Edit tour

Windows Analysis Report
SimpleLoader v2.1.exe1.exe

Overview

General Information

Sample name:	SimpleLoader v2.1.exe1.exe
Analysis ID:	1637271
MD5:	eff5d3bc8920a72ad1bb26e34e3f5132
SHA1:	672aafe1ddd2a21ce76d04d287ac1ec0ae60087b
SHA256:	cfcf4fec48112057c235868a2561693719656dd179862b895de3908bd8f4956c
Tags:	exeuser-TornadoAV_dev
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

SimpleLoader v2.1.exe1.exe (PID: 6396 cmdline: "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe" MD5: EFF5D3BC8920A72AD1BB26E34E3F5132)

SimpleLoader v2.1.exe1.exe (PID: 6636 cmdline: "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe" MD5: EFF5D3BC8920A72AD1BB26E34E3F5132)

SimpleLoader v2.1.exe1.exe (PID: 6632 cmdline: "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe" MD5: EFF5D3BC8920A72AD1BB26E34E3F5132)

SimpleLoader v2.1.exe1.exe (PID: 6680 cmdline: "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe" MD5: EFF5D3BC8920A72AD1BB26E34E3F5132)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["decorathnome.icu/ABbss", "crosshairc.life/dAnjhw", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"], "Build id": "b4287a743f335371bbe1c5776c8678552b93aece476cd0a7b2d34d7b"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.2609424437.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000003.1477891390.0000000001093000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000003.1520161620.000000000109D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000003.1551661764.0000000001049000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SimpleLoader v2.1.exe1.exe PID: 6680	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SimpleLoader v2.1.exe1.exe PID: 6680	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2.SimpleLoader v2.1.exe1.exe.400000.0.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
4.2.SimpleLoader v2.1.exe1.exe.400000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-13T13:33:32.771778+0100	2028371	3	Unknown Traffic	192.168.2.6	49687	149.154.167.99	443	TCP
2025-03-13T13:33:35.321046+0100	2028371	3	Unknown Traffic	192.168.2.6	49688	172.67.144.37	443	TCP
2025-03-13T13:33:36.660991+0100	2028371	3	Unknown Traffic	192.168.2.6	49689	172.67.144.37	443	TCP
2025-03-13T13:33:39.070480+0100	2028371	3	Unknown Traffic	192.168.2.6	49690	172.67.144.37	443	TCP
2025-03-13T13:33:41.189411+0100	2028371	3	Unknown Traffic	192.168.2.6	49691	172.67.144.37	443	TCP
2025-03-13T13:33:44.206390+0100	2028371	3	Unknown Traffic	192.168.2.6	49692	172.67.144.37	443	TCP
2025-03-13T13:33:47.875469+0100	2028371	3	Unknown Traffic	192.168.2.6	49694	172.67.144.37	443	TCP
2025-03-13T13:33:51.297930+0100	2028371	3	Unknown Traffic	192.168.2.6	49697	172.67.144.37	443	TCP
2025-03-13T13:33:55.169599+0100	2028371	3	Unknown Traffic	192.168.2.6	49700	172.67.144.37	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: crosshairc.life/dAnjhw

Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: LummaC {"C2 url": ["decorathnome.icu/ABbss", "crosshairc.life/dAnjhw", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"], "Build id": "b4287a743f335371bbe1c5776c8678552b93aece476cd0a7b2d34d7b"}

Multi AV Scanner detection for submitted file

Source: SimpleLoader v2.1.exe1.exe	Virustotal: Detection: 42%			Perma Link
Source: SimpleLoader v2.1.exe1.exe	ReversingLabs: Detection: 39%

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: decorathnome.icu/ABbss
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: crosshairc.life/dAnjhw
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: mrodularmall.top/aNzS
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: jowinjoinery.icu/bdWUa
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: legenassedk.top/bdpWO
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: htardwarehu.icu/Sbdsa
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: cjlaspcorne.icu/DbIps
Source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String decryptor: bugildbett.top/bAuz

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041CAA0 CryptUnprotectData,CryptUnprotectData,		4_2_0041CAA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041BED0 CryptUnprotectData,		4_2_0041BED0

Source: SimpleLoader v2.1.exe1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49700 version: TLS 1.2

Source: SimpleLoader v2.1.exe1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00628ECE FindFirstFileExW,	0_2_00628ECE
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00628F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00628F7F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00628ECE FindFirstFileExW,	2_2_00628ECE
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00628F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00628F7F

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+3EEB158Ah]	4_2_0040D880
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then cmp word ptr [edi+ebx], 0000h	4_2_0044E140
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C0F3A0E1h	4_2_0044C13E
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+000000E0h]	4_2_00411A86
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 18A944CDh	4_2_0041CAA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov eax, ecx	4_2_0041CAA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [esi], cl	4_2_00439E3D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+00000160h]	4_2_0041BED0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+000002E8h]	4_2_0041BED0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+7002D656h]	4_2_00430EF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+04h]	4_2_0044B695
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h	4_2_0044E850
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-000000DAh]	4_2_0044E850
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx eax, word ptr [ecx]	4_2_0044E850
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h	4_2_0044A0E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	4_2_00435090
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	4_2_0041B150
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-3A6108A1h]	4_2_00423938
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, word ptr [ebx+eax]	4_2_0042A1D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h	4_2_0042A1D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov word ptr [eax], cx	4_2_004219EE
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-30929966h]	4_2_0043998F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-48C7705Ah]	4_2_0041B210
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-48C7705Eh]	4_2_0044A220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	4_2_0040A230
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	4_2_0040A230
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then jmp dword ptr [004555DCh]	4_2_00420AE4
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax-639E4F5Ch]	4_2_0042134F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-3CB6001Eh]	4_2_00428350
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+50DC5C06h]	4_2_0040DB5B
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [edi], al	4_2_00437376
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then jmp ecx	4_2_0042FB3B
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then lea edx, dword ptr [eax+00000270h]	4_2_0040BBD0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [edi], al	4_2_004373E4
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [edi], 00000020h	4_2_00437395
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [ebx], al	4_2_00439B99
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+06h]	4_2_004333B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [edi], al	4_2_00437443
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+000002E8h]	4_2_0041C444
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esp+38h], 00000800h	4_2_00430451
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+1D2427C0h]	4_2_0043946D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then jmp ecx	4_2_0042FC38
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+3E68D7A0h]	4_2_0040C4F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+08h]	4_2_0040C4F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+1BA59E12h]	4_2_0040C4F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esp+04h], edi	4_2_0041D4F8
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [edi], cl	4_2_00437CB9
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esp], edx	4_2_00432557
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov word ptr [eax], cx	4_2_00433DD6
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov edx, edi	4_2_004255A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+76318D9Ah]	4_2_0044A640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-48C7705Eh]	4_2_0044A640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esi], 6B6A7573h	4_2_0044BE48
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	4_2_00443660
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-505762B2h]	4_2_0041EE70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edi-0AAF5356h]	4_2_00437E7B
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov byte ptr [edi], cl	4_2_00438E0F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-3AEEC40Ch]	4_2_004316FF
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then jmp eax	4_2_004316FF
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-1ADEC1F4h]	4_2_004236B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+6Ch]	4_2_0041DF48
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov word ptr [eax], cx	4_2_0041DF48
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esp+04h], edx	4_2_0041DF48
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esp+0Ch], eax	4_2_0042A750
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+10h]	4_2_0040DF5F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov word ptr [esi], cx	4_2_00412F23
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-21FA49F8h]	4_2_0044DFF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	4_2_00402780
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+edx+10h]	4_2_004337A2
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4x nop then mov dword ptr [esp], eax	4_2_00410FB0

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: decorathnome.icu/ABbss
Source: Malware configuration extractor	URLs: crosshairc.life/dAnjhw
Source: Malware configuration extractor	URLs: mrodularmall.top/aNzS
Source: Malware configuration extractor	URLs: jowinjoinery.icu/bdWUa
Source: Malware configuration extractor	URLs: legenassedk.top/bdpWO
Source: Malware configuration extractor	URLs: htardwarehu.icu/Sbdsa
Source: Malware configuration extractor	URLs: cjlaspcorne.icu/DbIps
Source: Malware configuration extractor	URLs: bugildbett.top/bAuz

Source: global traffic

HTTP traffic detected: GET /kz_prokla1 HTTP/1.1Connection: Keep-AliveHost: t.me

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49689 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49688 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49690 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49692 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49697 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49700 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49687 -> 149.154.167.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49694 -> 172.67.144.37:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49691 -> 172.67.144.37:443

Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: decorathnome.icu
Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=87FJSNfYEi5IPIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14913Host: decorathnome.icu
Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=kv8WaGUgIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15069Host: decorathnome.icu
Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3T4Imk2rn0Pq7NUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19951Host: decorathnome.icu
Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=qrGMjjA121User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2393Host: decorathnome.icu
Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=wLQyQqHZ9S2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 589071Host: decorathnome.icu
Source: global traffic	HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 103Host: decorathnome.icu

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /kz_prokla1 HTTP/1.1Connection: Keep-AliveHost: t.me

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: decorathnome.icu

Source: unknown

HTTP traffic detected: POST /ABbss HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: decorathnome.icu

Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478974812.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org?q=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu//
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1595827243.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1477812993.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218298564.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551469610.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1477310973.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478953161.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000002.2610086431.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571288821.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1509553771.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000002.2610051245.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456171629.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000101C000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1457415838.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551358100.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbss
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssA
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1570683653.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571141047.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000002.2610086431.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1556473568.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551358100.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssC
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssF
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1595827243.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571288821.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssPM=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1477812993.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1477310973.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1478953161.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1457415838.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssQvQ
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456171629.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssTs
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000103D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssW
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/ABbssm
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000105D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/W
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1477891390.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/Windows
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551469610.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/s
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551469610.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/sows
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218298564.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000002.2610051245.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu/x8
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571288821.00000000010A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://decorathnome.icu:443/ABbss
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabv20-
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484721856.0000000003AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484721856.0000000003AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.0000000001027000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394821560.0000000001085000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394763471.0000000001027000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394641354.0000000001099000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394660916.0000000001093000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394678962.000000000103F000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.000000000103D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/kz_prokla1
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394678962.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394678962.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=a88ac38d923dcffb84_785111170565
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1394678962.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.orgX-Frame-OptionsALLOW-FROM
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/v20
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435581061.00000000038D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484629474.00000000038D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484629474.00000000038D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484721856.0000000003AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484721856.0000000003AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1484721856.0000000003AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1485841501.00000000010C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.144.37:443 -> 192.168.2.6:49700 version: TLS 1.2

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 4_2_004416E0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,

4_2_004416E0

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 4_2_03641000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,GetClipboardSequenceNumber,

4_2_03641000

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 4_2_004416E0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,

4_2_004416E0

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 4_2_004418D0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

4_2_004418D0

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E31F0	0_2_005E31F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E3640	0_2_005E3640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060F060	0_2_0060F060
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F4040	0_2_005F4040
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E6070	0_2_005E6070
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060A020	0_2_0060A020
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FC010	0_2_005FC010
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E1000	0_2_005E1000
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00613813	0_2_00613813
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FA820	0_2_005FA820
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F9020	0_2_005F9020
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_006100D0	0_2_006100D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E8090	0_2_005E8090
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F0890	0_2_005F0890
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E4080	0_2_005E4080
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060D080	0_2_0060D080
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00603890	0_2_00603890
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00611890	0_2_00611890
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E58A0	0_2_005E58A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FE0A0	0_2_005FE0A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00613160	0_2_00613160
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E4940	0_2_005E4940
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FC940	0_2_005FC940
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EE170	0_2_005EE170
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00612920	0_2_00612920
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00609100	0_2_00609100
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0062C908	0_2_0062C908
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00600110	0_2_00600110
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FB1E0	0_2_005FB1E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060F9B0	0_2_0060F9B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F6180	0_2_005F6180
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00608A50	0_2_00608A50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00616A54	0_2_00616A54
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00605220	0_2_00605220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00606A00	0_2_00606A00
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00608200	0_2_00608200
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00600A10	0_2_00600A10
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E5220	0_2_005E5220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E9220	0_2_005E9220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060F2E0	0_2_0060F2E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EF2D0	0_2_005EF2D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F52C0	0_2_005F52C0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F4290	0_2_005F4290
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00609AB0	0_2_00609AB0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E2280	0_2_005E2280
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EEAA0	0_2_005EEAA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00601370	0_2_00601370
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E8340	0_2_005E8340
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060EB40	0_2_0060EB40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FFB70	0_2_005FFB70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00600350	0_2_00600350
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EC310	0_2_005EC310
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EB300	0_2_005EB300
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FF3D0	0_2_005FF3D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F73F0	0_2_005F73F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E6390	0_2_005E6390
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F3390	0_2_005F3390
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FABA0	0_2_005FABA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00605C60	0_2_00605C60
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00613477	0_2_00613477
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E2C40	0_2_005E2C40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FEC40	0_2_005FEC40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00608C40	0_2_00608C40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00608450	0_2_00608450
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00621420	0_2_00621420
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0061B41A	0_2_0061B41A
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E5C20	0_2_005E5C20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EE4C0	0_2_005EE4C0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F3CC0	0_2_005F3CC0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FCCE0	0_2_005FCCE0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F0490	0_2_005F0490
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E6C80	0_2_005E6C80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F6480	0_2_005F6480
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00605480	0_2_00605480
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00612480	0_2_00612480
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00613C90	0_2_00613C90
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E54A0	0_2_005E54A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FDD50	0_2_005FDD50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F8540	0_2_005F8540
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060FD50	0_2_0060FD50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FD560	0_2_005FD560
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F9500	0_2_005F9500
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E7D30	0_2_005E7D30
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EF530	0_2_005EF530
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EAD30	0_2_005EAD30
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_006135C0	0_2_006135C0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060F5D0	0_2_0060F5D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060EDB0	0_2_0060EDB0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E9580	0_2_005E9580
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060DD80	0_2_0060DD80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F55B0	0_2_005F55B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F7E50	0_2_005F7E50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E8640	0_2_005E8640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F6E40	0_2_005F6E40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E4660	0_2_005E4660
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00610620	0_2_00610620
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00609630	0_2_00609630
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FB630	0_2_005FB630
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F7620	0_2_005F7620
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F0E20	0_2_005F0E20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00611EF0	0_2_00611EF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F26F0	0_2_005F26F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F2E90	0_2_005F2E90
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0060B680	0_2_0060B680
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00608690	0_2_00608690
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00612E90	0_2_00612E90
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FC6A0	0_2_005FC6A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005FFF70	0_2_005FFF70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00609F00	0_2_00609F00
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EE730	0_2_005EE730
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F9720	0_2_005F9720
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E67D0	0_2_005E67D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E9FF0	0_2_005E9FF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005E1790	0_2_005E1790
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005F6790	0_2_005F6790
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_005EB780	0_2_005EB780
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0062E782	0_2_0062E782
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00600F80	0_2_00600F80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060F060	2_2_0060F060
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F4040	2_2_005F4040
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E6070	2_2_005E6070
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060A020	2_2_0060A020
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FC010	2_2_005FC010
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E1000	2_2_005E1000
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00613813	2_2_00613813
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FA820	2_2_005FA820
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F9020	2_2_005F9020
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_006100D0	2_2_006100D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E8090	2_2_005E8090
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F0890	2_2_005F0890
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E4080	2_2_005E4080
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060D080	2_2_0060D080
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00603890	2_2_00603890
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00611890	2_2_00611890
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E58A0	2_2_005E58A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FE0A0	2_2_005FE0A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00613160	2_2_00613160
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E4940	2_2_005E4940
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FC940	2_2_005FC940
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EE170	2_2_005EE170
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00612920	2_2_00612920
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00609100	2_2_00609100
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0062C908	2_2_0062C908
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00600110	2_2_00600110
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E31F0	2_2_005E31F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FB1E0	2_2_005FB1E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060F9B0	2_2_0060F9B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F6180	2_2_005F6180
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00608A50	2_2_00608A50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00616A54	2_2_00616A54
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00605220	2_2_00605220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00606A00	2_2_00606A00
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00608200	2_2_00608200
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00600A10	2_2_00600A10
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E5220	2_2_005E5220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E9220	2_2_005E9220
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060F2E0	2_2_0060F2E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EF2D0	2_2_005EF2D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F52C0	2_2_005F52C0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F4290	2_2_005F4290
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00609AB0	2_2_00609AB0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E2280	2_2_005E2280
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EEAA0	2_2_005EEAA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00601370	2_2_00601370
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E8340	2_2_005E8340
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060EB40	2_2_0060EB40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FFB70	2_2_005FFB70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00600350	2_2_00600350
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EC310	2_2_005EC310
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EB300	2_2_005EB300
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FF3D0	2_2_005FF3D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F73F0	2_2_005F73F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E6390	2_2_005E6390
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F3390	2_2_005F3390
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FABA0	2_2_005FABA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00605C60	2_2_00605C60
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00613477	2_2_00613477
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E2C40	2_2_005E2C40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FEC40	2_2_005FEC40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00608C40	2_2_00608C40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00608450	2_2_00608450
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00621420	2_2_00621420
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0061B41A	2_2_0061B41A
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E5C20	2_2_005E5C20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EE4C0	2_2_005EE4C0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F3CC0	2_2_005F3CC0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FCCE0	2_2_005FCCE0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F0490	2_2_005F0490
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E6C80	2_2_005E6C80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F6480	2_2_005F6480
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00605480	2_2_00605480
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00612480	2_2_00612480
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00613C90	2_2_00613C90
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E54A0	2_2_005E54A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FDD50	2_2_005FDD50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F8540	2_2_005F8540
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060FD50	2_2_0060FD50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FD560	2_2_005FD560
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F9500	2_2_005F9500
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E7D30	2_2_005E7D30
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EF530	2_2_005EF530
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EAD30	2_2_005EAD30
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_006135C0	2_2_006135C0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060F5D0	2_2_0060F5D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060EDB0	2_2_0060EDB0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E9580	2_2_005E9580
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060DD80	2_2_0060DD80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F55B0	2_2_005F55B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F7E50	2_2_005F7E50
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E8640	2_2_005E8640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E3640	2_2_005E3640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F6E40	2_2_005F6E40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E4660	2_2_005E4660
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00610620	2_2_00610620
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00609630	2_2_00609630
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FB630	2_2_005FB630
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F7620	2_2_005F7620
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F0E20	2_2_005F0E20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00611EF0	2_2_00611EF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F26F0	2_2_005F26F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F2E90	2_2_005F2E90
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0060B680	2_2_0060B680
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00608690	2_2_00608690
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00612E90	2_2_00612E90
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FC6A0	2_2_005FC6A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005FFF70	2_2_005FFF70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00609F00	2_2_00609F00
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EE730	2_2_005EE730
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F9720	2_2_005F9720
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E67D0	2_2_005E67D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E9FF0	2_2_005E9FF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005E1790	2_2_005E1790
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005F6790	2_2_005F6790
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_005EB780	2_2_005EB780
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0062E782	2_2_0062E782
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00600F80	2_2_00600F80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043805F	4_2_0043805F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040B860	4_2_0040B860
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044F060	4_2_0044F060
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004461D0	4_2_004461D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00417AC0	4_2_00417AC0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041CAA0	4_2_0041CAA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044E2B0	4_2_0044E2B0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00429320	4_2_00429320
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040D440	4_2_0040D440
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044FD20	4_2_0044FD20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00445E00	4_2_00445E00
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00421EC0	4_2_00421EC0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041BED0	4_2_0041BED0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00430EF0	4_2_00430EF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040E6A0	4_2_0040E6A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00415EA5	4_2_00415EA5
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042D782	4_2_0042D782
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00401040	4_2_00401040
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043B049	4_2_0043B049
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00420851	4_2_00420851
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044E850	4_2_0044E850
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040F870	4_2_0040F870
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00430070	4_2_00430070
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043E030	4_2_0043E030
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042E0D0	4_2_0042E0D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041209E	4_2_0041209E
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043D8A0	4_2_0043D8A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00425960	4_2_00425960
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00447960	4_2_00447960
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00441100	4_2_00441100
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043C91A	4_2_0043C91A
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00447120	4_2_00447120
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042C93A	4_2_0042C93A
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042A1D0	4_2_0042A1D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004219EE	4_2_004219EE
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043C1A8	4_2_0043C1A8
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00408A60	4_2_00408A60
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00432273	4_2_00432273
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041B210	4_2_0041B210
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040A230	4_2_0040A230
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00402AD0	4_2_00402AD0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004572E4	4_2_004572E4
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040BAF0	4_2_0040BAF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042134F	4_2_0042134F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00428350	4_2_00428350
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00434330	4_2_00434330
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00427B37	4_2_00427B37
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004413D0	4_2_004413D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043E3E0	4_2_0043E3E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004373E4	4_2_004373E4
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042D3BF	4_2_0042D3BF
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044EC40	4_2_0044EC40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041C444	4_2_0041C444
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00409450	4_2_00409450
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00430451	4_2_00430451
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D460	4_2_0044D460
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00443C6D	4_2_00443C6D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00433C00	4_2_00433C00
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042E422	4_2_0042E422
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00429C20	4_2_00429C20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004034D0	4_2_004034D0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004454E0	4_2_004454E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040C4F0	4_2_0040C4F0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043848D	4_2_0043848D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00423C9E	4_2_00423C9E
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00437CB9	4_2_00437CB9
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0040CD40	4_2_0040CD40
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00425D60	4_2_00425D60
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00407D70	4_2_00407D70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00440D70	4_2_00440D70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D570	4_2_0044D570
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043805F	4_2_0043805F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041FD10	4_2_0041FD10
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00416D20	4_2_00416D20
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00447DE2	4_2_00447DE2
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042DDF0	4_2_0042DDF0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00446D80	4_2_00446D80
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D589	4_2_0044D589
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D58B	4_2_0044D58B
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00402590	4_2_00402590
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004255A0	4_2_004255A0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044A640	4_2_0044A640
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00432E5D	4_2_00432E5D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0043266C	4_2_0043266C
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00403E70	4_2_00403E70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041EE70	4_2_0041EE70
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D608	4_2_0044D608
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00438E0F	4_2_00438E0F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044461C	4_2_0044461C
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00408ED0	4_2_00408ED0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_004316FF	4_2_004316FF
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00445740	4_2_00445740
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00404752	4_2_00404752
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041E75B	4_2_0041E75B
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044FF60	4_2_0044FF60
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0041F779	4_2_0041F779
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D730	4_2_0044D730
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0044D7E0	4_2_0044D7E0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00425FA0	4_2_00425FA0
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00410FB0	4_2_00410FB0

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: String function: 00624014 appears 34 times
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: String function: 00616F60 appears 102 times
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: String function: 0061F1CC appears 46 times
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: String function: 0041B200 appears 98 times
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: String function: 0040B230 appears 39 times

Source: SimpleLoader v2.1.exe1.exe

Static PE information: invalid certificate

Source: SimpleLoader v2.1.exe1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SimpleLoader v2.1.exe1.exe

Static PE information: Section: .bss ZLIB complexity 1.0003282335069446

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/0@2/2

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 4_2_004461D0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,

4_2_004461D0

Source: SimpleLoader v2.1.exe1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435011180.00000000038C4000.00000004.00000800.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456629075.00000000038B2000.00000004.00000800.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1435424942.00000000038A4000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: SimpleLoader v2.1.exe1.exe	Virustotal: Detection: 42%
Source: SimpleLoader v2.1.exe1.exe	ReversingLabs: Detection: 39%

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

File read: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: SimpleLoader v2.1.exe1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_006418C1 push ebp; iretd	0_2_006418C9
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0061711A push ecx; ret	0_2_0061712D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0061711A push ecx; ret	2_2_0061712D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00452859 push ebx; retf	4_2_0045285A
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00454422 push edi; retf	4_2_00454423
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_0042B48C push eax; retf	4_2_0042B48D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00455CB0 push cs; ret	4_2_00455C69
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00427569 push ebp; mov dword ptr [esp], ebx	4_2_0042756D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 4_2_00457FC2 push ebx; ret	4_2_00457FC3

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Window / User API: threadDelayed 5888

Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe TID: 5768	Thread sleep time: -180000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe TID: 6596	Thread sleep count: 5888 > 30			Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00628ECE FindFirstFileExW,	0_2_00628ECE
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00628F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00628F7F
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00628ECE FindFirstFileExW,	2_2_00628ECE
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00628F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00628F7F

Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571380014.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218386420.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1570795532.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1556652338.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000002.2609810835.000000000104C000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551661764.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218575506.000000000104B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456857433.00000000038D8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1456965442.00000000038CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1433741427.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571380014.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218386420.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1570795532.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1556652338.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000002.2609810835.000000000104C000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551661764.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218575506.000000000104B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWC

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 4_2_0044BB80 LdrInitializeThunk,

4_2_0044BB80

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 0_2_00616DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00616DE8

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 0_2_0063F1B4 mov edi, dword ptr fs:[00000030h]

0_2_0063F1B4

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 0_2_0062490C GetProcessHeap,

0_2_0062490C

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00616A2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00616A2C
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00616DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00616DE8
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_00616DDC SetUnhandledExceptionFilter,	0_2_00616DDC
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 0_2_0061EF1E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0061EF1E
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00616A2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00616A2C
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00616DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00616DE8
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_00616DDC SetUnhandledExceptionFilter,	2_2_00616DDC
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: 2_2_0061EF1E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0061EF1E

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 0_2_0063F1B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_0063F1B4

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Memory written: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Process created: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe "C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	0_2_006288F6
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	0_2_006288AB
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	0_2_006241F7
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0062899D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00628238
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	0_2_00628AA3
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	0_2_00623CFC
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	0_2_00628489
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00628524
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	0_2_00628777
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	0_2_006287D6
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	2_2_006288F6
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	2_2_006288AB
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	2_2_006241F7
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_0062899D
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_00628238
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	2_2_00628AA3
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	2_2_00623CFC
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	2_2_00628489
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_00628524
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: EnumSystemLocalesW,	2_2_00628777
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Code function: GetLocaleInfoW,	2_2_006287D6

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Code function: 0_2_00617827 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00617827

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: SimpleLoader v2.1.exe1.exe, 00000004.00000002.2609991669.00000000010A0000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571380014.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1570795532.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1571288821.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1556652338.0000000001049000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.2218298564.00000000010A0000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1595827243.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, SimpleLoader v2.1.exe1.exe, 00000004.00000003.1556652338.000000000103F000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: SimpleLoader v2.1.exe1.exe PID: 6680, type: MEMORYSTR
Source: Yara match	File source: 4.2.SimpleLoader v2.1.exe1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.SimpleLoader v2.1.exe1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2609424437.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1523351846.00000000010A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\walletsC
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551795829.00000000010A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "ez":"Jaxx Liberty"},{"en":"fihkakfobkmkjojpchpfgcmhfjnmnfpi","ez":"BitApp"}
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551795829.00000000010A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pfdialjgjfhomihkjbmgjidlcdno","ez":"ExodusWeb3"},{"en":"onhogfjeacnfoofkfgpp V
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1551817451.000000000101B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000003.1520215654.0000000001094000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: SimpleLoader v2.1.exe1.exe, 00000004.00000002.2609991669.00000000010A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN	Jump to behavior
Source: C:\Users\user\Desktop\SimpleLoader v2.1.exe1.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN	Jump to behavior

Source: Yara match	File source: 00000004.00000003.1520289258.0000000001049000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.1477891390.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.1520161620.000000000109D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.1551661764.0000000001049000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SimpleLoader v2.1.exe1.exe PID: 6680, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: SimpleLoader v2.1.exe1.exe PID: 6680, type: MEMORYSTR
Source: Yara match	File source: 4.2.SimpleLoader v2.1.exe1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.SimpleLoader v2.1.exe1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2609424437.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1370342630.0000000001147000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	211 Process Injection	21 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	211 Process Injection	LSASS Memory	241 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	41 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	3 Clipboard Data	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	11 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	33 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SimpleLoader v2.1.exe1.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SimpleLoader v2.1.exe1.exe