Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Analysis ID:1640008
MD5:27dcc01fa62df3ac9e746281f129c43c
SHA1:878baa90c3b0632b363ea0e8598bf875250904f2
SHA256:dca7e49fe03209028efb958b5aa2281205d3b2abfdc0c8e5eda4b4c9b8b0e973
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeReversingLabs: Detection: 50%
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeVirustotal: Detection: 35%Perma Link
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dllJump to behavior
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: F:\Jx22021\Autoupdate_goc\Autoupdate\Autoupdate\obj\Release\Autoupdate.pdb source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: global trafficTCP traffic: 192.168.2.4:62314 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 16 Mar 2025 20:22:15 GMTContent-Type: application/octet-streamContent-Length: 913408Connection: keep-aliveLast-Modified: Sat, 08 Mar 2025 12:34:55 GMTETag: "67cc396f-df000"Strict-Transport-Security: max-age=31536000Cache-Control: max-age=14400CF-Cache-Status: MISSAccept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IazBQxQJqMtOLBEcqWiUpyV%2ByzXMGP4O0FteRZMQ0n4sMm6PGls%2Bwmkn5XWn496at00J8h53%2FO8X1u88PV6KFlEON9SNWICBiLLUkynxbtFqSUFUfB7bpp%2B1FLf0I%2BI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9216f626dc5a23dd-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=76&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2b 5e 51 a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6c 0d 00 00 82 00 00 00 00 00 00 c2 8a 0d 00 00 20 00 00 00 a0 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0e 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6f 8a 0d 00 4f 00 00 00 00 a0 0d 00 68 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0e 00 0c 00 00 00 d4 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL+^Q"0l @ @@oOh
Source: global trafficHTTP traffic detected: GET /updategame/version.xml HTTP/1.1Host: jx2chiem.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /updategame/Autoupdate.exe HTTP/1.1Host: jx2chiem.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: global trafficHTTP traffic detected: GET /updategame/ HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: jx2chiem.comConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /updategame/ HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: jx2chiem.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /updategame/version.xml HTTP/1.1Host: jx2chiem.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /updategame/Autoupdate.exe HTTP/1.1Host: jx2chiem.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: jx2chiem.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 16 Mar 2025 20:20:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gPbs9J0xdIgLIp8%2FprdsbXa3vrbjzMq5iCXWkxoKrY6MDaxCO04qNRVOC%2BdSh5k6Y1fuzgI582q406FdLgU6lNfHwyOgn05THwIb7BuE8sO%2FhBLgGI8DGGs0YQVWSXk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9216f3223b940c84-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=326&delivery_rate=0&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 39 63 0d 0a ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a Data Ascii: f9cM0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002B73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeString found in binary or memory: http://jx2chiem.com/
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeString found in binary or memory: http://jx2chiem.com/updategame/
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/...
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/....
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B7A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/...b
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/...p~
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeString found in binary or memory: http://jx2chiem.com/updategame//
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B71F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/2q;
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/;
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/A
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeString found in binary or memory: http://jx2chiem.com/updategame/Autoupdate.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B6F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/B
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B5E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/H
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B5E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/R
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/a
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B71F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/iveEventndowsINetCookies
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B6F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/j
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B78F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/p
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B71F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/p://jx2chiem.com/updategame/y.IE5enths
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/p~
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2383812789.0000000000683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/updategame/...
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeString found in binary or memory: http://jx2chiem.com/updategame/version.xml
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/x
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B7A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jx2chiem.com/updategame/y
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B755000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeCode function: 0_2_00007FFC3DAB0F0A0_2_00007FFC3DAB0F0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeCode function: 0_2_00007FFC3DAB19FD0_2_00007FFC3DAB19FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeCode function: 0_2_00007FFC3DAB32D40_2_00007FFC3DAB32D4
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2386789485.000000001B590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameInterop.IWshRuntimeLibrary.dll vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.00000000028F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoupdate.exe6 vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.00000000028F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.00000000028F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: U,\\StringFileInfo\\000004B0\\OriginalFilename vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002B63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInterop.IWshRuntimeLibrary.dll vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000000.1134655506.00000000001EA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAutoupdate.exe6 vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeBinary or memory string: OriginalFilenameInterop.IWshRuntimeLibrary.dll vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeBinary or memory string: OriginalFilenameAutoupdate.exe6 vs SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal52.evad.winEXE@1/2@1/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeFile created: C:\Users\user\Desktop\AutoUpdate.lnkJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeReversingLabs: Detection: 50%
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeVirustotal: Detection: 35%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dllJump to behavior
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: F:\Jx22021\Autoupdate_goc\Autoupdate\Autoupdate\obj\Release\Autoupdate.pdb source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, Program.cs.Net Code: CurrentDomain_AssemblyResolve System.Reflection.Assembly.Load(byte[])
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: 0xA0515E2B [Fri Mar 26 15:18:03 2055 UTC]
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeStatic PE information: section name: .text entropy: 7.857548922885903
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMemory allocated: A40000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMemory allocated: 28F0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMemory allocated: 1A8F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMemory allocated: 1D850000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMemory allocated: 1F0D0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeWindow / User API: threadDelayed 7371Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe TID: 7488Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe TID: 7488Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B703000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B605000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B77B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media13
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture23
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials13
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe50%ReversingLabsWin32.Trojan.Generic
SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe36%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://jx2chiem.com/updategame/version.xml0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/...0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/A0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/....0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/H0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/;0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/...p~0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/B0%Avira URL Cloudsafe
http://jx2chiem.com0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/p~0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/2q;0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/p://jx2chiem.com/updategame/y.IE5enths0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/y0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/...b0%Avira URL Cloudsafe
http://jx2chiem.com/updategame//0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/x0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/p0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/j0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/iveEventndowsINetCookies0%Avira URL Cloudsafe
http://jx2chiem.com/0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/Autoupdate.exe0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/R0%Avira URL Cloudsafe
http://jx2chiem.com/updategame/updategame/...0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
jx2chiem.com
188.114.97.3
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://jx2chiem.com/updategame/version.xmlfalse
    • Avira URL Cloud: safe
    		unknown
    http://jx2chiem.com/updategame/false
    • Avira URL Cloud: safe
    		unknown
    http://jx2chiem.com/updategame/Autoupdate.exefalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.fontbureau.comSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.fontbureau.com/designersGSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.fontbureau.com/designers/?SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://jx2chiem.com/updategame/...p~SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://jx2chiem.com/updategame/....SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.fontbureau.com/designers?SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://jx2chiem.com/updategame/HSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B5E6000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://jx2chiem.comSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002B73000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://jx2chiem.com/updategame/BSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B6F0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://jx2chiem.com/updategame/...SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://jx2chiem.com/updategame/ASecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.tiro.comSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://jx2chiem.com/updategame/;SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://jx2chiem.com/updategame/p~SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designersSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://jx2chiem.com/updategame/2q;SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B71F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://jx2chiem.com/updategame/p://jx2chiem.com/updategame/y.IE5enthsSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B71F000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://jx2chiem.com/updategame/ySecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B7A8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://jx2chiem.com/updategame/xSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2384972366.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://jx2chiem.com/updategame/...bSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B7A8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.carterandcone.comlSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.sajatypeworks.comSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://jx2chiem.com/updategame//SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.typography.netDSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://jx2chiem.com/updategame/pSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B78F000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.founder.com.cn/cnSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://jx2chiem.com/updategame/jSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B6F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://jx2chiem.com/updategame/iveEventndowsINetCookiesSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B71F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers8SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://jx2chiem.com/updategame/aSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B797000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.fonts.comSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.urwpp.deDPleaseSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.zhongyicts.com.cnSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.sakkal.comSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2388755668.000000001CB02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://jx2chiem.com/SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exefalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://jx2chiem.com/updategame/RSecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2387054278.000000001B5E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://jx2chiem.com/updategame/updategame/...SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, 00000000.00000002.2383812789.0000000000683000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    188.114.97.3
                                                    		jx2chiem.comEuropean Union
                                                    		13335CLOUDFLARENETUSfalse

                                                    General Information

                                                    Joe Sandbox version:42.0.0 Malachite
                                                    Analysis ID:1640008
                                                    Start date and time:2025-03-16 21:19:15 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 4m 38s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:10
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    Detection:MAL
                                                    Classification:mal52.evad.winEXE@1/2@1/1
                                                    EGA Information:Failed
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 27
                                                    • Number of non-executed functions: 0
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 23.199.214.10, 20.12.23.50
                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                    • Execution Graph export aborted for target SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe, PID 7400 because it is empty
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    16:20:43API Interceptor204x Sleep call for process: SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    188.114.97.3finebi.exeGet hashmaliciousUnknownBrowse
                                                    • apiapi.mmkinskfn.xyz/jquery-3.3.1.min.js
                                                    Aramco requests.exeGet hashmaliciousFormBookBrowse
                                                    • www.shuangunder.shop/udq7/
                                                    UB BO 14-3-2025.exeGet hashmaliciousFormBookBrowse
                                                    • www.tether1.xyz/focp/?QHH0=0Vzp&ST=mXJHtAZSrcMVNAYe0Kfq2FJYJcD6dFMzhzcfA/LZkfgqhdihAxT3aslAf9nOYajIz7QizkjlvIUHcb1FopIoHD46K0qUy9lf5cyl621RCgAfM4tktgk7yEk=
                                                    http://track.durgonnews.com/go/WFl20S0IAq9-Rcp4p5aVNA2/Get hashmaliciousUnknownBrowse
                                                    • t1.prizepathonyourway.com/aff_c?offer_id=437&aff_id=1357&aff_sub=G312cvpharmshort
                                                    http://188.114.97.3Get hashmaliciousUnknownBrowse
                                                    • 188.114.97.3/favicon.ico
                                                    Circular No.12-7 Quotation.exeGet hashmaliciousFormBookBrowse
                                                    • www.shuangunder.shop/udq7/
                                                    http://sg-adh7.vv.885210.xyz/Get hashmaliciousUnknownBrowse
                                                    • sg-adh7.vv.885210.xyz/favicon.ico
                                                    http://caixadirectasecdigital.com/Get hashmaliciousHTMLPhisherBrowse
                                                    • caixadirectasecdigital.com/favicon.ico
                                                    PO NO 28950.exeGet hashmaliciousFormBookBrowse
                                                    • www.tether1.xyz/focp/
                                                    RFQ- Italy.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • www.xploitation.net/sqjz/

                                                    Domains

                                                    No context

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUSCloudServices.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                    • 104.21.64.1
                                                    Nitro-__-Gen.exeGet hashmaliciousDiscord Token Stealer, Hog Grabber, ItroublveBOT StealerBrowse
                                                    • 162.159.129.233
                                                    SpotifyStartupTask.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                    • 104.21.33.71
                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                    • 104.21.112.1
                                                    M6gQuZPvgY.exeGet hashmaliciousAmadey, LummaC Stealer, Mars Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                    • 172.67.172.37
                                                    Ogdu1MivyN.exeGet hashmaliciousDBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                    • 104.21.64.1
                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                    • 104.21.96.1
                                                    #Ud835#Udde6#Ud835#Uddd8#Ud835#Udde7#Ud835#Udde8#Ud835#Udde3.exeGet hashmaliciousUnknownBrowse
                                                    • 104.21.112.1
                                                    Fx_958689.lNk.lnkGet hashmaliciousUnknownBrowse
                                                    • 104.21.80.1
                                                    2PFebPN0qK.exeGet hashmaliciousLatrodectus, LummaC StealerBrowse
                                                    • 172.67.147.44

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\Desktop\AutoUpdate.lnk

                                                    Download File
                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Fri Mar 7 09:33:48 2025, mtime=Sun Mar 16 19:20:08 2025, atime=Sun Mar 16 19:20:07 2025, length=913408, window=hide
                                                    Category:dropped
                                                    Size (bytes):799
                                                    Entropy (8bit):5.020578985621297
                                                    Encrypted:false
                                                    SSDEEP:12:8R4sAvzYNbR1cLc+BraU0/mlDlta5jAuEZBaUm2RmFl0nBmV:8q90n1WPB0ul5ta9AJZBaO9nBm
                                                    MD5:3BE32DA877710953E410E604A3DA24EC
                                                    SHA1:4FCB51C1E8E389996AC55A3594F339DFF9568873
                                                    SHA-256:3D3948A6079DAE8F547549FF755146D43CA79CC745A08A74DF6657957026D61F
                                                    SHA-512:7E2678EFFD0960E68C86C306A5C9A6A1949146F79D6225B64B2A2F6EAA441C79E0EB5B2C1AFCCA79FB8E7BF589376078115795B241699771A6B154828107304A
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:L..................F.... ...u..iL..........2.:.................................P.O. .:i.....+00.:...:..,.LB.)...A&...&......-/.v.......lL....(.........2.....pZ.. .SECURI~1.EXE.........gZ9TpZ......m.......................o.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...D.r.o.p.p.e.r.X.-.g.e.n...2.4.2.8.6...1.0.7.9...e.x.e.......x...............-.......w..............\.....C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe....A.u.t.o.U.p.d.a.t.e.4...\.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...D.r.o.p.p.e.r.X.-.g.e.n...2.4.2.8.6...1.0.7.9...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.D.e.s.k.t.o.p.`.......X.......651689...........hT..CrF.f4... .[)p?....0.......hT..CrF.f4... .[)p?....0......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                    C:\Users\user\Desktop\version.xml

                                                    Download File
                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):490
                                                    Entropy (8bit):5.310113877151285
                                                    Encrypted:false
                                                    SSDEEP:12:MMHd/8iPiDmSg3+lb1VvCvDzDmSSuTlsBYWDZJBuA/Yzizs:Jd/8J6uhuDC0o1JBPkOs
                                                    MD5:B177BE3C876FC493AABFE6C6A4D3F666
                                                    SHA1:455B88B05485BD0EA2017148C97895BFDB1A821C
                                                    SHA-256:89324F94B4862A0820BE36237AF768C07688DD8BF98BBD456547BD8CA0BB2C4E
                                                    SHA-512:7265739013693477C83E52269403D93E726B269226C93A361146C31B89477C028E9D076FC766AAFA62BD00F974B742F09633C4353A684A67BF860D16F2C43B8F
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Autoupdate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">.. <Item>.. <Path>Autoupdate.exe</Path>.. <Link>Autoupdate.exe</Link>.. <Hash>27dcc01fa62df3ac9e746281f129c43c</Hash>.. <Size>913408</Size>.. </Item>.. <Item>.. <Path>so2game.exe</Path>.. <Link>so2game.exe</Link>.. <Hash>8ea5ff2cc88f5c0fc18fbdfe540c1ae6</Hash>.. <Size>4880384</Size>.. </Item>..</Autoupdate>

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.8480711862869
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    File size:913'408 bytes
                                                    MD5:27dcc01fa62df3ac9e746281f129c43c
                                                    SHA1:878baa90c3b0632b363ea0e8598bf875250904f2
                                                    SHA256:dca7e49fe03209028efb958b5aa2281205d3b2abfdc0c8e5eda4b4c9b8b0e973
                                                    SHA512:4e6522dc5672b7a0b4163ffb05c392c36be586cbfa6c0f1b11cd22f0b40f9bee9b56a12785ec70f1691a68cb7056a59fe81f1c2c88f44bcce1ccf39e1f7ca393
                                                    SSDEEP:24576:+1bWLbWRbWm64B8O3EuYExhRZPvM5UWhgPUDg5/yZzWijxY52KbNy:7WAmXl7RQjiKZzWiju52y
                                                    TLSH:A11512D67679580BC9AD07B0463569C053F2D3161E2ACFCC6CAD638E1F633509B826A7
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+^Q..........."...0..l............... ........@.. .......................@............@................................

                                                    File Icon

                                                    Icon Hash:9f3b5b53b7d35b0d

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4d8ac2
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0xA0515E2B [Fri Mar 26 15:18:03 2055 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xd8a6f0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xda0000x7f68.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe20000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xd89d40x38.text
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000xd6ac80xd6c00eb13e1c48946bc216463e14ec171e3b6False0.8823975462019791data7.857548922885903IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0xda0000x7f680x800056686f02a84e331729f7d062fe15f3e8False0.822784423828125data7.567976561632237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xe20000xc0x20063fcfabe87de2e984aef3f05aaa010c8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0xda1600x4048Device independent bitmap graphic, 72 x 144 x 24, image size 164160.9261059795819154
                                                    RT_ICON0xde1b80x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 72960.9419302071973827
                                                    RT_ICON0xdfe700xca8Device independent bitmap graphic, 32 x 64 x 24, image size 32000.587037037037037
                                                    RT_ICON0xe0b280x368Device independent bitmap graphic, 16 x 32 x 24, image size 8320.948394495412844
                                                    RT_GROUP_ICON0xe0ea00x3edata0.8225806451612904
                                                    RT_VERSION0xe0ef00x32cdata0.4211822660098522
                                                    RT_MANIFEST0xe122c0xd36XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38911886457717326

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Version Infos

                                                    DescriptionData
                                                    Translation0x0000 0x04b0
                                                    Comments
                                                    CompanyName
                                                    FileDescriptionAutoupdate
                                                    FileVersion1.0.0.0
                                                    InternalNameAutoupdate.exe
                                                    LegalCopyrightCopyright 2021
                                                    LegalTrademarks
                                                    OriginalFilenameAutoupdate.exe
                                                    ProductNameAutoupdate
                                                    ProductVersion1.0.0.0
                                                    Assembly Version1.0.0.0

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 16, 2025 21:20:10.812271118 CET4971980192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:10.817054987 CET8049719188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:10.817147017 CET4971980192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:10.818866968 CET4971980192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:10.823584080 CET8049719188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:10.871722937 CET4972080192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:10.876435995 CET8049720188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:10.876523018 CET4972080192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:10.888819933 CET4972080192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:10.893443108 CET8049720188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:11.843096018 CET8049719188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:11.843192101 CET4971980192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:11.902826071 CET8049720188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:11.902842045 CET8049720188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:11.902909040 CET4972080192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:11.979618073 CET8049719188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:20:11.980940104 CET4971980192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:20:28.152518988 CET6231453192.168.2.41.1.1.1
                                                    Mar 16, 2025 21:20:28.157182932 CET53623141.1.1.1192.168.2.4
                                                    Mar 16, 2025 21:20:28.157275915 CET6231453192.168.2.41.1.1.1
                                                    Mar 16, 2025 21:20:28.162201881 CET53623141.1.1.1192.168.2.4
                                                    Mar 16, 2025 21:20:28.604614973 CET6231453192.168.2.41.1.1.1
                                                    Mar 16, 2025 21:20:28.611340046 CET53623141.1.1.1192.168.2.4
                                                    Mar 16, 2025 21:20:28.611402988 CET6231453192.168.2.41.1.1.1
                                                    Mar 16, 2025 21:21:51.929416895 CET4972080192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:21:51.934499025 CET8049720188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:21:51.934670925 CET4972080192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:14.449954987 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:14.454751015 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:14.454824924 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:14.460292101 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:14.464973927 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001796961 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001815081 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001825094 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001837015 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001868010 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.001873970 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001914024 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.001955032 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001965046 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001982927 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.001995087 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.002001047 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.002006054 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.002029896 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.002049923 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.006642103 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.006670952 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.006680965 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.006690979 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.006747007 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.011126041 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.051574945 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.088629007 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.088643074 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.088655949 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.088665962 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.088697910 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.088726044 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.093275070 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.093286991 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.093296051 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.093307018 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.093317986 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.093343973 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.093373060 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.097862005 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.097875118 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.097887039 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.097909927 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.097925901 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.097939968 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.097965956 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.102436066 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.102447987 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.102492094 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.246085882 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246099949 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246118069 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246139050 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246150017 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246160030 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246162891 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.246172905 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.246191978 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.246217012 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.247339964 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247386932 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.247392893 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247419119 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247431993 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247442961 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247453928 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247461081 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.247478008 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.247505903 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247519016 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247529984 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247540951 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247553110 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.247555017 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.247575998 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.247603893 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.248045921 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248064995 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248075962 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248087883 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248100042 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248115063 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.248128891 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.248660088 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248671055 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248691082 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248702049 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248708963 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.248718977 CET8062316188.114.97.3192.168.2.4
                                                    Mar 16, 2025 21:22:16.248733044 CET6231680192.168.2.4188.114.97.3
                                                    Mar 16, 2025 21:22:16.248756886 CET6231680192.168.2.4188.114.97.3

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 16, 2025 21:20:10.765662909 CET5396553192.168.2.41.1.1.1
                                                    Mar 16, 2025 21:20:10.789850950 CET53539651.1.1.1192.168.2.4
                                                    Mar 16, 2025 21:20:28.152076006 CET53524401.1.1.1192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Mar 16, 2025 21:20:10.765662909 CET192.168.2.41.1.1.10x1bf5Standard query (0)jx2chiem.comA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Mar 16, 2025 21:20:10.789850950 CET1.1.1.1192.168.2.40x1bf5No error (0)jx2chiem.com188.114.97.3A (IP address)IN (0x0001)false
                                                    Mar 16, 2025 21:20:10.789850950 CET1.1.1.1192.168.2.40x1bf5No error (0)jx2chiem.com188.114.96.3A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • jx2chiem.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.449719188.114.97.3807400C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    TimestampBytes transferredDirectionData
                                                    Mar 16, 2025 21:20:10.818866968 CET326OUTGET /updategame/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-CH
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                    Host: jx2chiem.com
                                                    Connection: Keep-Alive
                                                    Mar 16, 2025 21:20:11.843096018 CET975INHTTP/1.1 403 Forbidden
                                                    Date: Sun, 16 Mar 2025 20:20:11 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    cf-cache-status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gPbs9J0xdIgLIp8%2FprdsbXa3vrbjzMq5iCXWkxoKrY6MDaxCO04qNRVOC%2BdSh5k6Y1fuzgI582q406FdLgU6lNfHwyOgn05THwIb7BuE8sO%2FhBLgGI8DGGs0YQVWSXk%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 9216f3223b940c84-EWR
                                                    Content-Encoding: gzip
                                                    alt-svc: h3=":443"; ma=86400
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=326&delivery_rate=0&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                    Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 39 63 0d 0a ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a
                                                    Data Ascii: f9cM0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$
                                                    Mar 16, 2025 21:20:11.979618073 CET5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.449720188.114.97.3807400C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    TimestampBytes transferredDirectionData
                                                    Mar 16, 2025 21:20:10.888819933 CET84OUTGET /updategame/version.xml HTTP/1.1
                                                    Host: jx2chiem.com
                                                    Connection: Keep-Alive
                                                    Mar 16, 2025 21:20:11.902826071 CET1236INHTTP/1.1 200 OK
                                                    Date: Sun, 16 Mar 2025 20:20:11 GMT
                                                    Content-Type: text/xml
                                                    Content-Length: 490
                                                    Connection: keep-alive
                                                    Last-Modified: Sat, 08 Mar 2025 12:34:54 GMT
                                                    ETag: "67cc396e-1ea"
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-Ranges: bytes
                                                    cf-cache-status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=em%2Bk8cOMESZeygjY8eFMys%2Fibtr%2BAf0mfIPoK1uZSn6CpsJ3Qvn0mt2M%2Bu24j74VrGyJjsRmICzxgWskVtd%2FLX7nfx7b%2BLYNFn7vzND%2BATVoqCZPAmVT%2Bq%2B%2BTRkgcEI%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 9216f322a97ac4fb-EWR
                                                    alt-svc: h3=":443"; ma=86400
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1948&min_rtt=1948&rtt_var=974&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=84&delivery_rate=0&cwnd=81&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                    Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 41 75 74 6f 75 70 64 61 74 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 3e 0d 0a 20 20 3c 49 74 65 6d 3e 0d 0a 20 20 20 20 3c 50 61 74 68 3e 41 75 74 6f 75 70 64 61 74 65 2e 65 78 65 3c 2f 50 61 74 68 3e 0d 0a 20 20 20 20 3c 4c 69 6e 6b 3e 41 75 74 6f 75 70 64 61 74 65 2e 65 78 65 3c 2f 4c 69 6e 6b 3e 0d 0a 20 20 20 20 3c 48 61 73 68 3e 32 37 64 63 63 30 31 66 61 36 32 64 66 33 61 63 39 65 37 34 36 32 38 31 66 31 32 39 63 34 33 63 3c 2f 48 61 73 68 3e 0d 0a 20 20 20 20 3c 53 69 7a 65 3e 39 31 33 34 30 38 3c 2f 53 69 7a 65 3e 0d 0a 20 20 3c 2f 49 74 65 6d 3e 0d 0a 20 20 3c 49 74 65 6d 3e 0d 0a 20 20 20 20 3c 50
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><Autoupdate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <Item> <Path>Autoupdate.exe</Path> <Link>Autoupdate.exe</Link> <Hash>27dcc01fa62df3ac9e746281f129c43c</Hash> <Size>913408</Size> </Item> <Item> <P
                                                    Mar 16, 2025 21:20:11.902842045 CET155INData Raw: 61 74 68 3e 73 6f 32 67 61 6d 65 2e 65 78 65 3c 2f 50 61 74 68 3e 0d 0a 20 20 20 20 3c 4c 69 6e 6b 3e 73 6f 32 67 61 6d 65 2e 65 78 65 3c 2f 4c 69 6e 6b 3e 0d 0a 20 20 20 20 3c 48 61 73 68 3e 38 65 61 35 66 66 32 63 63 38 38 66 35 63 30 66 63 31
                                                    Data Ascii: ath>so2game.exe</Path> <Link>so2game.exe</Link> <Hash>8ea5ff2cc88f5c0fc18fbdfe540c1ae6</Hash> <Size>4880384</Size> </Item></Autoupdate>


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    2192.168.2.462316188.114.97.380
                                                    TimestampBytes transferredDirectionData
                                                    Mar 16, 2025 21:22:14.460292101 CET87OUTGET /updategame/Autoupdate.exe HTTP/1.1
                                                    Host: jx2chiem.com
                                                    Connection: Keep-Alive
                                                    Mar 16, 2025 21:22:16.001796961 CET1236INHTTP/1.1 200 OK
                                                    Date: Sun, 16 Mar 2025 20:22:15 GMT
                                                    Content-Type: application/octet-stream
                                                    Content-Length: 913408
                                                    Connection: keep-alive
                                                    Last-Modified: Sat, 08 Mar 2025 12:34:55 GMT
                                                    ETag: "67cc396f-df000"
                                                    Strict-Transport-Security: max-age=31536000
                                                    Cache-Control: max-age=14400
                                                    CF-Cache-Status: MISS
                                                    Accept-Ranges: bytes
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IazBQxQJqMtOLBEcqWiUpyV%2ByzXMGP4O0FteRZMQ0n4sMm6PGls%2Bwmkn5XWn496at00J8h53%2FO8X1u88PV6KFlEON9SNWICBiLLUkynxbtFqSUFUfB7bpp%2B1FLf0I%2BI%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 9216f626dc5a23dd-EWR
                                                    alt-svc: h3=":443"; ma=86400
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=76&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2b 5e 51 a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6c 0d 00 00 82 00 00 00 00 00 00 c2 8a 0d 00 00 20 00 00 00 a0 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0e 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6f 8a 0d 00 4f 00 00 00 00 a0 0d 00 68 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0e 00 0c 00 00 00 d4
                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL+^Q"0l @ @@oOh
                                                    Mar 16, 2025 21:22:16.001815081 CET224INData Raw: 89 0d 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65
                                                    Data Ascii: 8 H.textj l `.rsrchn@@.reloc @BH
                                                    Mar 16, 2025 21:22:16.001825094 CET1236INData Raw: 00 00 00 02 00 05 00 00 6f 00 00 6c 5f 00 00 01 00 00 00 5f 00 00 06 6c ce 00 00 68 bb 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3a 02 28 15 00 00 0a 02 03 7d 01
                                                    Data Ascii: ol__lh:(}*Vo{(&*0+ srp {(&o*{*"}*B((o*0}rp}rp}
                                                    Mar 16, 2025 21:22:16.001837015 CET224INData Raw: 00 00 06 72 5d 00 00 70 04 28 47 00 00 0a 0b 07 28 4b 00 00 0a 0c 08 28 4c 00 00 0a 2d 07 08 28 4d 00 00 0a 26 02 7b 09 00 00 04 03 73 40 00 00 0a 07 6f 4e 00 00 0a 2a 00 00 00 13 30 04 00 73 00 00 00 06 00 00 11 02 04 6f 4f 00 00 0a 28 0c 00 00
                                                    Data Ascii: r]p(G(K(L-(M&{s@oN*0soO({rap{()o7{oP(rwp(Go7oPdjZoO[l(Q{ioR*0S{rpo7oS,
                                                    Mar 16, 2025 21:22:16.001873970 CET1236INData Raw: 6f 53 00 00 0a 7a 02 7b 19 00 00 04 16 6f 3b 00 00 0a 02 28 83 00 00 06 6f 96 00 00 06 28 83 00 00 06 6f 98 00 00 06 19 28 0f 00 00 06 de 0a 0a 02 06 28 2e 00 00 06 de 00 2a 00 01 10 00 00 00 00 00 00 48 48 00 0a 24 00 00 01 1b 30 04 00 82 00 00
                                                    Data Ascii: oSz{o;(o(o((.*HH$0{rpo7oS,oSz(o(o("(1(?(o("(1(T,(A{oU(.*ww$0f
                                                    Mar 16, 2025 21:22:16.001955032 CET224INData Raw: 00 0a 6f 39 00 00 0a 02 7b 1a 00 00 04 28 79 00 00 06 6f 21 00 00 0a 02 28 83 00 00 06 6f 9c 00 00 06 28 35 00 00 06 2a 86 02 7b 1a 00 00 04 28 38 00 00 0a 6f 39 00 00 0a 02 7b 1a 00 00 04 28 79 00 00 06 6f 21 00 00 0a 2a 86 02 7b 1a 00 00 04 28
                                                    Data Ascii: o9{(yo!(o(5*{(8o9{(yo!*{(8o9{(xo!*}|ob(c|od(e*0G{,>of(g(h|(hY(i|(iYs
                                                    Mar 16, 2025 21:22:16.001965046 CET1236INData Raw: 6a 00 00 0a 28 6b 00 00 0a 2a 22 02 16 7d 02 00 00 04 2a 36 02 28 2d 00 00 06 02 28 6c 00 00 0a 2a 00 00 13 30 04 00 9a 00 00 00 0b 00 00 11 02 73 1b 00 00 0a 7d 0b 00 00 04 02 7b 11 00 00 04 72 e7 00 00 70 6f 37 00 00 0a 02 7b 12 00 00 04 72 21
                                                    Data Ascii: j(k*"}*6(-(l*0s}{rpo7{r!po7{rpo7}{(j%}}}{oR{oR(o(o(*0x{r[po7{rpo
                                                    Mar 16, 2025 21:22:16.001982927 CET1236INData Raw: 00 0a 0a 02 7b 0b 00 00 04 02 7b 0c 00 00 04 6f 5a 00 00 0a 6f 5b 00 00 0a 17 6f 5c 00 00 0a 6f 5d 00 00 0a 6f 5e 00 00 0a 0b 02 7b 11 00 00 04 72 7f 02 00 70 6f 37 00 00 0a 02 28 83 00 00 06 6f 88 00 00 06 07 28 29 00 00 0a 06 18 28 0f 00 00 06
                                                    Data Ascii: {{oZo[o\o]o^{rpo7(o()({X}*(/*0C(#-rprp(G(~&*s%oo%ooo&*6{%o*:((*(a*{(8o9{
                                                    Mar 16, 2025 21:22:16.001995087 CET1236INData Raw: 04 02 73 9b 00 00 0a 7d 22 00 00 04 02 73 9b 00 00 0a 7d 23 00 00 04 02 73 9c 00 00 0a 7d 1b 00 00 04 02 73 9c 00 00 0a 7d 1c 00 00 04 02 73 9b 00 00 0a 7d 1a 00 00 04 02 73 9b 00 00 0a 7d 1d 00 00 04 02 73 9b 00 00 0a 7d 19 00 00 04 02 73 9b 00
                                                    Data Ascii: s}"s}#s}s}s}s}s}s}$s}s}s}s}s}s}s}%{o({3so{2so{4s
                                                    Mar 16, 2025 21:22:16.002006054 CET672INData Raw: 02 7b 20 00 00 04 72 b2 03 00 70 6f b8 00 00 0a 02 7b 20 00 00 04 1f 3b 1f 16 73 b9 00 00 0a 6f ba 00 00 0a 02 7b 20 00 00 04 1f 25 6f bb 00 00 0a 02 7b 20 00 00 04 16 6f c8 00 00 0a 02 7b 20 00 00 04 16 6f c9 00 00 0a 02 7b 20 00 00 04 16 6f ca
                                                    Data Ascii: { rpo{ ;so{ %o{ o{ o{ o{ Jso{ Lso{ Kso{!(8o9{!(to!{!o{!o{!(o{!oo
                                                    Mar 16, 2025 21:22:16.006642103 CET1236INData Raw: 04 20 84 01 00 00 20 0a 01 00 00 73 6a 00 00 0a 6f b7 00 00 0a 02 7b 1f 00 00 04 72 de 03 00 70 6f b8 00 00 0a 02 7b 1f 00 00 04 1f 3b 1f 16 73 b9 00 00 0a 6f ba 00 00 0a 02 7b 1f 00 00 04 1f 23 6f bb 00 00 0a 02 7b 1f 00 00 04 16 6f c8 00 00 0a
                                                    Data Ascii: sjo{rpo{;so{#o{o{o{o{Fso{Hso{Gso{(8o9{(o!{o{o{(o


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:16:20:08
                                                    Start date:16/03/2025
                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.DropperX-gen.24286.1079.exe"
                                                    Imagebase:0x110000
                                                    File size:913'408 bytes
                                                    MD5 hash:27DCC01FA62DF3AC9E746281F129C43C
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:false

                                                    Disassembly

                                                    Reset < >

                                                      Executed Functions

                                                      Function 00007FFC3DAB32D4 Relevance: 2.5, Instructions: 2485COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 323ff370a09d2b6927dd5dff445fef523e1523d4de4315d11c78eee6ba90153a
                                                      • Instruction ID: 0a195665780904725dea1ced91ed3f794c2ece426c22d2516605f72d5552bdc6
                                                      • Opcode Fuzzy Hash: 323ff370a09d2b6927dd5dff445fef523e1523d4de4315d11c78eee6ba90153a
                                                      • Instruction Fuzzy Hash: 78135F30618A8D8FEBA5EF28C495BE97BE1FF99300F5404BAD04EC7292DE34A945C751
                                                      Function 00007FFC3DAB19FD Relevance: 1.6, Instructions: 1623COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8fad7d0a8846eed868bb1bbef3782cfab1c5d683b3ae7b46af096f37e1e9fb8
                                                      • Instruction ID: af5d76004703ac963de04842de6a91d40a37c4c32993ed0b6870dace3c286d14
                                                      • Opcode Fuzzy Hash: b8fad7d0a8846eed868bb1bbef3782cfab1c5d683b3ae7b46af096f37e1e9fb8
                                                      • Instruction Fuzzy Hash: BED25F3061CA8D8FEBA5EB28C499BE97BD1FF99300F5404BAD44EC7292DE34A945C741
                                                      Function 00007FFC3DAB0F0A Relevance: 1.0, Instructions: 983COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6333a5c60392f1121666de92f0c87df7331d5a76eda29e1924495b231fdca150
                                                      • Instruction ID: 271dcf972b092812b2d9b620c6f817ee954dfdc36bcb553b3cc7c59c2d0c2cbe
                                                      • Opcode Fuzzy Hash: 6333a5c60392f1121666de92f0c87df7331d5a76eda29e1924495b231fdca150
                                                      • Instruction Fuzzy Hash: 62725030A0CA8D4FEBA5EB28C498BE97BD1EF99300F1401B9D44ECB297DE34A945C751
                                                      Function 00007FFC3DAB04D8 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9
                                                      • API String ID: 0-2366072709
                                                      • Opcode ID: c78ed0fb5b1b860fd3eaf8f53fc07d1eb90470dd137e6ca0922f2b4955a58d22
                                                      • Instruction ID: 16592a3acfa79f60598905b7a985b6f09f3110a43e49d85915008ffd8ccc311d
                                                      • Opcode Fuzzy Hash: c78ed0fb5b1b860fd3eaf8f53fc07d1eb90470dd137e6ca0922f2b4955a58d22
                                                      • Instruction Fuzzy Hash: 8371B421B0DA9D0FE796E72C44556797BD2EF9A340B5500FAD04DC72A7ED28AC05C362
                                                      Function 00007FFC3DAB4EEB Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9
                                                      • API String ID: 0-2366072709
                                                      • Opcode ID: dd81118890f5ec32e9789667a83c7d55f19045fee78c3f68c722ed77d3af48d5
                                                      • Instruction ID: e5fb56c9181a9845477914c3ddc9abce7daf85fba0f0c5f90b93c91438998946
                                                      • Opcode Fuzzy Hash: dd81118890f5ec32e9789667a83c7d55f19045fee78c3f68c722ed77d3af48d5
                                                      • Instruction Fuzzy Hash: D111364090E3C84FEB47A7789865A947FB19F57254B5E00EBD0C9CF0B3E9698D4AC322
                                                      Function 00007FFC3DAB502A Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9
                                                      • API String ID: 0-2366072709
                                                      • Opcode ID: 430adf566d1e77c8bc09d81d3ccc6d9b221a14425c779995794775be86a206a3
                                                      • Instruction ID: f08a6b67d4ed1b4ab21ebdcf16bc5cc6ff879f5cef9348b4b01211a7cd49545d
                                                      • Opcode Fuzzy Hash: 430adf566d1e77c8bc09d81d3ccc6d9b221a14425c779995794775be86a206a3
                                                      • Instruction Fuzzy Hash: CF01DE5190E7CD0FDB57A7389858A147FA19F17294F1A40EAD088CF1F3E9588C4AC322
                                                      Function 00007FFC3DAB50A5 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9
                                                      • API String ID: 0-2366072709
                                                      • Opcode ID: 63d8b0a6c8d5b5a76a7511f64dab87bb99bc0eec41abd20eb890dbff27f7d7d4
                                                      • Instruction ID: 955ea6ff36483ea2be94f9af87e61dbfea7b73bd406f05101c162e2072216b22
                                                      • Opcode Fuzzy Hash: 63d8b0a6c8d5b5a76a7511f64dab87bb99bc0eec41abd20eb890dbff27f7d7d4
                                                      • Instruction Fuzzy Hash: 92016D5190E7C80FD747A7389954A147FB09F57244B5A00EBD088CF1F7E8599D89C322
                                                      Function 00007FFC3DAB52D5 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9
                                                      • API String ID: 0-2366072709
                                                      • Opcode ID: 5397f542d1090a3d5697c82e68555f6a52a419b35f1642ca42b8e6b1a3199e46
                                                      • Instruction ID: 480102f014c8b5bafb922936aaae838d4f728844fa23c84e45c64b3da0336461
                                                      • Opcode Fuzzy Hash: 5397f542d1090a3d5697c82e68555f6a52a419b35f1642ca42b8e6b1a3199e46
                                                      • Instruction Fuzzy Hash: 6E01819190E7C80FDB47A7389864A147FB09F57244B5A00EBD088CF1F7E9599D49C323
                                                      Function 00007FFC3DAB5209 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 9
                                                      • API String ID: 0-2366072709
                                                      • Opcode ID: ffaa673996c7bbbb92888d4b5ca10825591c91679f2079a49e88323531f55fb0
                                                      • Instruction ID: 254bc909d58a84d42c697081c6c45c09c116dba677a803ba8d5f54b5169db9f0
                                                      • Opcode Fuzzy Hash: ffaa673996c7bbbb92888d4b5ca10825591c91679f2079a49e88323531f55fb0
                                                      • Instruction Fuzzy Hash: C6F09051A0D7CC0FDB96E73888449187FA0DF56284B5900EAD048CB1B7E9689D89C322
                                                      Function 00007FFC3DAB2C96 Relevance: .5, Instructions: 525COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7bb7ae4c5d39ac5d0ac718cff6c4e5e7f5978c876a69bceb38a11a2c151e65f3
                                                      • Instruction ID: 6f6edc1f59fbb9017dde1f336e9ff211e9a9364a501c97aa25c6cbe5edd1ebca
                                                      • Opcode Fuzzy Hash: 7bb7ae4c5d39ac5d0ac718cff6c4e5e7f5978c876a69bceb38a11a2c151e65f3
                                                      • Instruction Fuzzy Hash: 17124030618A8D8FEBA5EF28C494BE977E1FF99300F5445B9D04ECB292DE34A945CB41
                                                      Function 00007FFC3DAB687A Relevance: .3, Instructions: 348COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8aa799798ec0b34f01b5ce472686d31b772d7dbe25227ae0c9013c442c43e21
                                                      • Instruction ID: 785b59676afc2b14eb2bdab7d097a5c679a93232429d2eea651f3b8056c2d8da
                                                      • Opcode Fuzzy Hash: e8aa799798ec0b34f01b5ce472686d31b772d7dbe25227ae0c9013c442c43e21
                                                      • Instruction Fuzzy Hash: F1A1D261B0DB9E4FEF95A66844566787BD2EF99240B1800BED04DCB2D7ED28AC06C352
                                                      Function 00007FFC3DAB01DE Relevance: .3, Instructions: 271COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 87ca7fede1b5405541b2e904036008c84a7c2e94f8cb3ca60a8ae98d37d4e95d
                                                      • Instruction ID: 4327eba5a8b34d0e78ada82ab7adb354fa0f5b4ac6d4a0e0b1ae2e4e43c3933f
                                                      • Opcode Fuzzy Hash: 87ca7fede1b5405541b2e904036008c84a7c2e94f8cb3ca60a8ae98d37d4e95d
                                                      • Instruction Fuzzy Hash: C771A041A1DBDD0FE75A633848656687FA1AF8B341F8500FAE089CB2E3ED189D09D365
                                                      Function 00007FFC3DAB63A2 Relevance: .3, Instructions: 260COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9cf207a4d194a6908a03496fb69a6086475a95f0fd4da5c9068d90ca821a62b0
                                                      • Instruction ID: 5c544421841b937b223b02551179988cfba8ef8217a4a7509d2312d451e02506
                                                      • Opcode Fuzzy Hash: 9cf207a4d194a6908a03496fb69a6086475a95f0fd4da5c9068d90ca821a62b0
                                                      • Instruction Fuzzy Hash: 1B91007050CB488FDBA5EF28C498BA677E0FFA9301F14096ED48DC7252DB349945CB51
                                                      Function 00007FFC3DAB0C9E Relevance: .2, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ab7e3130740a595a6b8cd2c24dd2e88d94dacbf555c4b16da0212a2a2c18ab1
                                                      • Instruction ID: 2d49a270e1a1da7137b18254d561ea47276ec0b4c265518f3a717394adf19000
                                                      • Opcode Fuzzy Hash: 6ab7e3130740a595a6b8cd2c24dd2e88d94dacbf555c4b16da0212a2a2c18ab1
                                                      • Instruction Fuzzy Hash: 6D713F41B1CF6E0FEEE9FB68049527C58C2AF89281B8544BDD45FE72DBFC1C28159226
                                                      Function 00007FFC3DAB60BD Relevance: .2, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5d89a399911d7cc38ec954116d03ad6c8a468394cfe95591daf76a9d6d68bb64
                                                      • Instruction ID: 1420b59d056b5da6163790a06b154b5a2904bcb41b3c13772115fc27fb3a09fb
                                                      • Opcode Fuzzy Hash: 5d89a399911d7cc38ec954116d03ad6c8a468394cfe95591daf76a9d6d68bb64
                                                      • Instruction Fuzzy Hash: 9C518261B1CA9A4FFB95EB3840553B9BBD2AF89304F5404B9E08EC72D3EF686941C351
                                                      Function 00007FFC3DAB568D Relevance: .2, Instructions: 150COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c5f40fa9c250ab67b94cdd5d59871250573bae05c0fbbe6ee6918124685b442
                                                      • Instruction ID: a8a9a5a0a2f8d3020d7aeef619a18315bace59bd1786caa49f0fd44d5f73c4b5
                                                      • Opcode Fuzzy Hash: 2c5f40fa9c250ab67b94cdd5d59871250573bae05c0fbbe6ee6918124685b442
                                                      • Instruction Fuzzy Hash: 36410792B0EBCD4FEB86D76848596657FE1DF56240B1A00FBD04DCB1E3E9589C4AC312
                                                      Function 00007FFC3DAB009B Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2235d25e6a89513aca956177477f42ecdc8e971a8766b0efe5fd7c45579d74c6
                                                      • Instruction ID: 1da8dbaccfcfc97f8059c4d6a138abaae8c352dd5a9d7da48e73778c022020d7
                                                      • Opcode Fuzzy Hash: 2235d25e6a89513aca956177477f42ecdc8e971a8766b0efe5fd7c45579d74c6
                                                      • Instruction Fuzzy Hash: CB31CE41E1E7AE1EF756A2384C655387EA1DF4B240B0900FAD149CB1E3ED1CA819C233
                                                      Function 00007FFC3DAB66C1 Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dab04de546daeeac6eceda02cf45b2358322bea069edf7ed6eb02e6587682ce4
                                                      • Instruction ID: 1b0ff4dee0ab186ca5b1da339f7aca1feeda786f4c824ee94d66cf01d59da876
                                                      • Opcode Fuzzy Hash: dab04de546daeeac6eceda02cf45b2358322bea069edf7ed6eb02e6587682ce4
                                                      • Instruction Fuzzy Hash: AD41B37070CB999FDB8ADB288498B54BFA1FF5A300F4941EAD04DCB297DE34A809C751
                                                      Function 00007FFC3DAB5896 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2058c6c38ebeaebe7d7bd106bdb17dc17db1526bcd3506efb6b74b1b6db7a926
                                                      • Instruction ID: 8430f8c3cbe1a515cbb621611402366b0811e272311bfae56a9ad978a32e04ef
                                                      • Opcode Fuzzy Hash: 2058c6c38ebeaebe7d7bd106bdb17dc17db1526bcd3506efb6b74b1b6db7a926
                                                      • Instruction Fuzzy Hash: 2E311C30618A1D9FEB94EF68C485BA837E1FF58345F504176E40DC7192EE38E981D790
                                                      Function 00007FFC3DAB6003 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b6b749eab81e24fd742440c5757715da79bc1a1674627eac34c43ffde1b4e29
                                                      • Instruction ID: 33a60adf3ad794b8f5d239690625ca9a52b01df71e9822fc816276b17f78e528
                                                      • Opcode Fuzzy Hash: 9b6b749eab81e24fd742440c5757715da79bc1a1674627eac34c43ffde1b4e29
                                                      • Instruction Fuzzy Hash: 5311D61060D7DE0FEB52A7B948A53647FE19F57201F4810FBE08ACB1E3ED599849C361
                                                      Function 00007FFC3DAB5C92 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 45f4433f50b1f44a83fd8ebcdce5bda40f9d30ed5c3edc53420cf013c173ec4a
                                                      • Instruction ID: 3f2f1d6428fe80fee113c18e047e8bad6672246c6ef4500afd7fdc17e79225aa
                                                      • Opcode Fuzzy Hash: 45f4433f50b1f44a83fd8ebcdce5bda40f9d30ed5c3edc53420cf013c173ec4a
                                                      • Instruction Fuzzy Hash: CE110D20618A5D9FEB90EF68C485BF837D2FF58341F504176A40DC7291EE29E941D750
                                                      Function 00007FFC3DAB5AC2 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 45f4433f50b1f44a83fd8ebcdce5bda40f9d30ed5c3edc53420cf013c173ec4a
                                                      • Instruction ID: 95757e464b2496490033643a289723708b4bf0a58be4ce0d1f9f36460dccdf96
                                                      • Opcode Fuzzy Hash: 45f4433f50b1f44a83fd8ebcdce5bda40f9d30ed5c3edc53420cf013c173ec4a
                                                      • Instruction Fuzzy Hash: 97111A30618A1E9FEBA4EF68C494BE937D1FF58341F50413AA40DD7292EE28E941DB90
                                                      Function 00007FFC3DAB0C04 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d45c1cfcc8e182c19f511059c93123af7b373b5767053ff90759b7b875c0b05
                                                      • Instruction ID: 3374fb4cf5bc6fda8d5d8283555e67224a9e6624bd72ddec1777210127a928a9
                                                      • Opcode Fuzzy Hash: 8d45c1cfcc8e182c19f511059c93123af7b373b5767053ff90759b7b875c0b05
                                                      • Instruction Fuzzy Hash: C2119442F0CA6F0FEAE8E6AC155127C55C1DF9A290B4445BDC01ED71CBFD1968169329
                                                      Function 00007FFC3DAB6675 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c6f793e9e6e26268f16b9487422397d63a27695e400abc51c092b65d7db93058
                                                      • Instruction ID: 58203de28447b3642342bc5f1c328430a2a3f8761cd3f427f7ca589559e38d05
                                                      • Opcode Fuzzy Hash: c6f793e9e6e26268f16b9487422397d63a27695e400abc51c092b65d7db93058
                                                      • Instruction Fuzzy Hash: 8BF0394090E7DE0FDF5A57B808AA6A07FA09F07255F0E14EAD489DF0D7EA9D1846C322
                                                      Function 00007FFC3DAB55DB Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 059bbd1866ead6e3daa745b44df9da9c5aec676748ecb615e640a81515e08b8d
                                                      • Instruction ID: 40cbdc9984bb7db89fc9066b3f399aba644bf9022d4df39cad94841c9d731299
                                                      • Opcode Fuzzy Hash: 059bbd1866ead6e3daa745b44df9da9c5aec676748ecb615e640a81515e08b8d
                                                      • Instruction Fuzzy Hash: D6F03A30B18A0D9FDB90EF68C4A5AB877E1EB8C341B144075E40EC7282EE24E801E750
                                                      Function 00007FFC3DAB5425 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47fd5964d0b33f9c162a5747115ea6de87c6df48ce9f6cd2fc1d9e6a8e91adfd
                                                      • Instruction ID: e8b8840f8a1a4b18373a3f43a5a9b9949f5e6f81b99b4af516a0cfbf6a7d0215
                                                      • Opcode Fuzzy Hash: 47fd5964d0b33f9c162a5747115ea6de87c6df48ce9f6cd2fc1d9e6a8e91adfd
                                                      • Instruction Fuzzy Hash: 25F08C90A0D7D90FDB1367B85C907547FB0DF5B201F4A00E3E048CB1E7E9588989C322
                                                      Function 00007FFC3DAB57D3 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2391123414.00007FFC3DAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DAB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffc3dab0000_SecuriteInfo.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 452d1f9528261e09c97e24371774e75b85fca086a5186a55031f9b3d83222ea5
                                                      • Instruction ID: f6a9cad1142ec8f08e3c07bf7023e336d223d087d953358c9025404d5571b348
                                                      • Opcode Fuzzy Hash: 452d1f9528261e09c97e24371774e75b85fca086a5186a55031f9b3d83222ea5
                                                      • Instruction Fuzzy Hash: 8BB012133C160D03850825DA78850A4F344C5CB03738516B3D609C4101CA9B48C20240