Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report aTube_Catcher_v1.508.685.92.1.exe

Overview

General Information

Sample Name:aTube_Catcher_v1.508.685.92.1.exe
Analysis ID:505655
MD5:c99bd11c5da66976a40b37ec14e6e7ad
SHA1:f5501f2c27c2ee52a045b4c4c07543776ecc0104
SHA256:13187f46a25a935bd76936a1ee49b700135bd894abc4a37fa0945599c568fcf7
Infos:

Most interesting Screenshot:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Potential time zone aware malware
Found potential dummy code loops (likely to delay analysis)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
PE file contains strange resources
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

  • AV Detection
  • Compliance
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: aTube_Catcher_v1.508.685.92.1.exeReversingLabs: Detection: 17%
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: certificate valid
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: aTube_Catcher_v1.508.685.92.1.exe, 00000000.00000003.311147199.000000001BC0A000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: aTube_Catcher_v1.508.685.92.1.exe, 00000000.00000003.313346163.000000001BC45000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: aTube_Catcher_v1.508.685.92.1.exe, 00000000.00000003.310349589.000000001BC0A000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: https://cassinilabs.com/privacy/
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: https://d2x6n7fm4o49xw.cloudfront.net
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: https://sectigo.com/CPS0
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: https://sectigo.com/CPS0D
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: https://www.atube.me/privacy-policy/
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: https://www.atube.me/terms-and-conditions/
Source: aTube_Catcher_v1.508.685.92.1.exe, 00000000.00000000.294669401.0000000000CFC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameaTube.exe@ vs aTube_Catcher_v1.508.685.92.1.exe
Source: aTube_Catcher_v1.508.685.92.1.exeBinary or memory string: OriginalFilenameaTube.exe@ vs aTube_Catcher_v1.508.685.92.1.exe
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess Stats: CPU usage > 98%
Source: aTube_Catcher_v1.508.685.92.1.exeReversingLabs: Detection: 17%
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeMutant created: \Sessions\1\BaseNamedObjects\MUTEX_ATUBE_CATCHER
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeFile created: C:\Users\user\AppData\Local\Temp\aTube_Catcher_filesJump to behavior
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: </LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Abrir o aplicativo ao sair</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: spustit aplikaci</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: r der afsluttes</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Die Anwendung beim Verlassen des Installationsassistenten starten</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: </LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Launch the application on exit</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: n al cerrar</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: la fermeture</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: st</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Luncurkan aplikasi saat keluar</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Lancia l'applicazione all'uscita</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Lancarkan aplikasi ketika keluar</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Lanceer de toepassing bij de uitgang</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PAGE_FINISH_TITLE>Takk.&#13;&#10;-installeringen er fullf
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <WELCOME_ADVANCED_LINK>Advanced na Pag-install</WELCOME_ADVANCED_LINK>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PROGRESS_TITLE>Istado ng Pag-install</PROGRESS_TITLE>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PROGRESS_STAT_INSTALLING>Ini-install...</PROGRESS_STAT_INSTALLING>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PROGRESS_STAT_FINISHED>Nakumpleto na ang pag-install. Mangyaring i-click ang "<Xpath-ref>//Locale/BUTTON_FINISH</Xpath-ref>" upang magpatuloy.</PROGRESS_STAT_FINISHED>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PROGRESS_STATUS_MAIN>Ini-install ang <Xpath-ref>//Config/PRODUCT_TITLE</Xpath-ref></PROGRESS_STATUS_MAIN>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PAGE_FINISH_TITLE>Salamat&#13;&#10;ang iyong pag-install ay kumpleto na.</PAGE_FINISH_TITLE>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <PAGE_FINISH_TEXT>Matagumpay mong na-install ang <Xpath-ref>//Config/PRODUCT_TITLE</Xpath-ref>. I-click ang "<Xpath-ref>//Locale/BUTTON_FINISH</Xpath-ref>" upang magpatuloy.</PAGE_FINISH_TEXT>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <LAUNCH_CHECKBOX>Ilunsad ang aplikasyon kapag um-exit</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <UNINSTALL_TEXT>&#13;&#10;Upang i-uninstall ang lahat ng mga software na naka-install habang nagaganap ang proseso ng pag-install, mangyaring pumunta sa "Magdagdag/Mag-alis ng Mga Programa" at i-click ang mga Pakete ng "<Xpath-ref>//Config/PRODUCT</Xpath-ref> Packages".</UNINSTALL_TEXT>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: czeniu</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: da</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: ire</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: lat</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: t</LAUNCH_CHECKBOX>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <Xpath-ref>//Locale/LAUNCH_CHECKBOX</Xpath-ref>
Source: aTube_Catcher_v1.508.685.92.1.exeString found in binary or memory: <!-- Product: pre- and post-install requirements //-->
Source: classification engineClassification label: mal42.evad.winEXE@1/0@0/0
Source: aTube_Catcher_v1.508.685.92.1.exe, DotSetup/Infrastructure/SingleInstance.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: aTube_Catcher_v1.508.685.92.1.exe, DotSetup/Infrastructure/SingleInstance.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
Source: aTube_Catcher_v1.508.685.92.1.exe, DotSetup/Installation.Packages/RequirementHandlers.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: aTube_Catcher_v1.508.685.92.1.exe, DotSetup/Installation.Packages/RequirementHandlers.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: aTube_Catcher_v1.508.685.92.1.exe, DotSetup/Professional/Analytics/AnalyticsManager.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeFile opened: C:\Windows\SYSTEM32\MsftEdit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: certificate valid
Source: aTube_Catcher_v1.508.685.92.1.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Potential time zone aware malware
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeWindow / User API: threadDelayed 5501Jump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeWindow / User API: threadDelayed 1903Jump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeWindow / User API: windowPlacementGot 1225Jump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeWindow / User API: windowPlacementGot 532Jump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exe TID: 5096Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exe TID: 5096Thread sleep time: -30000s >= -30000sJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeThread delayed: delay time: 922337203685477Jump to behavior

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess Stats: CPU usage > 90% for more than 60s
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Path InterceptionPath InterceptionDisable or Modify Tools1OS Credential DumpingSystem Time Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion122LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerVirtualization/Sandbox Evasion122SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 505655 Sample: aTube_Catcher_v1.508.685.92.1.exe Startdate: 19/10/2021 Architecture: WINDOWS Score: 42 8 Multi AV Scanner detection for submitted file 2->8 5 aTube_Catcher_v1.508.685.92.1.exe 3 2->5         started        process3 signatures4 10 Found potential dummy code loops (likely to delay analysis) 5->10 12 Potential time zone aware malware 5->12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
aTube_Catcher_v1.508.685.92.1.exe11%MetadefenderBrowse
aTube_Catcher_v1.508.685.92.1.exe18%ReversingLabsByteCode-MSIL.PUA.DotSetupIo

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
https://cassinilabs.com/privacy/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://d2x6n7fm4o49xw.cloudfront.netaTube_Catcher_v1.508.685.92.1.exefalse
    		high
    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0taTube_Catcher_v1.508.685.92.1.exefalse
    • URL Reputation: safe
    		unknown
    http://www.apache.org/licenses/LICENSE-2.0aTube_Catcher_v1.508.685.92.1.exe, 00000000.00000003.311147199.000000001BC0A000.00000004.00000001.sdmpfalse
      		high
      https://sectigo.com/CPS0aTube_Catcher_v1.508.685.92.1.exefalse
      • URL Reputation: safe
      		unknown
      http://ocsp.sectigo.com0aTube_Catcher_v1.508.685.92.1.exefalse
      • URL Reputation: safe
      		unknown
      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#aTube_Catcher_v1.508.685.92.1.exefalse
      • URL Reputation: safe
      		unknown
      https://www.atube.me/terms-and-conditions/aTube_Catcher_v1.508.685.92.1.exefalse
        		high
        https://sectigo.com/CPS0DaTube_Catcher_v1.508.685.92.1.exefalse
        • URL Reputation: safe
        		unknown
        http://www.tiro.comaTube_Catcher_v1.508.685.92.1.exe, 00000000.00000003.310349589.000000001BC0A000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0saTube_Catcher_v1.508.685.92.1.exefalse
        • URL Reputation: safe
        		unknown
        https://www.atube.me/privacy-policy/aTube_Catcher_v1.508.685.92.1.exefalse
          		high
          http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#aTube_Catcher_v1.508.685.92.1.exefalse
          • URL Reputation: safe
          		unknown
          http://www.sakkal.comaTube_Catcher_v1.508.685.92.1.exe, 00000000.00000003.313346163.000000001BC45000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://cassinilabs.com/privacy/aTube_Catcher_v1.508.685.92.1.exefalse
          • Avira URL Cloud: safe
          		unknown

          Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:33.0.0 White Diamond
          Analysis ID:505655
          Start date:19.10.2021
          Start time:17:03:27
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 6m 52s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:aTube_Catcher_v1.508.685.92.1.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:18
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal42.evad.winEXE@1/0@0/0
          EGA Information:Failed
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
          • Excluded IPs from analysis (whitelisted): 23.203.141.148, 20.199.120.85, 20.50.102.62, 2.20.178.24, 2.20.178.33, 20.199.120.151, 13.107.4.50, 2.20.178.10, 2.20.178.56, 20.199.120.182, 20.54.110.249, 40.112.88.60, 52.251.79.25
          • Excluded domains from analysis (whitelisted): consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, b1ns.c-0001.c-msedge.net, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, b1ns.au-msedge.net, client.wns.windows.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/505655/sample/aTube_Catcher_v1.508.685.92.1.exe

          Simulations

          TimeTypeDescription
          17:04:29API Interceptor623x Sleep call for process: aTube_Catcher_v1.508.685.92.1.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):6.553230071784774
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
          • Win32 Executable (generic) a (10002005/4) 49.97%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:aTube_Catcher_v1.508.685.92.1.exe
          File size:984256
          MD5:c99bd11c5da66976a40b37ec14e6e7ad
          SHA1:f5501f2c27c2ee52a045b4c4c07543776ecc0104
          SHA256:13187f46a25a935bd76936a1ee49b700135bd894abc4a37fa0945599c568fcf7
          SHA512:98599b823002a1494f07a33df77fcccb792887fdbc9ac8689160fe24a22da9e81fe42917d877b65721d367b94bea2e91d1edb74cfa622d9ad801dfa583044a12
          SSDEEP:24576:+dqECuJQXq0S+K7VQy6yXiJC0ABKPamoLi+t9RQAPF6r+nUs0S+K7VQy6yXiJC0g:+hJQXq0S+K7VQy6yXiJC0ABKXii+t9Rd
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.....................R......Z.... ........@.. .......................@............@................................

          File Icon

          Icon Hash:28e8ead2def83142

          Static PE Info

          General

          Entrypoint:0x4caa5a
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE
          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Time Stamp:0x60D9DCFC [Mon Jun 28 14:30:20 2021 UTC]
          TLS Callbacks:
          CLR (.Net) Version:v4.0.30319
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Authenticode Signature

          Signature Valid:true
          Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 12/13/2020 4:00:00 PM 12/14/2021 3:59:59 PM
          Subject Chain
          • CN=DS NET CORP SA DE CV, O=DS NET CORP SA DE CV, STREET=XOCHICALCO 392 INT 3, L=Ciudad de M&#195;&#169;xico, C=MX
          Version:3
          Thumbprint MD5:542533A944BB6D185869384730152084
          Thumbprint SHA-1:95DB9FE4FAE3EC065213B1CA7F0B2000BD7EDC58
          Thumbprint SHA-256:BF4E3B65FF3225FFBEA6717A808D00D3AE761BDAC0012F49B282A4235A384EC0
          Serial:251210812FA300DD6BF68F42E3D94860
          Instruction
          jmp dword ptr [004CAA68h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          cmp al, AAh
          or al, 00h
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xcaa0c0x4c.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x24f9b.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0xee0000x24c0.rsrc
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xf20000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xcaa680x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xc8a700xc8c00False0.498612381304data6.67294272165IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rsrc0xcc0000x24f9b0x25000False0.528274123733data5.62476564332IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xf20000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountry
          RT_ICON0xcc1a00xb855PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
          RT_ICON0xd7a050x10828dBase III DBT, version number 0, next free block index 40
          RT_ICON0xe823d0x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
          RT_ICON0xec4750x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
          RT_ICON0xeea2d0x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
          RT_ICON0xefae50x468GLS_BINARY_LSB_FIRST
          RT_GROUP_ICON0xeff5d0x5adata
          RT_VERSION0xeffc70x388data
          RT_MANIFEST0xf035f0xc3cXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Code Manipulations

          Statistics

          CPU Usage

          050100150s020406080100

          Click to jump to process

          Memory Usage

          050100150s0.0020406080MB

          Click to jump to process

          High Level Behavior Distribution

          • File
          • Registry

          Click to dive into process behavior distribution

          System Behavior

          Analysis Process: aTube_Catcher_v1.508.685.92.1.exe PID: 5384 Parent PID: 5240

          Function Logs

          General

          Start time:17:04:25
          Start date:19/10/2021
          Path:C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exe
          Wow64 process (32bit):false
          Commandline:'C:\Users\user\Desktop\aTube_Catcher_v1.508.685.92.1.exe'
          Imagebase:0xc30000
          File size:984256 bytes
          MD5 hash:C99BD11C5DA66976A40B37EC14E6E7AD
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Reputation:low
          Show Windows behavior

          File Activities

          Show Windows behavior

          Section Activities

          Show Windows behavior

          Registry Activities

          Show Windows behavior

          Mutex Activities

          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          Show Windows behavior

          System Activities

          Show Windows behavior

          Timing Activities

          Show Windows behavior

          Windows UI Activities

          Show Windows behavior

          Process Token Activities

          Show Windows behavior

          LPC Port Activities

          Disassembly

          Code Analysis