Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.MulDrop15.61981.23282.23831

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.MulDrop15.61981.23282.23831 (renamed file extension from 23831 to exe)
Analysis ID:323821
MD5:b7679c443e22238291f5603f016ff56e
SHA1:8e17bee5c61b8383a3ad6f16701a204a62f6d05a
SHA256:be48a66b718f94c2379453ff845e0047504573e3c0e1a9f7ab3011dab1c06b57
Tags:AgentTesla

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Modifies the hosts file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • vlc.exe (PID: 6360 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe' MD5: B7679C443E22238291F5603F016FF56E)
    • vlc.exe (PID: 2504 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: B7679C443E22238291F5603F016FF56E)
  • vlc.exe (PID: 6652 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe' MD5: B7679C443E22238291F5603F016FF56E)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "7C1PT6er97z7if", "URL: ": "http://9346p4IyJGSfBUnad7m.com", "To: ": "j.koskela@yandex.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "ZBKqjHkUYjIYCut", "From: ": "j.koskela@yandex.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000001.00000002.278353897.0000000002481000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 14 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              15.2.vlc.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.6956.4.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "7C1PT6er97z7if", "URL: ": "http://9346p4IyJGSfBUnad7m.com", "To: ": "j.koskela@yandex.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "ZBKqjHkUYjIYCut", "From: ": "j.koskela@yandex.com"}
                Multi AV Scanner detection for dropped fileShow sources
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeReversingLabs: Detection: 31%
                Multi AV Scanner detection for submitted fileShow sources
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeVirustotal: Detection: 32%Perma Link
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeReversingLabs: Detection: 31%
                Machine Learning detection for dropped fileShow sources
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJoe Sandbox ML: detected
                Machine Learning detection for sampleShow sources
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeJoe Sandbox ML: detected
                Source: 4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                Source: 15.2.vlc.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

                Networking:

                barindex
                May check the online IP address of the machineShow sources
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Joe Sandbox ViewIP Address: 54.235.142.93 54.235.142.93
                Source: Joe Sandbox ViewIP Address: 54.235.142.93 54.235.142.93
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS traffic detected: queries for: g.msn.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513567379.0000000003783000.00000004.00000001.sdmpString found in binary or memory: http://9346p4IyJGSfBUnad7m.=
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmpString found in binary or memory: http://9346p4IyJGSfBUnad7m.com
                Source: vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0h
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.509928930.0000000001763000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.509928930.0000000001763000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidationR5
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511543091.00000000034EB000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://crls.yandex.net/certum/ycasha2.crl0-
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.243783276.00000000053FD000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.243783276.00000000053FD000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.comh
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511543091.00000000034EB000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.509928930.0000000001763000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                Source: vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpString found in binary or memory: http://pYJvKF.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ca.cer09
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ycasha2.cer0
                Source: vlc.exeString found in binary or memory: http://schemas.microso
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://smtp.yandex.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com0.
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246384080.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com.
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comT
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comt
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://www.certum.pl/CPS0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html(
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comW.TTF
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.281706001.00000000053C0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comdia
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comdma
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.281706001.00000000053C0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.come.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comldF
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.281706001.00000000053C0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245953813.00000000053C7000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245508386.00000000053C6000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245508386.00000000053C6000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245953813.00000000053C7000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245953813.00000000053C7000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnT
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.253825973.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.253563878.00000000053E9000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr-iY
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.247140678.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/C
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.247140678.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/L
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.247934088.00000000053CE000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krP
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krcomimB
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kre
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krorm
                Source: vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245968295.00000000053C2000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com;
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245906224.00000000053CE000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.como2jr
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244030655.00000000053FD000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.net
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244129486.00000000053FD000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.net1
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244407765.00000000053FD000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.nets
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244129486.00000000053FD000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netu
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246384080.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnH
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246384080.00000000053C5000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnue
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0q
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: http://yandex.ocsp-responder.com03
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org/
                Source: vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.orgGETMozilla/5.0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeString found in binary or memory: https://discord.com/
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeString found in binary or memory: https://discord.com/4
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeString found in binary or memory: https://discord.com/8
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511543091.00000000034EB000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpString found in binary or memory: https://www.certum.pl/CPS0
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443

                Spam, unwanted Advertisements and Ransom Demands:

                barindex
                Modifies the hosts fileShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_00A4C284
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_00A4E640
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_00A4E650
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_06ACC6F8
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_06ACBE28
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_06ACBAE0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_01944800
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_019447B3
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_019447F3
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_05F57538
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_05F594F8
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_05F56C68
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072D0346
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072D5E28
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072D7228
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072D9AB0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072DE938
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072DA420
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_05F52670
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_05F52602
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_0297C284
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_0297E650
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_0297E640
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DEC6F8
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DEBE28
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DEDD88
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DEBAE0
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E5BE48
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E54AEE
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E54AF0
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E50B40
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E508C8
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E508BB
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E5094B
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: vlc.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: vlc.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: vlc.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClassLibrary3.dll< vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCulVFjlhGnGAyXhkxkWFpnyXNQrnUykLXhR.exe4 vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.277018085.0000000000062000.00000002.00020000.sdmpBinary or memory string: OriginalFilename0mrxdv.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278801335.0000000003481000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameXmbmldyr.dll4 vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000003.00000002.273934328.0000000000192000.00000002.00020000.sdmpBinary or memory string: OriginalFilename0mrxdv.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.508942062.000000000168A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCulVFjlhGnGAyXhkxkWFpnyXNQrnUykLXhR.exe4 vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.506619680.0000000000F62000.00000002.00020000.sdmpBinary or memory string: OriginalFilename0mrxdv.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.517916958.0000000006C40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeBinary or memory string: OriginalFilename0mrxdv.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: vlc.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@9/6@5/1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeVirustotal: Detection: 32%
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeReversingLabs: Detection: 31%
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe'
                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_00A4FAE4 pushfd ; iretd
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 1_2_00A4FA10 push esp; iretd
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeCode function: 4_2_072DE138 pushad ; retf
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_0297FAE4 pushfd ; iretd
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_0297FA10 push esp; iretd
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DEEE10 push ebp; ret
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DE2FF3 push es; iretd
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DEEA7A pushfd ; retf
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06DE301D push es; ret
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E514C1 push es; ret
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E5CA20 push eax; iretd
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E5CA2B pushfd ; iretd
                Source: initial sampleStatic PE information: section name: .text entropy: 7.96407261365
                Source: initial sampleStatic PE information: section name: .text entropy: 7.96407261365
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: vlc.exe.1.dr, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: vlc.exe.1.dr, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 1.0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.60000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 1.0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.60000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 1.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.60000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 1.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.60000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 3.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.190000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 3.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.190000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 3.0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.190000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 3.0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.190000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 4.0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.f60000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 4.0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.f60000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.f60000.1.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.f60000.1.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 12.0.vlc.exe.6e0000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 12.0.vlc.exe.6e0000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 12.2.vlc.exe.6e0000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 12.2.vlc.exe.6e0000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 13.0.vlc.exe.e30000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 13.0.vlc.exe.e30000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 13.2.vlc.exe.e30000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 13.2.vlc.exe.e30000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 15.2.vlc.exe.f70000.1.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 15.2.vlc.exe.f70000.1.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: 15.0.vlc.exe.f70000.0.unpack, yfREwUKaTD0wPBlkBE/vf8L954yCm8LZ54oRw.csHigh entropy of concatenated method names: '.ctor', 'vf84L95yC', 'e8LKZ54oR', 'xMffREwUa', 'Dispose', 'JD0bwPBlk', 'S7OVrxUB62AQ3I1qks', 'GncbsTPSNfAE8TIK6D', 'aUtu5VweCAV0DnnIK0', 'bo6cX3rUYkkkvFMWem'
                Source: 15.0.vlc.exe.f70000.0.unpack, VJd1TQFmRcd4tLjE5x/AyHZGMmym37msV77u2.csHigh entropy of concatenated method names: 'D779u2QJd', 'HTQImRcd4', 'ULj7E5xy9', 'Kcgak04k9', 'xYWHES7UA', 'XNwJ4MWZ0', '.ctor', '.cctor', 'B3LXdL43xMwIjd8BJx', 'nLyOVHVla4P0mkCAhk'
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to dropped file
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe\:Zone.Identifier:$DATAJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion:

                barindex
                Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.326972792.0000000002B91000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWindow / User API: threadDelayed 1538
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWindow / User API: threadDelayed 8312
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWindow / User API: threadDelayed 2553
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWindow / User API: threadDelayed 7297
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe TID: 6616Thread sleep count: 64 > 30
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe TID: 6632Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe TID: 5516Thread sleep time: -17524406870024063s >= -30000s
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe TID: 320Thread sleep count: 1538 > 30
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe TID: 320Thread sleep count: 8312 > 30
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6504Thread sleep count: 64 > 30
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6496Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6640Thread sleep count: 64 > 30
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6420Thread sleep time: -17524406870024063s >= -30000s
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6336Thread sleep count: 2553 > 30
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6336Thread sleep count: 7297 > 30
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: vlc.exe, 0000000C.00000002.326972792.0000000002B91000.00000004.00000001.sdmpBinary or memory string: vmware
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.509672752.00000000016F1000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess information queried: ProcessInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeMemory allocated: page read and write | page guard

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe base: 400000 value starts with: 4D5A
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A
                Modifies the hosts fileShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511281576.0000000001EF0000.00000002.00000001.sdmp, vlc.exe, 0000000F.00000002.509410545.0000000001DF0000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511281576.0000000001EF0000.00000002.00000001.sdmp, vlc.exe, 0000000F.00000002.509410545.0000000001DF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511281576.0000000001EF0000.00000002.00000001.sdmp, vlc.exe, 0000000F.00000002.509410545.0000000001DF0000.00000002.00000001.sdmpBinary or memory string: Progman
                Source: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511281576.0000000001EF0000.00000002.00000001.sdmp, vlc.exe, 0000000F.00000002.509410545.0000000001DF0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 12_2_06E5A610 GetUserNameA,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                Lowering of HIPS / PFW / Operating System Security Settings:

                barindex
                Modifies the hosts fileShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

                Stealing of Sensitive Information:

                barindex
                Yara detected AgentTeslaShow sources
                Source: Yara matchFile source: 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.278353897.0000000002481000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.327636226.0000000002CB6000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.278801335.0000000003481000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2504, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6612, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6956, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6360, type: MEMORY
                Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Tries to steal Mail credentials (via file access)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                Source: Yara matchFile source: 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2504, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6956, type: MEMORY

                Remote Access Functionality:

                barindex
                Yara detected AgentTeslaShow sources
                Source: Yara matchFile source: 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.278353897.0000000002481000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.327636226.0000000002CB6000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.278801335.0000000003481000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 2504, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6612, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6956, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6360, type: MEMORY
                Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 15.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management Instrumentation221Registry Run Keys / Startup Folder11Process Injection112File and Directory Permissions Modification1OS Credential Dumping1Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Disable or Modify Tools1Credentials in Registry1System Information Discovery124Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Security Account ManagerQuery Registry1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing3NTDSSecurity Software Discovery321Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsVirtualization/Sandbox Evasion14SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion14Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Network Configuration Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 323821 Sample: SecuriteInfo.com.Trojan.Mul... Startdate: 27/11/2020 Architecture: WINDOWS Score: 100 32 smtp.yandex.ru 2->32 34 smtp.yandex.com 2->34 36 g.msn.com 2->36 52 Found malware configuration 2->52 54 Multi AV Scanner detection for dropped file 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 7 other signatures 2->58 7 SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe 1 6 2->7         started        11 vlc.exe 3 2->11         started        13 vlc.exe 2 2->13         started        signatures3 process4 file5 26 C:\Users\user\AppData\Roaming\...\vlc.exe, PE32 7->26 dropped 28 C:\Users\user\...\vlc.exe:Zone.Identifier, ASCII 7->28 dropped 30 SecuriteInfo.com.T...61981.23282.exe.log, ASCII 7->30 dropped 60 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->60 62 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->62 64 Injects a PE file into a foreign processes 7->64 15 SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe 15 2 7->15         started        19 SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe 7->19         started        21 vlc.exe 2 11->21         started        signatures6 process7 dnsIp8 38 elb097307-934924932.us-east-1.elb.amazonaws.com 54.235.142.93, 443, 49752 AMAZON-AESUS United States 15->38 40 nagano-19599.herokussl.com 15->40 42 api.ipify.org 15->42 44 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->44 46 Tries to steal Mail credentials (via file access) 15->46 48 Tries to harvest and steal browser information (history, passwords, etc) 15->48 50 Modifies the hosts file 15->50 24 C:\Windows\System32\drivers\etc\hosts, ASCII 21->24 dropped file9 signatures10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe32%VirustotalBrowse
                SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe31%ReversingLabsByteCode-MSIL.Infostealer.Maslog
                SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe31%ReversingLabsByteCode-MSIL.Infostealer.Maslog

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                4.2.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                15.2.vlc.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.sandoll.co.krcomimB0%Avira URL Cloudsafe
                http://www.tiro.com;0%Avira URL Cloudsafe
                http://9346p4IyJGSfBUnad7m.=0%Avira URL Cloudsafe
                http://www.sandoll.co.krorm0%Avira URL Cloudsafe
                http://www.zhongyicts.com.cnue0%Avira URL Cloudsafe
                http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cnT0%Avira URL Cloudsafe
                http://9346p4IyJGSfBUnad7m.com0%Avira URL Cloudsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://discord.com/0%URL Reputationsafe
                https://discord.com/0%URL Reputationsafe
                https://discord.com/0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.carterandcone.com.0%URL Reputationsafe
                http://www.carterandcone.com.0%URL Reputationsafe
                http://www.carterandcone.com.0%URL Reputationsafe
                http://www.fontbureau.comldF0%Avira URL Cloudsafe
                http://www.goodfont.co.kr-iY0%Avira URL Cloudsafe
                http://www.tiro.como2jr0%Avira URL Cloudsafe
                https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://schemas.microso0%Avira URL Cloudsafe
                http://subca.ocsp-certum.com0.0%URL Reputationsafe
                http://subca.ocsp-certum.com0.0%URL Reputationsafe
                http://subca.ocsp-certum.com0.0%URL Reputationsafe
                http://www.fontbureau.comdia0%Avira URL Cloudsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://www.fontbureau.comdma0%Avira URL Cloudsafe
                http://www.typography.net0%URL Reputationsafe
                http://www.typography.net0%URL Reputationsafe
                http://www.typography.net0%URL Reputationsafe
                http://www.sandoll.co.krP0%Avira URL Cloudsafe
                http://subca.ocsp-certum.com010%URL Reputationsafe
                http://subca.ocsp-certum.com010%URL Reputationsafe
                http://subca.ocsp-certum.com010%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://pYJvKF.com0%Avira URL Cloudsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://fontfabrik.comh0%Avira URL Cloudsafe
                http://www.carterandcone.comT0%Avira URL Cloudsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.typography.net10%Avira URL Cloudsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                http://www.galapagosdesign.com/0%URL Reputationsafe
                http://www.galapagosdesign.com/0%URL Reputationsafe
                http://www.galapagosdesign.com/0%URL Reputationsafe
                http://DynDns.comDynDNS0%URL Reputationsafe
                http://DynDns.comDynDNS0%URL Reputationsafe
                http://DynDns.comDynDNS0%URL Reputationsafe
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                http://www.fontbureau.comW.TTF0%Avira URL Cloudsafe
                http://www.jiyu-kobo.co.jp/L0%Avira URL Cloudsafe
                http://www.jiyu-kobo.co.jp/C0%Avira URL Cloudsafe
                http://www.sandoll.co.kre0%Avira URL Cloudsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.fontbureau.comd0%URL Reputationsafe
                http://www.fontbureau.comd0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                elb097307-934924932.us-east-1.elb.amazonaws.com
                		54.235.142.93
                		truefalse
                  		high
                  smtp.yandex.ru
                  		77.88.21.158
                  		truefalse
                    		high
                    smtp.yandex.com
                    		unknown
                    		unknownfalse
                      		high
                      g.msn.com
                      		unknown
                      		unknownfalse
                        		high
                        api.ipify.org
                        		unknown
                        		unknownfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.sandoll.co.krcomimBSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.tiro.com;SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245968295.00000000053C2000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://9346p4IyJGSfBUnad7m.=SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513567379.0000000003783000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://www.sandoll.co.krormSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.zhongyicts.com.cnueSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246384080.00000000053C5000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://127.0.0.1:HTTP/1.1SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://www.fontbureau.com/designersGSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/frere-jones.html(SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers/?SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers?SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                  		high
                                  http://yandex.crl.certum.pl/ycasha2.crl0qSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cnTSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245953813.00000000053C7000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://9346p4IyJGSfBUnad7m.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.tiro.comvlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://discord.com/SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exefalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersvlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.goodfont.co.krSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.carterandcone.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246384080.00000000053C5000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.carterandcone.com.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comldFSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.goodfont.co.kr-iYSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.tiro.como2jrSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245906224.00000000053CE000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://api.ipify.orgGETMozilla/5.0vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sajatypeworks.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.microsovlc.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://subca.ocsp-certum.com0.SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comdiaSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.281706001.00000000053C0000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.typography.netDSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://repository.certum.pl/ca.cer09SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.253563878.00000000053E9000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://api.ipify.orgSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmpfalse
                                          		high
                                          http://fontfabrik.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.243783276.00000000053FD000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.comdmaSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.typography.netSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244030655.00000000053FD000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sandoll.co.krPSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://subca.ocsp-certum.com01SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://pYJvKF.comvlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fonts.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.comhSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.243783276.00000000053FD000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.carterandcone.comTSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.typography.net1SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244129486.00000000053FD000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.sakkal.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.247934088.00000000053CE000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.certum.pl/CPS0SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                		high
                                                http://repository.certum.pl/ycasha2.cer0SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://api.ipify.org/SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.galapagosdesign.com/SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.253825973.00000000053C2000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://DynDns.comDynDNSvlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://repository.certum.pl/ctnca.cer09SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://crl.certum.pl/ctnca.crl0kSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.comW.TTFSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.jiyu-kobo.co.jp/LSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.247140678.00000000053C2000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.carterandcone.comtSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246769951.00000000053C3000.00000004.00000001.sdmpfalse
                                                              		unknown
                                                              http://www.jiyu-kobo.co.jp/CSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.247140678.00000000053C2000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.certum.pl/CPS0SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.sandoll.co.kreSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245272016.00000000053C5000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.fontbureau.comaSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.comdSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.come.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.281706001.00000000053C0000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://smtp.yandex.comSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.carterandcone.comlSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://yandex.ocsp-responder.com03SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.founder.com.cn/cn/SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245508386.00000000053C6000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cnSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245953813.00000000053C7000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245508386.00000000053C6000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.founder.com.cn/cn0SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.245953813.00000000053C7000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      https://discord.com/4SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exefalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://crls.yandex.net/certum/ycasha2.crl0-SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://discord.com/8SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exefalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://api.telegram.org/bot%telegramapi%/SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, vlc.exe, 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.fontbureau.commSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.249917158.00000000053C2000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.fontbureau.comoSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.281706001.00000000053C0000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.fontbureau.com/designers8SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000002.283257861.00000000065D2000.00000004.00000001.sdmp, vlc.exe, 0000000C.00000002.332573233.0000000005AD0000.00000002.00000001.sdmp, vlc.exe, 0000000D.00000002.337484757.0000000006220000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.typography.netsSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244407765.00000000053FD000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.typography.netuSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.244129486.00000000053FD000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://crl.certum.pl/ca.crl0hSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.513449154.0000000003776000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://secure.comodo.com/CPS0SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511543091.00000000034EB000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.zhongyicts.com.cnHSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000001.00000003.246384080.00000000053C5000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------xSecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe, 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, vlc.exe, 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmpfalse
                                                                                  		high

                                                                                  Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  54.235.142.93
                                                                                  		unknownUnited States
                                                                                  		14618AMAZON-AESUSfalse

                                                                                  General Information

                                                                                  Joe Sandbox Version:31.0.0 Red Diamond
                                                                                  Analysis ID:323821
                                                                                  Start date:27.11.2020
                                                                                  Start time:15:47:30
                                                                                  Joe Sandbox Product:CloudBasic
                                                                                  Overall analysis duration:0h 12m 40s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:light
                                                                                  Sample file name:SecuriteInfo.com.Trojan.MulDrop15.61981.23282.23831 (renamed file extension from 23831 to exe)
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                  Number of analysed new started processes analysed:26
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • HDC enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.adwa.spyw.evad.winEXE@9/6@5/1
                                                                                  EGA Information:Failed
                                                                                  HDC Information:
                                                                                  • Successful, ratio: 22% (good quality ratio 17.1%)
                                                                                  • Quality average: 69.6%
                                                                                  • Quality standard deviation: 37.6%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 99%
                                                                                  • Number of executed functions: 0
                                                                                  • Number of non-executed functions: 0
                                                                                  Cookbook Comments:
                                                                                  • Adjust boot time
                                                                                  • Enable AMSI
                                                                                  Warnings:
                                                                                  Show All
                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 52.255.188.83, 23.210.248.85, 51.104.139.180, 52.147.198.201, 8.241.9.254, 8.241.11.254, 8.241.11.126, 8.248.117.254, 8.248.131.254, 40.67.251.132, 52.155.217.156, 20.54.26.129, 52.142.114.176, 92.122.213.194, 92.122.213.247
                                                                                  • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, g-msn-com-nsatc.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, par02p.wns.notify.windows.com.akadns.net, db5p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net
                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  15:48:42AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run vlc "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"
                                                                                  15:48:50AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run vlc "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"
                                                                                  15:49:04API Interceptor652x Sleep call for process: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe modified
                                                                                  15:49:22API Interceptor511x Sleep call for process: vlc.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  54.235.142.93SecuriteInfo.com.Artemis770794B83E35.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  Response_to_Motion_to_Vacate.docGet hashmaliciousBrowse
                                                                                  • api.ipify.org/?format=xml
                                                                                  Shipping-Document.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  RVAgYSH2qh.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/?format=xml
                                                                                  BUILDING ORDER_PROPERTY SPECS.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  1118_8732615.docGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  XN33CLWH.EXEGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  Al-Hbb_Doc-EUR_Pdf.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  YV2q4nAPVQ.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  1105_748543.docGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  174028911-035110-sanlccjavap0004-1.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  RFQ-NOV-2020.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  OZmn6gKEgi.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/
                                                                                  WFDKJ4wsQ6.exeGet hashmaliciousBrowse
                                                                                  • api.ipify.org/

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  smtp.yandex.ru#A06578987.xlsmGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  ORDER INQUIRY 1.xlsxGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  ORDER INQUIRY 2.xlsxGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  yNOCiwmRRMhHK0b.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  8399388448895pdf.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  a2PdLccwuz.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  Request for Quotation Website Inquiry - Information Designs and Specifications sheet 00011020020.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  Official Request for Quotation Reference Number 5670092 scan00029288.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  31.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  SecuriteInfo.com.Trojan.PackedNET.469.3076.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  productSpec_2141176 PHES.xlsxGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  VhkiqePZan.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  Request for Quotation for supply - specification and requirements for south american market.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  SecuriteInfo.com.Trojan.PackedNET.461.20928.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  CdmgSj4BO8.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  rURZ9qp1cE.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  kaeHibiTa3.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  ZBldmfU3KWpJB3r.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  RFQs.xlsmGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  nnab.exeGet hashmaliciousBrowse
                                                                                  • 77.88.21.158
                                                                                  elb097307-934924932.us-east-1.elb.amazonaws.comORDER.exeGet hashmaliciousBrowse
                                                                                  • 54.243.164.148
                                                                                  swift copy.exeGet hashmaliciousBrowse
                                                                                  • 23.21.42.25
                                                                                  26-11-20_Dhl_Signed_document-pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.225.220.115
                                                                                  Arrivalnotice2020pdf.exeGet hashmaliciousBrowse
                                                                                  • 174.129.214.20
                                                                                  lxpo.exeGet hashmaliciousBrowse
                                                                                  • 54.204.14.42
                                                                                  guy1.exeGet hashmaliciousBrowse
                                                                                  • 54.225.66.103
                                                                                  guy2.exeGet hashmaliciousBrowse
                                                                                  • 54.243.161.145
                                                                                  PO_0012009.xlsxGet hashmaliciousBrowse
                                                                                  • 23.21.252.4
                                                                                  5C.exeGet hashmaliciousBrowse
                                                                                  • 54.225.169.28
                                                                                  INV-6367-20_pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.225.66.103
                                                                                  #A06578987.xlsmGet hashmaliciousBrowse
                                                                                  • 54.204.14.42
                                                                                  SecuriteInfo.com.Variant.Bulz.233365.3916.exeGet hashmaliciousBrowse
                                                                                  • 23.21.252.4
                                                                                  https://sugar-stirring-mockingbird.glitch.me/#comp@hansi.atGet hashmaliciousBrowse
                                                                                  • 54.225.169.28
                                                                                  INVOICE.xlsxGet hashmaliciousBrowse
                                                                                  • 54.204.14.42
                                                                                  PR24869408-V2.PDF.exeGet hashmaliciousBrowse
                                                                                  • 174.129.214.20
                                                                                  Inquiry_pdf.exeGet hashmaliciousBrowse
                                                                                  • 23.21.42.25
                                                                                  98650107.pdf.exeGet hashmaliciousBrowse
                                                                                  • 23.21.42.25
                                                                                  #U00d6deme Onay#U0131 Makbuzu.exeGet hashmaliciousBrowse
                                                                                  • 174.129.214.20
                                                                                  1125_56873981.docGet hashmaliciousBrowse
                                                                                  • 54.243.161.145
                                                                                  yFD40YF4upaZQYL.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93

                                                                                  ASN

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  AMAZON-AESUSORDER.exeGet hashmaliciousBrowse
                                                                                  • 54.243.164.148
                                                                                  swift copy.exeGet hashmaliciousBrowse
                                                                                  • 23.21.42.25
                                                                                  26-11-20_Dhl_Signed_document-pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.225.220.115
                                                                                  Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                                  • 34.231.129.212
                                                                                  Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                                  • 52.205.236.122
                                                                                  https://is.gd/NLY8SbGet hashmaliciousBrowse
                                                                                  • 35.174.78.146
                                                                                  Arrivalnotice2020pdf.exeGet hashmaliciousBrowse
                                                                                  • 174.129.214.20
                                                                                  guy1.exeGet hashmaliciousBrowse
                                                                                  • 54.225.66.103
                                                                                  guy2.exeGet hashmaliciousBrowse
                                                                                  • 54.243.161.145
                                                                                  https://34.75.2o2.lol/XYWNc0aW9uPWwNsaWNrJngVybD1ovndHRwnczovL3NleY3wVyZWQtbG9naW4ubmV0nL3BhZ2VzLzQyY2FkNTJhZmU3YSZyZWNpcGllbnRfaWQ9NzM2OTg3ODg4JmNhbXBhaWduX3J1bl9pZD0zOTM3OTczGet hashmaliciousBrowse
                                                                                  • 3.215.226.95
                                                                                  https://bit.do/fLpprGet hashmaliciousBrowse
                                                                                  • 54.83.52.76
                                                                                  PO_0012009.xlsxGet hashmaliciousBrowse
                                                                                  • 23.21.252.4
                                                                                  https://webnavigator.co/?adprovider=AppFocus1&source=d-cp11560482685&group=cg60&device=c&keyword=&creative=477646941053&adposition=none&placement=www.123homeschool4me.com&target=segment_be_a_7802457135858218830&sl=&caid=11560482685&gw=1&test=%3a%2f%2fmailGet hashmaliciousBrowse
                                                                                  • 54.90.26.145
                                                                                  https://m365.eu.vadesecure.com/safeproxy/v4?f=xQsVwKRZoQHMcJWN90zqnir6G6pZJkmZJBUJoNEfoN5w0NIk94-OeCH1NldcAqKsz75KalR9dIZlPCJr1Ux0xQ&i=dKwbScfh0hAXC0Inkkq0sM5FeXPK9I7Ny4D2nAPOiEibKJwP2etJDqX8WzAoEu0mklzE6wT-r8I8OtTRdIg8Sg&k=EPqM&r=_vxI1MPLJP9RjHYc6dmEH2aQYLnm7iSEcU9gx_WNg2_vrJo8MeAqNzNCqHX9DNrQ&s=dbc75c7ed54466f34eeae3fd3b1612b20fb815efc99933570f78acd79467623c&u=https%3A%2F%2Femail.utest.com%2Fls%2Fclick%3Fupn%3DlGjzeq3i4yih7CYyWDD2uGWEioaO303Ya1CTzgGY6ZFHmgV-2FF-2FEWXdAYvLiLIvET2r-2BfuQ5qIL56xFMZkA-2F-2BXKhuWb2hSemZwMxFmG0rDjjP9tlrcROzWmQSAh2kMQamb79I1cx4-2Fvjhww3n8oZQi-2FnOhlQdbGdNxKrX28q7P-2FPufa0AAvr-2FvNJcD-2FrxpMHjDG9dPJU0WEGqi12uVZQLCz-2BjYAJF5yCzK-2FjUezEn2d6sv-2BTETl96ejjfG9yQ2VbdWqGp_snpiKdUCY2bDrEnMsWMAnz6f3HkWPd0oUIj3WsKz0V4NahNEm-2BJ9rDW2-2Fib8wsclxoRuHsrv-2B0aoCVw0ftXwGZJTPgQ4k6DZXQjAqFeejOYe-2FRbaSc1Yf5Xj5PUa6lKqmFYNWSkevePONwyMaBGxV4NDGtgMbAc7jyOEWYDUniHPiY87Lpiw631423FED14OvXIfrL7S45QvDvK6-2Fc04r-2B65lMxyCebYSr-2FOr4bCpGQ-3DGet hashmaliciousBrowse
                                                                                  • 52.202.11.207
                                                                                  https://webmail-re5rere.web.app/?emailtoken=test@test.com&domain=test.comGet hashmaliciousBrowse
                                                                                  • 34.236.142.3
                                                                                  5C.exeGet hashmaliciousBrowse
                                                                                  • 54.225.169.28
                                                                                  INV-6367-20_pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.225.66.103
                                                                                  #A06578987.xlsmGet hashmaliciousBrowse
                                                                                  • 54.204.14.42
                                                                                  https://email.utest.com/ls/click?upn=kHi9kJ2VFJGMl00Uc0lXdd7WKRMGsOIU4g4ei1d-2FX5m1QA-2FrT8Vl5L3Fk3cMytK6G9se1iMMnmCZDn1xIdrYiQ1p-2FwcQpvha0Cl5oPF0v81y5hgAsim7OqaA63T8LZn1UUJIEgydRUHiWwDj8GYDCxqGnV0O0rI4O7I6kSKWwA2QN6GRUB5jtLYkPnKAtjOoUgEhfuSimn9pHS78TURJ3gh4c37fJ5SLcFsdSMlL5cSNM599TAmyU83RYL5vT6LiS59Z_K8t8bbLaByOBk98eoL7OiHjGcOStuW9cK4Z47GjL3LOg6J63-2FMkWRpNoPmcLIu18HCMEgODcyx-2FUvVhPVIvmHjzJiqJBCjoeBbWoJaKrxsvgnkh140XYi8oSb4fB3DPwhOq9ho1ZQ40V7Ij7E76nndroD8i7Zx6K9k23tLqOPU-2BI4uv4B0Gy5ZNEnpZd7wg2RXwXNiQ76annNuw-2BlzoA5-2FGihgJE5sZwqDaPnA1XR7c-3DGet hashmaliciousBrowse
                                                                                  • 52.202.11.207
                                                                                  http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                  • 23.20.225.204

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  3b5074b1b5d032e5620f69f9f700ff0eORDER.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  Mixtec New Order And Price List Requsting Form_pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  swift copy.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  26-11-20_Dhl_Signed_document-pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  Arrivalnotice2020pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  SecuriteInfo.com.Mal.Generic-S.26042.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  guy1.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  guy2.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  Exodus.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  INV-6367-20_pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  #A06578987.xlsmGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  Order 51897.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  PR24869408-V2.PDF.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  98650107.pdf.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  #U00d6deme Onay#U0131 Makbuzu.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  Izezma64.dllGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  fuxenm32.dllGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  http://ancien-site-joomla.fr/build2.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  yFD40YF4upaZQYL.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93
                                                                                  ER mexico.exeGet hashmaliciousBrowse
                                                                                  • 54.235.142.93

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe.log
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):1391
                                                                                  Entropy (8bit):5.344111348947579
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4xLE4qE4W:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzh
                                                                                  MD5:E87C60A24438CC611338EA5ACB433A0A
                                                                                  SHA1:E0C6A7D5CFE32BB2178E71DEE79971A51697B7DD
                                                                                  SHA-256:80DAB47D7A9E233A692D10ACAF5793E34911836D36DB2E11BB7C5D42DE39782A
                                                                                  SHA-512:3DBD6773153DC9D05558ED491A92C9B4B72D594263D7BD2D06BDDCF09BE55477D35041145219A5E9A46B38575E5B60DA91C6870B2CA29A83388695AD389B8EBF
                                                                                  Malicious:true
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vlc.exe.log
                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1391
                                                                                  Entropy (8bit):5.344111348947579
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4xLE4qE4W:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzh
                                                                                  MD5:E87C60A24438CC611338EA5ACB433A0A
                                                                                  SHA1:E0C6A7D5CFE32BB2178E71DEE79971A51697B7DD
                                                                                  SHA-256:80DAB47D7A9E233A692D10ACAF5793E34911836D36DB2E11BB7C5D42DE39782A
                                                                                  SHA-512:3DBD6773153DC9D05558ED491A92C9B4B72D594263D7BD2D06BDDCF09BE55477D35041145219A5E9A46B38575E5B60DA91C6870B2CA29A83388695AD389B8EBF
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):518656
                                                                                  Entropy (8bit):7.09167824863409
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:KIZ3fgZbssXFtV1lZ09FQFFFFFFFFFFFFFFFFFFFFFRYH8txxxxxxxxxxxxxxxxU:KIhgdssXFt9ZIFqy
                                                                                  MD5:B7679C443E22238291F5603F016FF56E
                                                                                  SHA1:8E17BEE5C61B8383A3AD6F16701A204A62F6D05A
                                                                                  SHA-256:BE48A66B718F94C2379453FF845E0047504573E3C0E1A9F7AB3011DAB1C06B57
                                                                                  SHA-512:C9936D1382DFEC2E81E9DC26DD41D877734A89242DB847CC2C7B4CA5448AED0A4596220AB462A9EABA1A3866C23CB6544590AB3DDBF935E249409206B5AD56B3
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 31%
                                                                                  Reputation:low
                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+._.....................*........... ........@.. .......................@............@.....................................K........&................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc....&.......(..................@..@.reloc....... ......................@..B........................H........1..x7......o....h...s...........................................0...........(....86...8........E....C...8..._...8>....(.... .....:....&8.....(.... .....9....& ....8.....(....8.....(.... .....:....& ....8....*....0..I.......8*.......E........g...........<.......!...8.... ......8:....(.... ....8....*8\... ....(....9....&8....8.... ....8....s...... ....(....9~...&8t...s...... ....(....9b...&8X.....o......j<!... ....(....9>...&84.....o....8o.........(....r...p...........
                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe:Zone.Identifier
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):26
                                                                                  Entropy (8bit):3.95006375643621
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                  Malicious:true
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview: [ZoneTransfer]....ZoneId=0
                                                                                  C:\Windows\System32\drivers\etc\hosts
                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):11
                                                                                  Entropy (8bit):2.663532754804255
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:iLE:iLE
                                                                                  MD5:B24D295C1F84ECBFB566103374FB91C5
                                                                                  SHA1:6A750D3F8B45C240637332071D34B403FA1FF55A
                                                                                  SHA-256:4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4
                                                                                  SHA-512:9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA
                                                                                  Malicious:true
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: ..127.0.0.1

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Entropy (8bit):7.09167824863409
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                  File name:SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  File size:518656
                                                                                  MD5:b7679c443e22238291f5603f016ff56e
                                                                                  SHA1:8e17bee5c61b8383a3ad6f16701a204a62f6d05a
                                                                                  SHA256:be48a66b718f94c2379453ff845e0047504573e3c0e1a9f7ab3011dab1c06b57
                                                                                  SHA512:c9936d1382dfec2e81e9dc26dd41d877734a89242db847cc2c7b4ca5448aed0a4596220ab462a9eaba1a3866c23cb6544590ab3ddbf935e249409206b5ad56b3
                                                                                  SSDEEP:12288:KIZ3fgZbssXFtV1lZ09FQFFFFFFFFFFFFFFFFFFFFFRYH8txxxxxxxxxxxxxxxxU:KIhgdssXFt9ZIFqy
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+._.....................*........... ........@.. .......................@............@................................

                                                                                  File Icon

                                                                                  Icon Hash:d098909eaab2a282

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x43dcee
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                  Time Stamp:0x5FC02B97 [Thu Nov 26 22:26:31 2020 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:v4.0.30319
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  jmp dword ptr [00402000h]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3dca00x4b.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e0000x426b8.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x820000xc.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x20000x3bcf40x3be00False0.969606276096data7.96407261365IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0x3e0000x426b80x42800False0.409976356908data5.87107265414IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0x820000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountry
                                                                                  RT_ICON0x3e4c00x3acdPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                  RT_ICON0x41f900x668data
                                                                                  RT_ICON0x425f80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4287137928, next used block 12320655
                                                                                  RT_ICON0x428e00x1e8data
                                                                                  RT_ICON0x42ac80x128GLS_BINARY_LSB_FIRST
                                                                                  RT_ICON0x42bf00x662aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                  RT_ICON0x4921c0xea8data
                                                                                  RT_ICON0x4a0c40x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15987957, next used block 16184308
                                                                                  RT_ICON0x4a96c0x6c8data
                                                                                  RT_ICON0x4b0340x568GLS_BINARY_LSB_FIRST
                                                                                  RT_ICON0x4b59c0x6014PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                  RT_ICON0x515b00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 2533359616, next used block 620756992
                                                                                  RT_ICON0x61dd80x94a8data
                                                                                  RT_ICON0x6b2800x67e8data
                                                                                  RT_ICON0x71a680x5488data
                                                                                  RT_ICON0x76ef00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 16777215, next used block 520093696
                                                                                  RT_ICON0x7b1180x25a8data
                                                                                  RT_ICON0x7d6c00x10a8data
                                                                                  RT_ICON0x7e7680x988data
                                                                                  RT_ICON0x7f0f00x468GLS_BINARY_LSB_FIRST
                                                                                  RT_GROUP_ICON0x7f5580x11edata
                                                                                  RT_VERSION0x7f6780x3e8data
                                                                                  RT_MANIFEST0x7fa600xc55XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                  Imports

                                                                                  DLLImport
                                                                                  mscoree.dll_CorExeMain

                                                                                  Version Infos

                                                                                  DescriptionData
                                                                                  Translation0x0000 0x04b0
                                                                                  LegalCopyrightCopyright (c) 2020 Discord Inc. All rights reserved.
                                                                                  Assembly Version0.0.52.0
                                                                                  InternalName0mrxdv.exe
                                                                                  FileVersion0.0.52.0
                                                                                  CompanyNameDiscord Inc.
                                                                                  CommentsDiscord - https://discord.com/
                                                                                  ProductNameDiscord - https://discord.com/
                                                                                  ProductVersion0.0.52.0
                                                                                  FileDescriptionDiscord - https://discord.com/
                                                                                  OriginalFilename0mrxdv.exe

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 27, 2020 15:50:26.041419029 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.143790960 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.143961906 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.232677937 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.335190058 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.335207939 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.335222960 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.335243940 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.335252047 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.335424900 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.335455894 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.336437941 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.380717993 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.483344078 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.532958031 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.805061102 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:26.914732933 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:26.966634989 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:32.370937109 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:32.473448038 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:32.473483086 CET4434975254.235.142.93192.168.2.7
                                                                                  Nov 27, 2020 15:50:32.473762989 CET49752443192.168.2.754.235.142.93
                                                                                  Nov 27, 2020 15:50:32.473788977 CET49752443192.168.2.754.235.142.93

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 27, 2020 15:48:20.874100924 CET6033853192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:20.901776075 CET53603388.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:21.578228951 CET5871753192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:21.613792896 CET53587178.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:22.266170025 CET5976253192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:22.301858902 CET53597628.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:23.354495049 CET5432953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:23.389976978 CET53543298.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:24.143481970 CET5805253192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:24.170592070 CET53580528.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:25.155158997 CET5400853192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:25.182007074 CET53540088.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:26.044099092 CET5945153192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:26.079655886 CET53594518.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:26.749469042 CET5291453192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:26.784953117 CET53529148.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:27.936121941 CET6456953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:27.963458061 CET53645698.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:28.731586933 CET5281653192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:28.758543015 CET53528168.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:30.248596907 CET5078153192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:30.286506891 CET53507818.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:38.800317049 CET5423053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:38.837667942 CET53542308.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:48:49.697817087 CET5491153192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:48:49.724992037 CET53549118.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:03.109736919 CET4995853192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:03.145215988 CET53499588.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:06.568762064 CET5086053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:06.595947027 CET53508608.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:07.943860054 CET5045253192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:07.970855951 CET53504528.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:08.755153894 CET5973053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:08.782233953 CET53597308.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:09.511333942 CET5931053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:09.538397074 CET53593108.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:09.698216915 CET5191953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:09.725699902 CET53519198.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:11.428085089 CET6429653192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:11.463762999 CET53642968.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:16.345305920 CET5668053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:16.380810022 CET53566808.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:16.880659103 CET5882053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:16.916929960 CET53588208.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:17.653317928 CET6098353192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:17.680463076 CET53609838.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:18.701076984 CET4924753192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:18.728246927 CET53492478.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:19.419313908 CET5228653192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:19.454652071 CET53522868.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:19.866847992 CET5606453192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:19.902224064 CET53560648.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:20.407711983 CET6374453192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:20.443409920 CET53637448.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:20.813774109 CET6145753192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:20.840759039 CET53614578.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:20.996562958 CET5836753192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:21.032300949 CET53583678.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:21.622694016 CET6059953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:21.649591923 CET53605998.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:21.786432028 CET5957153192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:21.822788000 CET53595718.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:22.598891020 CET5268953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:22.625920057 CET53526898.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:23.375482082 CET5029053192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:23.402610064 CET53502908.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:24.179336071 CET6042753192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:24.206322908 CET53604278.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:25.164038897 CET5620953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:25.215579987 CET53562098.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:27.426935911 CET5958253192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:27.464688063 CET53595828.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:56.409482956 CET6094953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:56.445172071 CET53609498.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:49:57.646286011 CET5854253192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:49:57.681869030 CET53585428.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:50:25.833167076 CET5917953192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:50:25.860451937 CET53591798.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:50:25.881963968 CET6092753192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:50:25.909071922 CET53609278.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:50:32.370229006 CET5785453192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:50:32.405921936 CET53578548.8.8.8192.168.2.7
                                                                                  Nov 27, 2020 15:50:32.408065081 CET6202653192.168.2.78.8.8.8
                                                                                  Nov 27, 2020 15:50:32.443623066 CET53620268.8.8.8192.168.2.7

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                  Nov 27, 2020 15:49:25.164038897 CET192.168.2.78.8.8.80xb3deStandard query (0)g.msn.comA (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.833167076 CET192.168.2.78.8.8.80x8902Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.881963968 CET192.168.2.78.8.8.80x1288Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:32.370229006 CET192.168.2.78.8.8.80xd35cStandard query (0)smtp.yandex.comA (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:32.408065081 CET192.168.2.78.8.8.80x36d1Standard query (0)smtp.yandex.comA (IP address)IN (0x0001)

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                  Nov 27, 2020 15:49:25.215579987 CET8.8.8.8192.168.2.70xb3deNo error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.142.93A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com174.129.214.20A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.126.66A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com184.73.247.141A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.42.25A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.66.103A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.164.148A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.860451937 CET8.8.8.8192.168.2.70x8902No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.220.115A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.142.93A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com174.129.214.20A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.126.66A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com184.73.247.141A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.42.25A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.66.103A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.164.148A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:25.909071922 CET8.8.8.8192.168.2.70x1288No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.220.115A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:32.405921936 CET8.8.8.8192.168.2.70xd35cNo error (0)smtp.yandex.comsmtp.yandex.ruCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:32.405921936 CET8.8.8.8192.168.2.70xd35cNo error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:32.443623066 CET8.8.8.8192.168.2.70x36d1No error (0)smtp.yandex.comsmtp.yandex.ruCNAME (Canonical name)IN (0x0001)
                                                                                  Nov 27, 2020 15:50:32.443623066 CET8.8.8.8192.168.2.70x36d1No error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)

                                                                                  HTTPS Packets

                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                  Nov 27, 2020 15:50:26.336437941 CET54.235.142.93443192.168.2.749752CN=*.ipify.org, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBWed Jan 24 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue Jan 19 01:00:00 CET 2010Sun Jan 24 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Tue Jan 19 00:59:59 CET 2038771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                  CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBWed Feb 12 01:00:00 CET 2014Mon Feb 12 00:59:59 CET 2029
                                                                                  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Jan 19 01:00:00 CET 2010Tue Jan 19 00:59:59 CET 2038

                                                                                  Code Manipulations

                                                                                  Statistics

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  Analysis Process: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6612 Parent PID: 5688

                                                                                  General

                                                                                  Start time:15:48:26
                                                                                  Start date:27/11/2020
                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe'
                                                                                  Imagebase:0x60000
                                                                                  File size:518656 bytes
                                                                                  MD5 hash:B7679C443E22238291F5603F016FF56E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.278541808.0000000002522000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.278353897.0000000002481000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.278801335.0000000003481000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  Analysis Process: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6916 Parent PID: 6612

                                                                                  General

                                                                                  Start time:15:48:41
                                                                                  Start date:27/11/2020
                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  Imagebase:0x190000
                                                                                  File size:518656 bytes
                                                                                  MD5 hash:B7679C443E22238291F5603F016FF56E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low

                                                                                  Analysis Process: SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe PID: 6956 Parent PID: 6612

                                                                                  General

                                                                                  Start time:15:48:42
                                                                                  Start date:27/11/2020
                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exe
                                                                                  Imagebase:0xf60000
                                                                                  File size:518656 bytes
                                                                                  MD5 hash:B7679C443E22238291F5603F016FF56E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.505759683.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.511664403.0000000003506000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.511444288.00000000034B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  Analysis Process: vlc.exe PID: 6360 Parent PID: 3292

                                                                                  General

                                                                                  Start time:15:48:50
                                                                                  Start date:27/11/2020
                                                                                  Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                                                                                  Imagebase:0x11a0000
                                                                                  File size:518656 bytes
                                                                                  MD5 hash:B7679C443E22238291F5603F016FF56E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.327896821.0000000003B91000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.327636226.0000000002CB6000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 31%, ReversingLabs
                                                                                  Reputation:low

                                                                                  Analysis Process: vlc.exe PID: 6652 Parent PID: 3292

                                                                                  General

                                                                                  Start time:15:48:58
                                                                                  Start date:27/11/2020
                                                                                  Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                                                                                  Imagebase:0xe30000
                                                                                  File size:518656 bytes
                                                                                  MD5 hash:B7679C443E22238291F5603F016FF56E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Reputation:low

                                                                                  Analysis Process: vlc.exe PID: 2504 Parent PID: 6360

                                                                                  General

                                                                                  Start time:15:49:04
                                                                                  Start date:27/11/2020
                                                                                  Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                                  Imagebase:0xf70000
                                                                                  File size:518656 bytes
                                                                                  MD5 hash:B7679C443E22238291F5603F016FF56E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.510701156.00000000034E1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.505733020.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  Disassembly

                                                                                  Code Analysis

                                                                                  Reset < >