848ed4e6f3b2d695612a780d8ea1a6_33b06696_b83e288e-4fb5-4ed2-a616-c3d78ea46cdb\ Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue Jump to behavior
Source: Amcache.hve.5.dr Binary or memory string: VMware
Source: Amcache.hve.5.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.5.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734712477.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000003.1734389043.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Amcache.hve.5.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe, 00000002.00000002.1919029226.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWh
Source: Amcache.hve.5.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr Binary or memory string: vmci.sys
Source: Amcache.hve.5.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.5.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.5.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe API call chain: ExitProcess graph end node
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 2_2_004464F0 LdrInitializeThunk, 2_2_004464F0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_0089D27F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0089D27F
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00892198 mov edi, dword ptr fs:[00000030h] 0_2_00892198
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008AAA07 mov eax, dword ptr fs:[00000030h] 0_2_008AAA07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008A0E59 mov ecx, dword ptr fs:[00000030h] 0_2_008A0E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00892198 mov edi, dword ptr fs:[00000030h] 1_2_00892198
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008AAA07 mov eax, dword ptr fs:[00000030h] 1_2_008AAA07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008A0E59 mov ecx, dword ptr fs:[00000030h] 1_2_008A0E59
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008AD006 GetProcessHeap, 0_2_008AD006
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008972B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_008972B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_0089D27F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0089D27F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008975D8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_008975D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_00897765 SetUnhandledExceptionFilter, 0_2_00897765
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008972B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_008972B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_0089D27F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_0089D27F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_008975D8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_008975D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 1_2_00897765 SetUnhandledExceptionFilter, 1_2_00897765

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe base: 400000 value starts with: 4D5A Jump to behavior
LummaC encrypted strings found
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: licendfilteo.site
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: clearancek.site
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: bathdoomgaz.stor
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: spirittunek.stor
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: dissapoiznw.stor
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: studennotediw.stor
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: mobbipenju.stor
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: eaglepawnoy.stor
Source: SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe String found in binary or memory: trustterwowqm.shop
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe" Jump to behavior
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_008AC440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 0_2_008AC6E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 0_2_008AC7C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 0_2_008AC72D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_008AC853
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW, 0_2_008ACAA6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_008ACBCF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW, 0_2_008ACCD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_008ACDA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 0_2_008A3436
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW, 0_2_008A38E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW, 1_2_008A38E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 1_2_008AC853
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW, 1_2_008ACAA6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 1_2_008ACBCF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetLocaleInfoW, 1_2_008ACCD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 1_2_008A3436
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetACP,IsValidCodePage,GetLocaleInfoW, 1_2_008AC440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 1_2_008ACDA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 1_2_008AC6E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 1_2_008AC7C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: EnumSystemLocalesW, 1_2_008AC72D
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Code function: 0_2_008974D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_008974D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.5.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.5.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532108 Sample: SecuriteInfo.com.Win32.Cryp... Startdate: 12/10/2024 Architecture: WINDOWS Score: 100 22 trustterwowqm.shop 2->22 24 studennotediw.store 2->24 26 9 other IPs or domains 2->26 32 Multi AV Scanner detection for domain / URL 2->32 34 Suricata IDS alerts for network traffic 2->34 36 Found malware configuration 2->36 38 9 other signatures 2->38 8 SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe 2->8         started        signatures3 process4 signatures5 40 Injects a PE file into a foreign processes 8->40 11 SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe 8->11         started        14 WerFault.exe 21 16 8->14         started        16 SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exe 8->16         started        process6 dnsIp7 28 sergei-esenin.com 172.67.206.204, 443, 49733, 49735 CLOUDFLARENETUS United States 11->28 30 steamcommunity.com 104.102.49.254, 443, 49730 AKAMAI-ASUS United States 11->30 18 WerFault.exe 1 16 11->18         started        20 WerFault.exe 16 11->20         started        process8
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS true
172.67.206.204
 sergei-esenin.com United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
sergei-esenin.com 172.67.206.204 true
trustterwowqm.shop unknown unknown
eaglepawnoy.store unknown unknown
bathdoomgaz.store unknown unknown
spirittunek.store unknown unknown
licendfilteo.site unknown unknown
studennotediw.store unknown unknown
mobbipenju.store unknown unknown
clearancek.site unknown unknown
dissapoiznw.store unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
studennotediw.store true unknown
trustterwowqm.shop true unknown
dissapoiznw.store true unknown
https://steamcommunity.com/profiles/76561199724331900 true
  • URL Reputation: malware
 unknown
eaglepawnoy.store true unknown
bathdoomgaz.store true unknown
clearancek.site true
    		unknown
    spirittunek.store true
      		unknown
      licendfilteo.site true
        		unknown
        mobbipenju.store true
          		unknown