Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report CDC GUIDES COVID-19 Second Outbreak Warning release.scr

Overview

General Information

Sample Name:CDC GUIDES COVID-19 Second Outbreak Warning release.scr (renamed file extension from scr to exe)
Analysis ID:319216
MD5:dc8d9c9a86fe4830053697c1dc59dc6f
SHA1:a63fa3cc878efe75ecf849111c3e3d417fef4fdd
SHA256:5dcd1649d97e0da882778ec70677be52b49603b6596b044518f02c278d93d0f2

Most interesting Screenshot:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Quasar RAT
.NET source code references suspicious native API functions
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
May check the online IP address of the machine
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • vlc.exe (PID: 6588 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe' MD5: DC8D9C9A86FE4830053697C1DC59DC6F)
    • vlc.exe (PID: 2172 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: DC8D9C9A86FE4830053697C1DC59DC6F)
  • vlc.exe (PID: 6824 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe' MD5: DC8D9C9A86FE4830053697C1DC59DC6F)
    • vlc.exe (PID: 4080 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: DC8D9C9A86FE4830053697C1DC59DC6F)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
  • 0xe70d7:$s1: DoUploadAndExecute
  • 0x13def7:$s1: DoUploadAndExecute
  • 0xe731b:$s2: DoDownloadAndExecute
  • 0x13e13b:$s2: DoDownloadAndExecute
  • 0xe6e9c:$s3: DoShellExecute
  • 0x13dcbc:$s3: DoShellExecute
  • 0xe72d3:$s4: set_Processname
  • 0x13e0f3:$s4: set_Processname
  • 0xae9d4:$op1: 04 1E FE 02 04 16 FE 01 60
  • 0x1057f4:$op1: 04 1E FE 02 04 16 FE 01 60
  • 0xae8f8:$op2: 00 17 03 1F 20 17 19 15 28
  • 0x105718:$op2: 00 17 03 1F 20 17 19 15 28
  • 0xaf35e:$op3: 00 04 03 69 91 1B 40
  • 0xafbae:$op3: 00 04 03 69 91 1B 40
  • 0x10617e:$op3: 00 04 03 69 91 1B 40
  • 0x1069ce:$op3: 00 04 03 69 91 1B 40
0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
    00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
    • 0x3df27:$s1: DoUploadAndExecute
    • 0x3e16b:$s2: DoDownloadAndExecute
    • 0x3dcec:$s3: DoShellExecute
    • 0x3e123:$s4: set_Processname
    • 0x5824:$op1: 04 1E FE 02 04 16 FE 01 60
    • 0x5748:$op2: 00 17 03 1F 20 17 19 15 28
    • 0x61ae:$op3: 00 04 03 69 91 1B 40
    • 0x69fe:$op3: 00 04 03 69 91 1B 40
    00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
      00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
      • 0x3df27:$s1: DoUploadAndExecute
      • 0x3e16b:$s2: DoDownloadAndExecute
      • 0x3dcec:$s3: DoShellExecute
      • 0x3e123:$s4: set_Processname
      • 0x5824:$op1: 04 1E FE 02 04 16 FE 01 60
      • 0x5748:$op2: 00 17 03 1F 20 17 19 15 28
      • 0x61ae:$op3: 00 04 03 69 91 1B 40
      • 0x69fe:$op3: 00 04 03 69 91 1B 40
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      21.2.vlc.exe.400000.0.unpackVermin_Keylogger_Jan18_1Detects Vermin KeyloggerFlorian Roth
      • 0x3ec0a:$x3: GetKeyloggerLogsResponse
      • 0x3de62:$x4: GetKeyloggerLogs
      • 0x3e13a:$s1: <RunHidden>k__BackingField
      • 0x3edd2:$s2: set_SystemInfos
      • 0x3e163:$s3: set_RunHidden
      • 0x3dc96:$s4: set_RemotePath
      • 0x56628:$s6: Client.exe
      • 0x566bc:$s6: Client.exe
      • 0x32029:$s7: xClient.Core.ReverseProxy.Packets
      21.2.vlc.exe.400000.0.unpackxRAT_1Detects Patchwork malwareFlorian Roth
      • 0x305c0:$x4: xClient.Properties.Resources.resources
      • 0x30481:$s4: Client.exe
      • 0x3e163:$s7: set_RunHidden
      21.2.vlc.exe.400000.0.unpackQuasar_RAT_1Detects Quasar RATFlorian Roth
      • 0x3e127:$s1: DoUploadAndExecute
      • 0x3e36b:$s2: DoDownloadAndExecute
      • 0x3deec:$s3: DoShellExecute
      • 0x3e323:$s4: set_Processname
      • 0x5a24:$op1: 04 1E FE 02 04 16 FE 01 60
      • 0x5948:$op2: 00 17 03 1F 20 17 19 15 28
      • 0x63ae:$op3: 00 04 03 69 91 1B 40
      • 0x6bfe:$op3: 00 04 03 69 91 1B 40
      21.2.vlc.exe.400000.0.unpackQuasar_RAT_2Detects Quasar RATFlorian Roth
      • 0x3ec0a:$x1: GetKeyloggerLogsResponse
      • 0x3ee4a:$s1: DoShellExecuteResponse
      • 0x3e7b9:$s2: GetPasswordsResponse
      • 0x3ed1d:$s3: GetStartupItemsResponse
      • 0x3e13b:$s5: RunHidden
      • 0x3e159:$s5: RunHidden
      • 0x3e167:$s5: RunHidden
      • 0x3e17b:$s5: RunHidden
      21.2.vlc.exe.400000.0.unpackMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
      • 0x4f649:$xc1: 41 00 64 00 6D 00 69 00 6E 00 00 11 73 00 63 00 68 00 74 00 61 00 73 00 6B 00 73 00 00 1B 2F 00 ...
      • 0x4f87f:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C ...
      Click to see the 16 entries

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeReversingLabs: Detection: 12%
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeReversingLabs: Detection: 12%
      Multi AV Scanner detection for submitted fileShow sources
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeReversingLabs: Detection: 12%
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeReversingLabs: Detection: 12%
      Yara detected Quasar RATShow sources
      Source: Yara matchFile source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2172, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 2764, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 4080, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6588, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6824, type: MEMORY
      Source: Yara matchFile source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
      Machine Learning detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\

      Networking:

      barindex
      May check the online IP address of the machineShow sources
      Source: unknownDNS query: name: ip-api.com
      Source: unknownDNS query: name: ip-api.com
      Source: global trafficTCP traffic: 192.168.2.3:49736 -> 185.244.26.221:4782
      Source: global trafficTCP traffic: 192.168.2.3:49736 -> 185.244.26.221:4782
      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0Host: ip-api.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0Host: ip-api.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0Host: ip-api.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0Host: ip-api.comConnection: Keep-Alive
      Source: unknownDNS traffic detected: queries for: ip-api.com
      Source: unknownDNS traffic detected: queries for: ip-api.com
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://api.ipify.org/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839709535.00000000031D9000.00000004.00000001.sdmpString found in binary or memory: http://crl.m0odoca
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://freegeoip.net/xml/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpString found in binary or memory: http://ip-api.com
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://ip-api.com/json/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpString found in binary or memory: http://ip-api.com4
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: http://ocsp.comodoca.com0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ocsp.thawte.com0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://s.symcd.com06
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837474746.0000000002F23000.00000004.00000001.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://d.symcb.com/cps0%
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://d.symcb.com/rpa0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://d.symcb.com/rpa0.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://www.globalsign.com/repository/0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://api.ipify.org/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839709535.00000000031D9000.00000004.00000001.sdmpString found in binary or memory: http://crl.m0odoca
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://freegeoip.net/xml/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpString found in binary or memory: http://ip-api.com
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://ip-api.com/json/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpString found in binary or memory: http://ip-api.com4
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: http://ocsp.comodoca.com0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ocsp.thawte.com0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://s.symcd.com06
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837474746.0000000002F23000.00000004.00000001.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://d.symcb.com/cps0%
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://d.symcb.com/rpa0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://d.symcb.com/rpa0.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeString found in binary or memory: https://www.globalsign.com/repository/0
      Source: vlc.exe, 0000000E.00000002.352476510.0000000000ACB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
      Source: vlc.exe, 0000000E.00000002.352476510.0000000000ACB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

      E-Banking Fraud:

      barindex
      Yara detected Quasar RATShow sources
      Source: Yara matchFile source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2172, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 2764, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 4080, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6588, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6824, type: MEMORY
      Source: Yara matchFile source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_02D5FA70
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D91FA8
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D94660
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D90910
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D90040
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D990F0
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D990E0
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D9A212
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_02D5FA70
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D91FA8
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D94660
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D90910
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D90040
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D990F0
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D990E0
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D9A212
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_0142F090
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_0142F960
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_0142ED48
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_066CE6DB
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_066C8EB8
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_066C4A60
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_066C5864
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_067342B8
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_00D0FA70
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E21FA8
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E24890
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E2487F
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E20040
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E20910
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E28AE1
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E28AF0
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_04E24B08
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E1FA8
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E0910
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E0040
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E487F
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E4890
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E8AE1
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 15_2_050E8AF0
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 20_2_032EF090
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 20_2_032EF960
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 20_2_032EED48
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 21_2_02E2F090
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 21_2_02E2F960
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 21_2_02E2ED48
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 21_2_055F5198
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 21_2_055F51A8
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 21_2_055F10B8
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: invalid certificate
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: invalid certificate
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: 9FFWrx9i8Kuq.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: 9FFWrx9i8Kuq.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: 9FFWrx9i8Kuq.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: 9FFWrx9i8Kuq.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000000.200975576.0000000000BCA000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameZzjjddspu2.exe0 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.272315963.0000000005390000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.272529925.0000000005520000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePtgjunquq.dll4 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClassLibrary3.dll< vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClient.exe" vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.833556159.0000000000B8A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameZzjjddspu2.exe0 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDyxylehx1.exe8 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.833725048.0000000000F38000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.832620216.000000000045A000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameClient.exe" vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeBinary or memory string: OriginalFilenameZzjjddspu2.exe0 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000000.200975576.0000000000BCA000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameZzjjddspu2.exe0 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.272315963.0000000005390000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.272529925.0000000005520000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePtgjunquq.dll4 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClassLibrary3.dll< vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClient.exe" vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.833556159.0000000000B8A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameZzjjddspu2.exe0 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDyxylehx1.exe8 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.833725048.0000000000F38000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.832620216.000000000045A000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameClient.exe" vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeBinary or memory string: OriginalFilenameZzjjddspu2.exe0 vs CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: vlc.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: vlc.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: vlc.exe.0.dr, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.0.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b40000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b40000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 5.0.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b00000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b00000.1.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 14.2.vlc.exe.340000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 14.0.vlc.exe.340000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 15.2.vlc.exe.600000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 15.0.vlc.exe.600000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 20.2.vlc.exe.df0000.1.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: vlc.exe.0.dr, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.0.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b40000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b40000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 5.0.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b00000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.b00000.1.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 14.2.vlc.exe.340000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 14.0.vlc.exe.340000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 15.2.vlc.exe.600000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 15.0.vlc.exe.600000.0.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 20.2.vlc.exe.df0000.1.unpack, u0006/u0008.csCryptographic APIs: 'TransformFinalBlock'
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, ufffd?u23de?u2b96???ue028??ufd45???ufffd??ue0ca?.csBase64 encoded string: 'PWj6lHXDOxrLfwXNzfnaLMjOfzO9+W+4JxWWiTvfenV8SQApGzJ0Di/b8fuXcZ0M5PrXoL7V9sk8b6uX8xhtZw==', 'm0LUgy1TBJLS/Rv0+i1hOxLPRvKMsf09np12UQ5OrwBPWWSUYbRf+y9WQJ8KY1h7++uGSo0tWuw0x8ypgzipLl1b12b1d2xLp6CNHiFEtAk=', 'NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==', 'T5995aiahDmRotzNR+wPzkhM3KlC5s/O43KC/1X3Cxu2swVztTyi14Z01j5qsLhy+ZSCP+lJl3YSu4KaMkTl74E6v3MGTgcDoCAikm98Vzg=', 'jLorJj8inqFdgz/bM7KXpwKX+vdTgIpVKMMjF72veNdt62nzBlqRLeihc0RWxDu4tSOd4DuvQwCqGcdB8QTCyQ=='
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, ufffd?u23de?u2b96???ue028??ufd45???ufffd??ue0ca?.csBase64 encoded string: 'PWj6lHXDOxrLfwXNzfnaLMjOfzO9+W+4JxWWiTvfenV8SQApGzJ0Di/b8fuXcZ0M5PrXoL7V9sk8b6uX8xhtZw==', 'm0LUgy1TBJLS/Rv0+i1hOxLPRvKMsf09np12UQ5OrwBPWWSUYbRf+y9WQJ8KY1h7++uGSo0tWuw0x8ypgzipLl1b12b1d2xLp6CNHiFEtAk=', 'NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==', 'T5995aiahDmRotzNR+wPzkhM3KlC5s/O43KC/1X3Cxu2swVztTyi14Z01j5qsLhy+ZSCP+lJl3YSu4KaMkTl74E6v3MGTgcDoCAikm98Vzg=', 'jLorJj8inqFdgz/bM7KXpwKX+vdTgIpVKMMjF72veNdt62nzBlqRLeihc0RWxDu4tSOd4DuvQwCqGcdB8QTCyQ=='
      Source: classification engineClassification label: mal100.troj.evad.winEXE@11/5@2/2
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeMutant created: \Sessions\1\BaseNamedObjects\QSR_MUTEX_aEyHRwA2EwWBI7cCGO
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeMutant created: \Sessions\1\BaseNamedObjects\QSR_MUTEX_aEyHRwA2EwWBI7cCGO
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeJump to behavior
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeReversingLabs: Detection: 12%
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeReversingLabs: Detection: 12%
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile read: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe 'C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe'
      Source: unknownProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: unknownProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe 'C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe'
      Source: unknownProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_02D5B712 pushfd ; iretd
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_02D5F438 pushfd ; iretd
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_02D5B712 pushfd ; iretd
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_02D5F438 pushfd ; iretd
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_066CD100 push es; ret
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 5_2_066CDF3F push es; ret
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 14_2_00D0B718 pushfd ; iretd
      Source: initial sampleStatic PE information: section name: .text entropy: 7.95282361002
      Source: initial sampleStatic PE information: section name: .text entropy: 7.95282361002
      Source: initial sampleStatic PE information: section name: .text entropy: 7.95282361002
      Source: initial sampleStatic PE information: section name: .text entropy: 7.95282361002
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: \cdc guides covid-19 second outbreak warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: \cdc guides covid-19 second outbreak warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: \cdc guides covid-19 second outbreak warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: \cdc guides covid-19 second outbreak warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeJump to dropped file
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to dropped file
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeJump to dropped file
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to dropped file
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe\:Zone.Identifier:$DATAJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe\:Zone.Identifier:$DATAJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile opened: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe:Zone.Identifier read attributes | delete
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile opened: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe:Zone.Identifier read attributes | delete
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile opened: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe:Zone.Identifier read attributes | delete
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeFile opened: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe:Zone.Identifier read attributes | delete
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion:

      barindex
      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.272529925.0000000005520000.00000004.00000001.sdmp, vlc.exe, 0000000E.00000002.354177047.00000000036E1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.837912973.0000000004387000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLHEAD
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.272529925.0000000005520000.00000004.00000001.sdmp, vlc.exe, 0000000E.00000002.354177047.00000000036E1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.837912973.0000000004387000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLHEAD
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWindow / User API: threadDelayed 676
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWindow / User API: threadDelayed 1715
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWindow / User API: threadDelayed 676
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWindow / User API: threadDelayed 1715
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 4664Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 6232Thread sleep count: 676 > 30
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 6232Thread sleep count: 1715 > 30
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 5884Thread sleep count: 44 > 30
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 5884Thread sleep time: -110000s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6668Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6868Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 4912Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 1380Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 4664Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 6232Thread sleep count: 676 > 30
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 6232Thread sleep count: 1715 > 30
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 5884Thread sleep count: 44 > 30
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe TID: 5884Thread sleep time: -110000s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6668Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6868Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 4912Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 1380Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeLast function: Thread delayed
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmpBinary or memory string: vmware
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.837912973.0000000004387000.00000004.00000001.sdmpBinary or memory string: vmware+microsoft corporation
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmpBinary or memory string: vmware
      Source: 9FFWrx9i8Kuq.exe, 00000026.00000002.837912973.0000000004387000.00000004.00000001.sdmpBinary or memory string: vmware+microsoft corporation
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.842823257.00000000061E0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeMemory allocated: page read and write | page guard
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeMemory allocated: page read and write | page guard

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      .NET source code references suspicious native API functionsShow sources
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, ??u08bd????ue13eu26f9?ue3e2???uedca?uef61???.csReference to suspicious API methods: ('????????????????????', 'LoadLibrary@kernel32.dll'), ('????????????????????', 'GetProcAddress@kernel32.dll')
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, ??uf6f5???ue4b2?????????????.csReference to suspicious API methods: ('????????????????????', 'MapVirtualKeyEx@user32.dll')
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, ??u08bd????ue13eu26f9?ue3e2???uedca?uef61???.csReference to suspicious API methods: ('????????????????????', 'LoadLibrary@kernel32.dll'), ('????????????????????', 'GetProcAddress@kernel32.dll')
      Source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, ??uf6f5???ue4b2?????????????.csReference to suspicious API methods: ('????????????????????', 'MapVirtualKeyEx@user32.dll')
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeMemory written: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeMemory written: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeProcess created: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Program Manager
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Program Manager
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.836473892.00000000018D0000.00000002.00000001.sdmp, 9FFWrx9i8Kuq.exe, 00000026.00000002.834891803.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D9EC10 GetUserNameA,
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeCode function: 0_2_05D9EC10 GetUserNameA,
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
      Source: C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Stealing of Sensitive Information:

      barindex
      Yara detected Quasar RATShow sources
      Source: Yara matchFile source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2172, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 2764, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 4080, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6588, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6824, type: MEMORY
      Source: Yara matchFile source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE

      Remote Access Functionality:

      barindex
      Yara detected Quasar RATShow sources
      Source: Yara matchFile source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2172, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 2764, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 4080, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6588, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6824, type: MEMORY
      Source: Yara matchFile source: 21.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management Instrumentation121Registry Run Keys / Startup Folder11Process Injection112Disable or Modify Tools1Input Capture1Account Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsNative API1Boot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information21Security Account ManagerSystem Information Discovery123SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing2NTDSSecurity Software Discovery221Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsVirtualization/Sandbox Evasion4SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol12Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion4Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Network Configuration Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 319216 Sample: CDC GUIDES COVID-19 Second ... Startdate: 18/11/2020 Architecture: WINDOWS Score: 100 41 Malicious sample detected (through community Yara rule) 2->41 43 Multi AV Scanner detection for dropped file 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 5 other signatures 2->47 7 CDC GUIDES COVID-19 Second Outbreak Warning release.exe 1 4 2->7         started        11 vlc.exe 2->11         started        13 vlc.exe 1 2->13         started        process3 file4 29 C:\Users\user\AppData\Roaming\...\vlc.exe, PE32 7->29 dropped 31 C:\Users\user\...\vlc.exe:Zone.Identifier, ASCII 7->31 dropped 33 CDC GUIDES COVID-1...ing release.exe.log, ASCII 7->33 dropped 49 Injects a PE file into a foreign processes 7->49 15 CDC GUIDES COVID-19 Second Outbreak Warning release.exe 15 3 7->15         started        20 vlc.exe 2 11->20         started        22 vlc.exe 2 13->22         started        signatures5 process6 dnsIp7 35 devils.shacknet.us 185.244.26.221, 4782, 49736 VAMU-ASIP-TRANSITVAMURU Netherlands 15->35 37 ip-api.com 208.95.112.1, 49735, 80 TUT-ASUS United States 15->37 27 C:\Users\user\AppData\...\9FFWrx9i8Kuq.exe, PE32 15->27 dropped 39 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->39 24 9FFWrx9i8Kuq.exe 2 15->24         started        file8 signatures9 process10 signatures11 51 Machine Learning detection for dropped file 24->51

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      CDC GUIDES COVID-19 Second Outbreak Warning release.exe12%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe12%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      21.2.vlc.exe.400000.0.unpack100%AviraHEUR/AGEN.1135947Download File
      5.2.CDC GUIDES COVID-19 Second Outbreak Warning release.exe.400000.0.unpack100%AviraHEUR/AGEN.1135947Download File
      20.2.vlc.exe.400000.0.unpack100%AviraHEUR/AGEN.1135947Download File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://crl.m0odoca0%Avira URL Cloudsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
      http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
      http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
      http://ocsp.thawte.com00%URL Reputationsafe
      http://ocsp.thawte.com00%URL Reputationsafe
      http://ocsp.thawte.com00%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      https://www.chiark.greenend.org.uk/~sgtatham/putty/00%Avira URL Cloudsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://ip-api.com40%Avira URL Cloudsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      ip-api.com
      		208.95.112.1
      		truefalse
        		high
        devils.shacknet.us
        		185.244.26.221
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://ip-api.com/json/false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.apache.org/licenses/LICENSE-2.09FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
              		high
              http://www.fontbureau.com9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.com/designersG9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                  		high
                  http://freegeoip.net/xml/CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                      		high
                      http://crl.m0odocaCDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839709535.00000000031D9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.founder.com.cn/cn/bThe9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://schemas.datacontract.org/2004/07/CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837474746.0000000002F23000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                        		high
                        http://ocsp.thawte.com0CDC GUIDES COVID-19 Second Outbreak Warning release.exefalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.tiro.com9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                          		high
                          http://www.goodfont.co.kr9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.chiark.greenend.org.uk/~sgtatham/putty/0CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.839822026.0000000003207000.00000004.00000001.sdmp, 9FFWrx9i8Kuq.exe.5.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.carterandcone.coml9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://ip-api.com4CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.sajatypeworks.com9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.typography.netD9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/cabarga.htmlN9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/cThe9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/staff/dennis.htm9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://fontfabrik.com9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-jones.html9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                              		high
                              http://crl.thawte.com/ThawteTimestampingCA.crl0CDC GUIDES COVID-19 Second Outbreak Warning release.exefalse
                                		high
                                http://www.jiyu-kobo.co.jp/9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://ip-api.comCDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.galapagosdesign.com/DPlease9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://api.ipify.org/CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000000.00000002.267762525.0000000002F82000.00000004.00000001.sdmp, CDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000E.00000002.353478457.0000000002A3F000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.372076333.0000000002E5F000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers89FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fonts.com9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.kr9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPlease9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cn9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCDC GUIDES COVID-19 Second Outbreak Warning release.exe, 00000005.00000002.837102867.0000000002EDC000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.sakkal.com9FFWrx9i8Kuq.exe, 00000026.00000002.842466971.00000000063A0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          208.95.112.1
                                          		unknownUnited States
                                          		53334TUT-ASUSfalse
                                          185.244.26.221
                                          		unknownNetherlands
                                          		47158VAMU-ASIP-TRANSITVAMURUfalse

                                          General Information

                                          Joe Sandbox Version:31.0.0 Red Diamond
                                          Analysis ID:319216
                                          Start date:18.11.2020
                                          Start time:05:46:57
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 15m 2s
                                          Hypervisor based Inspection enabled:false
                                          Report type:light
                                          Sample file name:CDC GUIDES COVID-19 Second Outbreak Warning release.scr (renamed file extension from scr to exe)
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:39
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@11/5@2/2
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HDC Information:
                                          • Successful, ratio: 0.7% (good quality ratio 0.4%)
                                          • Quality average: 47.1%
                                          • Quality standard deviation: 39.7%
                                          HCA Information:
                                          • Successful, ratio: 96%
                                          • Number of executed functions: 0
                                          • Number of non-executed functions: 0
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                          • TCP Packets have been reduced to 100
                                          • Excluded IPs from analysis (whitelisted): 104.42.151.234, 104.43.139.144, 51.104.139.180, 2.20.84.85, 20.54.26.129, 2.20.142.210, 2.20.142.209, 92.122.213.194, 92.122.213.247, 52.155.217.156, 40.90.23.247, 40.90.137.127, 40.90.137.124, 40.90.23.154, 40.90.23.208, 13.104.215.69, 40.90.137.120, 40.90.137.126, 51.11.168.232
                                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, umwatsonrouting.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/319216/sample/CDC GUIDES COVID-19 Second Outbreak Warning release.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          05:48:17AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run vlc "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"
                                          05:48:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run vlc "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          208.95.112.1JfBrVoAbZJ.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          COMSurrogate.exeGet hashmaliciousBrowse
                                          • ip-api.com/xml
                                          XbVizOmLp2.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          5GdTme5iYr.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          ASX9zO2dRS.exeGet hashmaliciousBrowse
                                          • ip-api.com/json
                                          nW6wmlBvYs.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          58M6JBEHW4.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          wQDprpZ6i7.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          Xxgm9UF1xP.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          mY08H9Efjn.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          DHL Shipment Notice of Arrival AWB 8032697940773.jsGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          UuKzWnNMP6.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          xGaL85Q9T2.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          J7y5VaY5WM.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          M5tzeNIe5t.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          1LdcfAJXhM.exeGet hashmaliciousBrowse
                                          • ip-api.com/json/
                                          hjeBW2gHjq.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          FOZUynGAgb.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/?fields
                                          s2VoGiX9ai.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/
                                          Bo0YWPrh0j.exeGet hashmaliciousBrowse
                                          • ip-api.com/line/

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          ip-api.comJfBrVoAbZJ.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          COMSurrogate.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          XbVizOmLp2.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          5GdTme5iYr.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          ASX9zO2dRS.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          nW6wmlBvYs.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          58M6JBEHW4.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          wQDprpZ6i7.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          Xxgm9UF1xP.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          mY08H9Efjn.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          DHL Shipment Notice of Arrival AWB 8032697940773.jsGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          UuKzWnNMP6.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          xGaL85Q9T2.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          J7y5VaY5WM.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          M5tzeNIe5t.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          1LdcfAJXhM.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          hjeBW2gHjq.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          FOZUynGAgb.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          s2VoGiX9ai.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          Bo0YWPrh0j.exeGet hashmaliciousBrowse
                                          • 208.95.112.1

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          VAMU-ASIP-TRANSITVAMURU85RNPseqgJ.exeGet hashmaliciousBrowse
                                          • 185.244.26.206
                                          Olzcqxcxnf9.exeGet hashmaliciousBrowse
                                          • 185.244.26.213
                                          R1MfM3z2Nz.exeGet hashmaliciousBrowse
                                          • 185.244.26.206
                                          Fh06tuCZaK.exeGet hashmaliciousBrowse
                                          • 185.244.26.206
                                          AlTKG0L5d8.exeGet hashmaliciousBrowse
                                          • 185.244.26.206
                                          Rbmmuoavjkz8.exeGet hashmaliciousBrowse
                                          • 185.244.26.213
                                          PO 6300019918..exeGet hashmaliciousBrowse
                                          • 185.244.26.206
                                          gSTnUDrWFe.exeGet hashmaliciousBrowse
                                          • 185.244.26.199
                                          FpK385nmHk.exeGet hashmaliciousBrowse
                                          • 185.244.26.199
                                          7sbXVpHq6E.exeGet hashmaliciousBrowse
                                          • 185.244.26.199
                                          Order N#U00b022019.exeGet hashmaliciousBrowse
                                          • 185.244.26.219
                                          scan.exeGet hashmaliciousBrowse
                                          • 185.244.26.219
                                          3kpUlycHABfLMj6.exeGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          BTQBVILB.EXEGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          NCNRDEZ1.EXEGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          BM6GMIYN.EXEGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          QPI51NCL.EXEGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          LqyD3LqYjmUTl0n.exeGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          B6X9zW00qtAZXYd.exeGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          uPtScCCsvXI2Nj0.exeGet hashmaliciousBrowse
                                          • 185.244.26.228
                                          TUT-ASUSJfBrVoAbZJ.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          COMSurrogate.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          XbVizOmLp2.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          5GdTme5iYr.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          nW6wmlBvYs.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          58M6JBEHW4.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          wQDprpZ6i7.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          Xxgm9UF1xP.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          mY08H9Efjn.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          DHL Shipment Notice of Arrival AWB 8032697940773.jsGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          UuKzWnNMP6.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          xGaL85Q9T2.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          J7y5VaY5WM.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          M5tzeNIe5t.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          1LdcfAJXhM.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          hjeBW2gHjq.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          FOZUynGAgb.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          s2VoGiX9ai.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          Bo0YWPrh0j.exeGet hashmaliciousBrowse
                                          • 208.95.112.1
                                          UJr2wEBvsX.exeGet hashmaliciousBrowse
                                          • 208.95.112.1

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CDC GUIDES COVID-19 Second Outbreak Warning release.exe.log
                                          Process:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):517
                                          Entropy (8bit):5.335306720429945
                                          Encrypted:false
                                          SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhaxzAbDLI4M6:ML9E4Ks2wKDE4KhK3VZ9pKhmsXE4j
                                          MD5:BB6624785B5CCCA1B27C160A2F19C179
                                          SHA1:51C3A976DB55F4E09009C1E7663643A2205FBEA5
                                          SHA-256:CF05D58CFF71D857664AAB4D49D3ABABFD0D59A65303B0FA5B1996C1CD3E66DA
                                          SHA-512:83C5B206F17844ECE6D3F8330C661A66C76803DF80BDD29780C541963D4693F89947407336D4CDE03F1F902C8F50B64E4F49C1577B99AAB09EDA16F1677CA843
                                          Malicious:true
                                          Reputation:moderate, very likely benign file
                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vlc.exe.log
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):517
                                          Entropy (8bit):5.335306720429945
                                          Encrypted:false
                                          SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhaxzAbDLI4M6:ML9E4Ks2wKDE4KhK3VZ9pKhmsXE4j
                                          MD5:BB6624785B5CCCA1B27C160A2F19C179
                                          SHA1:51C3A976DB55F4E09009C1E7663643A2205FBEA5
                                          SHA-256:CF05D58CFF71D857664AAB4D49D3ABABFD0D59A65303B0FA5B1996C1CD3E66DA
                                          SHA-512:83C5B206F17844ECE6D3F8330C661A66C76803DF80BDD29780C541963D4693F89947407336D4CDE03F1F902C8F50B64E4F49C1577B99AAB09EDA16F1677CA843
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                          C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
                                          Process:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):287120
                                          Entropy (8bit):4.744226336831956
                                          Encrypted:false
                                          SSDEEP:6144:ZL9q3/hFX11OUPKLIIjjGzIAh9+B2UTeZis7OiQGYH649Mwxz:J0/X11OUPK5jjSAB2UTKpOiQGYH3Mwxz
                                          MD5:082B27BB1AAA169A5D0C4CD536976F99
                                          SHA1:F0C3E75BDC2D2F57B1309F3A26FB99E67546012C
                                          SHA-256:A8886AF066529DB9AE1A07AE170DC1B80726952DE1094ED5E14520922DC47A54
                                          SHA-512:BD2175E9EDF2B314901904E4F0EB81C7969B2ADAD2F9033BC95B0F28ACDB2D2C15B9B2EE5A2D36D31D20A4066BF768012344001D1EF1FFE4641674C3C35F2239
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          Reputation:low
                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.._............................"'... ...@....@.. ....................................@..................................&..W....@...............$...=...`....................................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................'......H............$......;...h4...............................................0.............-.&(....+.&+.*....0..h....... .....-.&~.....,.&+).+..+....(....r...p(.....-.&. ....Z.+..+.. .&..1..(.... .H... _......Z...Y.. ....0.*.0.............-.&(....+.&+.*....0..........r...p.-.&+.(....+.*..0...........%.-.&9....+..+..r...p(....-B.r/..p(....-H.rA..p(....-N.rY..p(....-L.ri..p(....-J.r...p(....-H*r...p.-.&+.(....+.*r...p.-.&+.(....+.*r...p(....*r...p(....*r...p(....*r...p(....*....0..
                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Process:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):645440
                                          Entropy (8bit):7.920263997977594
                                          Encrypted:false
                                          SSDEEP:12288:/4WN/IQY26pufbscH9POzQpGf2JUC5KJq7n8eUUI+PBUJXAXq:/Bb6ZcdOH2+CMJ2aiBUJXAXq
                                          MD5:DC8D9C9A86FE4830053697C1DC59DC6F
                                          SHA1:A63FA3CC878EFE75ECF849111C3E3D417FEF4FDD
                                          SHA-256:5DCD1649D97E0DA882778EC70677BE52B49603B6596B044518F02C278D93D0F2
                                          SHA-512:8F91ACA4B85D53745F395888FFB8E2D5F17F06AFC7E302F2ED19C840377C70EF807BA14748FEFD2A756B27B54808651087FBCBA572F0D162B06C8A0E9283EF8C
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Reputation:low
                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_.................b...D........... ........@.. ....................... ............@....................................J........@..............@1........................................................... ............... ..H............text....a... ...b.................. ..`.rsrc....@.......B...d..............@..@.reloc..............................@..B........................H............>..........h...e...........................................N+.+.*(....+.(....+..0.......... ..a.%,[8....8....&8.... ....a%..^8....8.....Y.-..:v...E........ .......5...P....,.+.8{... .{V.%,7Z ...&a.-.+m+.+l I.46Z ..p.a+a8.......(..... }.m.Z ..z.a.8m.... Z.}.Z (>.Ea.8Z....8T...(q...8O....8O....8X....8W....8.....+..+..+...(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(.
                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe:Zone.Identifier
                                          Process:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Reputation:high, very likely benign file
                                          Preview: [ZoneTransfer]....ZoneId=0

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.920263997977594
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          • DOS Executable Generic (2002/1) 0.01%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          File size:645440
                                          MD5:dc8d9c9a86fe4830053697c1dc59dc6f
                                          SHA1:a63fa3cc878efe75ecf849111c3e3d417fef4fdd
                                          SHA256:5dcd1649d97e0da882778ec70677be52b49603b6596b044518f02c278d93d0f2
                                          SHA512:8f91aca4b85d53745f395888ffb8e2d5f17f06afc7e302f2ed19c840377c70ef807ba14748fefd2a756b27b54808651087fbcba572f0d162b06c8a0e9283ef8c
                                          SSDEEP:12288:/4WN/IQY26pufbscH9POzQpGf2JUC5KJq7n8eUUI+PBUJXAXq:/Bb6ZcdOH2+CMJ2aiBUJXAXq
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_.................b...D........... ........@.. ....................... ............@................................

                                          File Icon

                                          Icon Hash:3b3b332b696932b2

                                          Static PE Info

                                          General

                                          Entrypoint:0x488117
                                          Entrypoint Section:.text
                                          Digitally signed:true
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x5FB3FDCD [Tue Nov 17 16:43:57 2020 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:v4.0.30319
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Authenticode Signature

                                          Signature Valid:false
                                          Signature Issuer:CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
                                          Signature Validation Error:The digital signature of the object did not verify
                                          Error Number:-2146869232
                                          Not Before, Not After
                                          • 8/25/2020 6:42:07 AM 8/26/2023 6:42:07 AM
                                          Subject Chain
                                          • CN=win.rar GmbH, O=win.rar GmbH, L=Berlin, S=Berlin, C=DE
                                          Version:3
                                          Thumbprint MD5:185DBD4A2E2671589EEB3E7E1920EA9F
                                          Thumbprint SHA-1:B3DF816A17A25557316D181DDB9F46254D6D8CA0
                                          Thumbprint SHA-256:66DB1C86D38273627C837F4638122FA88BBFFFF31C4052115B98CAF6CE0C631E
                                          Serial:731D40AE3F3A1FB2BC3D8395

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x880cd0x4a.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x8a0000x14003.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x9a8000x3140.rsrc
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xa00000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000x8611d0x86200False0.959510426375data7.95282361002IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rsrc0x8a0000x140030x14200False0.831982725155data7.61557514964IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xa00000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_ICON0x8a09c0x568GLS_BINARY_LSB_FIRST
                                          RT_ICON0x8a6280x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0
                                          RT_ICON0x8aef40xea8data
                                          RT_ICON0x8bdc00x468GLS_BINARY_LSB_FIRST
                                          RT_ICON0x8c24c0x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                          RT_ICON0x8d3180x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                          RT_ICON0x8f8e40xd646PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                          RT_GROUP_ICON0x9cf660x68data
                                          RT_VERSION0x9d00a0x368data
                                          RT_MANIFEST0x9d3ae0xc55XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 18, 2020 05:48:18.525491953 CET4973580192.168.2.3208.95.112.1
                                          Nov 18, 2020 05:48:18.556354046 CET8049735208.95.112.1192.168.2.3
                                          Nov 18, 2020 05:48:18.556437969 CET4973580192.168.2.3208.95.112.1
                                          Nov 18, 2020 05:48:18.556812048 CET4973580192.168.2.3208.95.112.1
                                          Nov 18, 2020 05:48:18.587726116 CET8049735208.95.112.1192.168.2.3
                                          Nov 18, 2020 05:48:18.638310909 CET4973580192.168.2.3208.95.112.1
                                          Nov 18, 2020 05:48:19.751044989 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:48:19.984572887 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:48:19.984734058 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:48:20.218857050 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:48:20.263480902 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:48:20.783591032 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:48:21.018487930 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:48:21.060591936 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:48:46.031399965 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:48:46.265988111 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:48:46.294056892 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:48:46.294157982 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:49:11.283453941 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:49:11.516608000 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:49:11.533206940 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:49:11.533683062 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:49:32.079123974 CET8049735208.95.112.1192.168.2.3
                                          Nov 18, 2020 05:49:32.079448938 CET4973580192.168.2.3208.95.112.1
                                          Nov 18, 2020 05:49:36.519959927 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:49:36.753957987 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:49:36.774738073 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:49:36.774939060 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:49:58.611615896 CET4973580192.168.2.3208.95.112.1
                                          Nov 18, 2020 05:49:58.642582893 CET8049735208.95.112.1192.168.2.3
                                          Nov 18, 2020 05:50:01.787627935 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:50:02.125547886 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:50:27.009057045 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:50:27.009284019 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:50:27.133411884 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:50:27.365962982 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:50:52.246691942 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:50:52.246948004 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:50:52.373559952 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:50:52.606232882 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:51:17.475369930 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:51:17.475509882 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:51:17.610186100 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:51:17.842860937 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:51:42.710359097 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:51:42.710527897 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:51:42.846751928 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:51:43.079406023 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:07.948128939 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:07.948257923 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:08.083033085 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:08.315323114 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:33.186500072 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:33.188303947 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:33.320658922 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:33.552930117 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:35.871159077 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:35.871495008 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:35.871567011 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:35.871581078 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:35.871627092 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:35.871773005 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.104974985 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105020046 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105078936 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105122089 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105211020 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105252981 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.105282068 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.105376005 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105456114 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105468988 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.105578899 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.105665922 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.339184999 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.339503050 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.339589119 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.339943886 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340055943 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340131998 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.340162992 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340217113 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340281963 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.340287924 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340622902 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340780973 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340825081 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340882063 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340892076 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.340925932 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.340977907 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.341006041 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.341070890 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.341137886 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.341173887 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.341243982 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.341303110 CET497364782192.168.2.3185.244.26.221
                                          Nov 18, 2020 05:52:36.572417021 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.572464943 CET478249736185.244.26.221192.168.2.3
                                          Nov 18, 2020 05:52:36.572628021 CET497364782192.168.2.3185.244.26.221

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 18, 2020 05:47:50.012521982 CET5014153192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:50.048382998 CET53501418.8.8.8192.168.2.3
                                          Nov 18, 2020 05:47:51.043196917 CET5302353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:51.070591927 CET53530238.8.8.8192.168.2.3
                                          Nov 18, 2020 05:47:52.042040110 CET4956353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:52.069349051 CET53495638.8.8.8192.168.2.3
                                          Nov 18, 2020 05:47:52.983020067 CET5135253192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:53.010381937 CET53513528.8.8.8192.168.2.3
                                          Nov 18, 2020 05:47:53.781693935 CET5934953192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:53.809468031 CET53593498.8.8.8192.168.2.3
                                          Nov 18, 2020 05:47:56.386013985 CET5708453192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:56.413583040 CET53570848.8.8.8192.168.2.3
                                          Nov 18, 2020 05:47:59.936918020 CET5882353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:47:59.964804888 CET53588238.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:01.808809042 CET5756853192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:01.844299078 CET53575688.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:02.866597891 CET5054053192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:02.893863916 CET53505408.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:05.870398998 CET5436653192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:05.897926092 CET53543668.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:05.942739964 CET5303453192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:05.970174074 CET53530348.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:06.722620010 CET5776253192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:06.750351906 CET53577628.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:09.962953091 CET5543553192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:09.990643024 CET53554358.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:11.889908075 CET5071353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:11.917452097 CET53507138.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:12.983668089 CET5613253192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:13.011457920 CET53561328.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:14.170641899 CET5898753192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:14.222070932 CET53589878.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:18.481765032 CET5657953192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:18.509390116 CET53565798.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:19.676497936 CET6063353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:19.720848083 CET53606338.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:20.004332066 CET6129253192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:20.032116890 CET53612928.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:29.786113024 CET6361953192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:29.824052095 CET53636198.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:39.943408012 CET6493853192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:39.971239090 CET53649388.8.8.8192.168.2.3
                                          Nov 18, 2020 05:48:42.993231058 CET6194653192.168.2.38.8.8.8
                                          Nov 18, 2020 05:48:43.030543089 CET53619468.8.8.8192.168.2.3
                                          Nov 18, 2020 05:49:14.649454117 CET6491053192.168.2.38.8.8.8
                                          Nov 18, 2020 05:49:14.677381039 CET53649108.8.8.8192.168.2.3
                                          Nov 18, 2020 05:49:15.810158968 CET5212353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:49:15.854407072 CET53521238.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:30.843565941 CET5613053192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:30.895143986 CET53561308.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:31.429007053 CET5633853192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:31.467190981 CET53563388.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:31.871423006 CET5942053192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:31.907816887 CET53594208.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:32.373737097 CET5878453192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:32.422290087 CET53587848.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:32.810376883 CET6397853192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:32.845983982 CET53639788.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:33.219400883 CET6293853192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:33.255281925 CET53629388.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:33.778590918 CET5570853192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:33.814464092 CET53557088.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:34.817584991 CET5680353192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:34.853290081 CET53568038.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:35.515963078 CET5714553192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:35.551986933 CET53571458.8.8.8192.168.2.3
                                          Nov 18, 2020 05:50:35.847608089 CET5535953192.168.2.38.8.8.8
                                          Nov 18, 2020 05:50:35.874603033 CET53553598.8.8.8192.168.2.3
                                          Nov 18, 2020 05:52:31.505094051 CET5830653192.168.2.38.8.8.8
                                          Nov 18, 2020 05:52:31.542376995 CET53583068.8.8.8192.168.2.3
                                          Nov 18, 2020 05:52:32.180982113 CET6412453192.168.2.38.8.8.8
                                          Nov 18, 2020 05:52:32.226928949 CET53641248.8.8.8192.168.2.3
                                          Nov 18, 2020 05:52:35.734662056 CET4936153192.168.2.38.8.8.8
                                          Nov 18, 2020 05:52:35.778562069 CET53493618.8.8.8192.168.2.3
                                          Nov 18, 2020 05:52:38.909137964 CET6315053192.168.2.38.8.8.8
                                          Nov 18, 2020 05:52:38.944977999 CET53631508.8.8.8192.168.2.3
                                          Nov 18, 2020 05:52:39.208183050 CET5327953192.168.2.38.8.8.8
                                          Nov 18, 2020 05:52:39.244232893 CET53532798.8.8.8192.168.2.3

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Nov 18, 2020 05:48:18.481765032 CET192.168.2.38.8.8.80xda1dStandard query (0)ip-api.comA (IP address)IN (0x0001)
                                          Nov 18, 2020 05:48:19.676497936 CET192.168.2.38.8.8.80x43a3Standard query (0)devils.shacknet.usA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Nov 18, 2020 05:48:18.509390116 CET8.8.8.8192.168.2.30xda1dNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)
                                          Nov 18, 2020 05:48:19.720848083 CET8.8.8.8192.168.2.30x43a3No error (0)devils.shacknet.us185.244.26.221A (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • ip-api.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.349735208.95.112.180C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          TimestampkBytes transferredDirectionData
                                          Nov 18, 2020 05:48:18.556812048 CET339OUTGET /json/ HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
                                          Host: ip-api.com
                                          Connection: Keep-Alive
                                          Nov 18, 2020 05:48:18.587726116 CET339INHTTP/1.1 200 OK
                                          Date: Wed, 18 Nov 2020 04:48:17 GMT
                                          Content-Type: application/json; charset=utf-8
                                          Content-Length: 281
                                          Access-Control-Allow-Origin: *
                                          X-Ttl: 60
                                          X-Rl: 44
                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 72 65 67 69 6f 6e 22 3a 22 5a 48 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 5a 75 72 69 63 68 22 2c 22 63 69 74 79 22 3a 22 5a 75 72 69 63 68 22 2c 22 7a 69 70 22 3a 22 38 31 35 32 22 2c 22 6c 61 74 22 3a 34 37 2e 34 33 2c 22 6c 6f 6e 22 3a 38 2e 35 37 31 38 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 69 73 70 22 3a 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 6f 72 67 22 3a 22 43 64 6e 37 37 20 5a 55 52 20 49 54 58 22 2c 22 61 73 22 3a 22 41 53 36 30 30 36 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 71 75 65 72 79 22 3a 22 38 34 2e 31 37 2e 35 32 2e 34 30 22 7d
                                          Data Ascii: {"status":"success","country":"Switzerland","countryCode":"CH","region":"ZH","regionName":"Zurich","city":"Zurich","zip":"8152","lat":47.43,"lon":8.5718,"timezone":"Europe/Zurich","isp":"Datacamp Limited","org":"Cdn77 ZUR ITX","as":"AS60068 Datacamp Limited","query":"84.17.52.40"}


                                          Code Manipulations

                                          Statistics

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 2764 Parent PID: 5664

                                          General

                                          Start time:05:47:44
                                          Start date:18/11/2020
                                          Path:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe'
                                          Imagebase:0xb40000
                                          File size:645440 bytes
                                          MD5 hash:DC8D9C9A86FE4830053697C1DC59DC6F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.269160984.0000000004035000.00000004.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Analysis Process: CDC GUIDES COVID-19 Second Outbreak Warning release.exe PID: 5820 Parent PID: 2764

                                          General

                                          Start time:05:48:15
                                          Start date:18/11/2020
                                          Path:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\Desktop\CDC GUIDES COVID-19 Second Outbreak Warning release.exe
                                          Imagebase:0xb00000
                                          File size:645440 bytes
                                          MD5 hash:DC8D9C9A86FE4830053697C1DC59DC6F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.831738365.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Analysis Process: vlc.exe PID: 6588 Parent PID: 3388

                                          General

                                          Start time:05:48:25
                                          Start date:18/11/2020
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                                          Imagebase:0x340000
                                          File size:645440 bytes
                                          MD5 hash:DC8D9C9A86FE4830053697C1DC59DC6F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000000E.00000002.355201046.00000000037C5000.00000004.00000001.sdmp, Author: Joe Security
                                          Antivirus matches:
                                          • Detection: 12%, ReversingLabs
                                          Reputation:low

                                          Analysis Process: vlc.exe PID: 6824 Parent PID: 3388

                                          General

                                          Start time:05:48:34
                                          Start date:18/11/2020
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                                          Imagebase:0x600000
                                          File size:645440 bytes
                                          MD5 hash:DC8D9C9A86FE4830053697C1DC59DC6F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000000F.00000002.372345849.0000000003BE5000.00000004.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Analysis Process: vlc.exe PID: 2172 Parent PID: 6588

                                          General

                                          Start time:05:48:54
                                          Start date:18/11/2020
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Imagebase:0xdf0000
                                          File size:645440 bytes
                                          MD5 hash:DC8D9C9A86FE4830053697C1DC59DC6F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000014.00000002.358547843.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Analysis Process: vlc.exe PID: 4080 Parent PID: 6824

                                          General

                                          Start time:05:49:03
                                          Start date:18/11/2020
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                          Imagebase:0xca0000
                                          File size:645440 bytes
                                          MD5 hash:DC8D9C9A86FE4830053697C1DC59DC6F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000015.00000002.376779243.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Analysis Process: 9FFWrx9i8Kuq.exe PID: 496 Parent PID: 5820

                                          General

                                          Start time:05:52:36
                                          Start date:18/11/2020
                                          Path:C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Local\Temp\9FFWrx9i8Kuq.exe
                                          Imagebase:0xf20000
                                          File size:287120 bytes
                                          MD5 hash:082B27BB1AAA169A5D0C4CD536976F99
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Antivirus matches:
                                          • Detection: 100%, Joe Sandbox ML
                                          Reputation:low

                                          Disassembly

                                          Code Analysis

                                          Reset < >