Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.MulDrop15.61980.13868.3384

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.MulDrop15.61980.13868.3384 (renamed file extension from 3384 to exe)
Analysis ID:323839
MD5:0998148d355b1e7bad7b44558aa4c125
SHA1:5d062cb98564c1f2bc821c0a3e81b228780f77f7
SHA256:8ef317f2278fbe6a533e8f78b932698e986280d2f4a6716aaaaa4dc5692222a8
Tags:AgentTesla

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Modifies the hosts file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • vlc.exe (PID: 6248 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe' MD5: 0998148D355B1E7BAD7B44558AA4C125)
    • vlc.exe (PID: 6828 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: 0998148D355B1E7BAD7B44558AA4C125)
    • vlc.exe (PID: 6888 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: 0998148D355B1E7BAD7B44558AA4C125)
    • vlc.exe (PID: 6896 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: 0998148D355B1E7BAD7B44558AA4C125)
    • vlc.exe (PID: 6904 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: 0998148D355B1E7BAD7B44558AA4C125)
  • vlc.exe (PID: 6536 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe' MD5: 0998148D355B1E7BAD7B44558AA4C125)
    • vlc.exe (PID: 6996 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe MD5: 0998148D355B1E7BAD7B44558AA4C125)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "qRlQv5b8v4k0m", "URL: ": "http://5YdEMfw1vYcxQtIJ.com", "To: ": "bmmc@novget.com", "ByHost: ": "novget.com:587", "Password: ": "fTUctjBYd8i", "From: ": "bmmc@novget.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000006.00000002.301127275.0000000002BC1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 22 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              19.2.vlc.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                20.2.vlc.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                  Sigma Overview

                  No Sigma rule has matched

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.5664.2.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "qRlQv5b8v4k0m", "URL: ": "http://5YdEMfw1vYcxQtIJ.com", "To: ": "bmmc@novget.com", "ByHost: ": "novget.com:587", "Password: ": "fTUctjBYd8i", "From: ": "bmmc@novget.com"}
                  Multi AV Scanner detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeReversingLabs: Detection: 31%
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeVirustotal: Detection: 30%Perma Link
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeReversingLabs: Detection: 31%
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJoe Sandbox ML: detected
                  Machine Learning detection for sampleShow sources
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeJoe Sandbox ML: detected
                  Source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: 20.2.vlc.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: 19.2.vlc.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49743 -> 167.88.170.2:587
                  Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49745 -> 167.88.170.2:587
                  May check the online IP address of the machineShow sources
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: Joe Sandbox ViewIP Address: 184.73.247.141 184.73.247.141
                  Source: Joe Sandbox ViewIP Address: 184.73.247.141 184.73.247.141
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS traffic detected: queries for: api.ipify.org
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.498331561.000000000348A000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.499427077.00000000034E3000.00000004.00000001.sdmpString found in binary or memory: http://5YdEMfw1vYcxQtIJ.com
                  Source: vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                  Source: vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: http://HReuFq.com
                  Source: vlc.exe, 00000013.00000002.492517745.00000000030AC000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.org
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000003.472294046.00000000015B6000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000003.472294046.00000000015B6000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidation
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.494298446.000000000325B000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
                  Source: vlc.exe, 00000013.00000002.492517745.00000000030AC000.00000004.00000001.sdmpString found in binary or memory: http://elb097307-934924932.us-east-1.elb.amazonaws.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218382193.0000000005C30000.00000004.00000001.sdmpString found in binary or memory: http://en.wikipN
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.499127131.00000000034D6000.00000004.00000001.sdmpString found in binary or memory: http://novget.com
                  Source: vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: vlc.exeString found in binary or memory: http://schemas.microso
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492364241.0000000003098000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220201223.0000000005C12000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-u
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220201223.0000000005C12000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comon
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comq
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comyrlS
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223959100.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/N
                  Source: vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223854426.0000000005C52000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/O
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225560487.0000000005C4E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers9
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224188865.0000000005C52000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersE
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225123261.0000000005C52000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersP
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225457522.0000000005C52000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersk
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224188865.0000000005C52000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersz
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comFN
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comI.TTF
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224549941.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comL.TTF
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.230794690.0000000005C33000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comaT
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225588787.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsF
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225487535.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcom
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225487535.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comditom
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessed7
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224198483.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessedf
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223821132.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comique
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225009614.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comitud
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.230975135.0000000005C33000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comoitum
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comtu
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224146770.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comueed
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225588787.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comvT
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.226940473.0000000005C33000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221786965.0000000005C34000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220932324.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Liha
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/N
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221333628.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/R
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/T
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0t
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222987089.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/T
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/m
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/l
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/m
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220785926.0000000005C2B000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/p
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/r-t
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222469453.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/t
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220932324.0000000005C34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/uheT
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.229992289.0000000005C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222024096.0000000005C56000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.219300688.0000000005C1A000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.219300688.0000000005C1A000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krU
                  Source: vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.neta_
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218827779.0000000005C2B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netalik
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netez
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netivh
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netsiv-u
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.3
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492364241.0000000003098000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org/
                  Source: vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org4$l8
                  Source: vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.orgGETMozilla/5.0
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeString found in binary or memory: https://discord.com/
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeString found in binary or memory: https://discord.com/4
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeString found in binary or memory: https://discord.com/8
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.494298446.000000000325B000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.251609553.00000000010EB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                  Spam, unwanted Advertisements and Ransom Demands:

                  barindex
                  Modifies the hosts fileShow sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_010AC284
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_010AE640
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_010AE650
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_0742C398
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_0742BAC8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_0742B780
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06843FE8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06841448
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06847308
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0684B9B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0684ED98
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06848A30
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06846278
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_068493A0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06872618
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0687F780
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06871FE0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0687EB0C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0687D738
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0687AB78
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0687BA88
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_0687CFF8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06878FF8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5DFE0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A593E8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A50040
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A54D80
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5B130
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5D158
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A555C7
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A555D0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5B123
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_00ECC284
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_00ECE640
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_00ECE650
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C30448
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C32D38
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C36158
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06D6BAC8
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06D6C398
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06D6B780
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_00DEC284
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_00DEE650
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_00DEE640
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_06B4BAC8
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_06B4C398
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_06B4B780
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_07260428
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_0726BAA0
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_072647C1
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_072647D0
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_07265920
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_0726591E
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_072601B0
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_0726019F
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: vlc.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameOhOvZMWOvVyKYxqxFjBeQ.exe4 vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePanlwmqitxzsq.dll4 vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClassLibrary3.dll< vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000000.214469304.0000000000902000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.251609553.00000000010EB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000001.00000000.245925171.0000000000382000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.503386805.0000000006850000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000000.247521411.0000000000DF2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameOhOvZMWOvVyKYxqxFjBeQ.exe4 vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.504414136.0000000007130000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.503840561.0000000006A30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeBinary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: vlc.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@17/7@6/1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeVirustotal: Detection: 30%
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeReversingLabs: Detection: 31%
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe'
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 0_2_074230F8 push 00C364D1h; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06849711 push eax; iretd
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_068776BF push es; iretd
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06877E3F push edi; retn 0000h
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06871093 push es; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_068710A3 push es; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5E5B8 pushad ; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5CAF8 push edx; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5CAFB push edx; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5E63B pushad ; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5CB9B push ebx; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5CB53 push ebx; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5D0F8 push esi; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5D0FB push esi; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5C84B push ecx; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5ED9B pushad ; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5CD01 push esp; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5E500 pushad ; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5ED03 push eax; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5E50B pushad ; ret
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06A5E553 pushad ; ret
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C35E81 push ebp; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C357B0 push eax; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C325AD push eax; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C38297 push 0000007Dh; ret
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C35A68 push edx; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C35A70 push edx; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C35A78 push edx; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C37218 pushad ; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C37311 pushad ; retn 0006h
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 6_2_06C3731B pushad ; retn 0006h
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.96249614821
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.96249614821
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: vlc.exe.0.dr, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: vlc.exe.0.dr, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 0.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 0.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 0.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 0.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 1.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 1.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 1.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 1.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.1.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.1.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 2.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 2.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 6.0.vlc.exe.720000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 6.0.vlc.exe.720000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 6.2.vlc.exe.720000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 6.2.vlc.exe.720000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 11.2.vlc.exe.450000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 11.2.vlc.exe.450000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 11.0.vlc.exe.450000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 11.0.vlc.exe.450000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 16.0.vlc.exe.310000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 16.0.vlc.exe.310000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 16.2.vlc.exe.310000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 16.2.vlc.exe.310000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 17.0.vlc.exe.160000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 17.0.vlc.exe.160000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 17.2.vlc.exe.160000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 17.2.vlc.exe.160000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 18.2.vlc.exe.210000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 18.2.vlc.exe.210000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 18.0.vlc.exe.210000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 18.0.vlc.exe.210000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 19.2.vlc.exe.a30000.1.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 19.2.vlc.exe.a30000.1.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 19.0.vlc.exe.a30000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 19.0.vlc.exe.a30000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 20.2.vlc.exe.870000.1.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 20.2.vlc.exe.870000.1.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: 20.0.vlc.exe.870000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.csHigh entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
                  Source: 20.0.vlc.exe.870000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.csHigh entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLANJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe\:Zone.Identifier:$DATAJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlcJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion:

                  barindex
                  Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.301273221.0000000002C05000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316006335.00000000028D1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWindow / User API: threadDelayed 3753
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWindow / User API: threadDelayed 6071
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWindow / User API: threadDelayed 2626
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWindow / User API: threadDelayed 7218
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWindow / User API: threadDelayed 3672
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWindow / User API: threadDelayed 6165
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 5808Thread sleep count: 64 > 30
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 2168Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 6384Thread sleep time: -27670116110564310s >= -30000s
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 6388Thread sleep count: 3753 > 30
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 6388Thread sleep count: 6071 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6252Thread sleep count: 64 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6272Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6540Thread sleep count: 64 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6640Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 7056Thread sleep time: -25825441703193356s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 7060Thread sleep count: 2626 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 7060Thread sleep count: 7218 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 780Thread sleep time: -27670116110564310s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 3016Thread sleep count: 3672 > 30
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 3016Thread sleep count: 6165 > 30
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
                  Source: vlc.exe, 0000000B.00000002.316006335.00000000028D1000.00000004.00000001.sdmpBinary or memory string: vmware
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000003.472294046.00000000015B6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess information queried: ProcessInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeCode function: 2_2_06847FB8 LdrInitializeThunk,
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeMemory allocated: page read and write | page guard

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A
                  Modifies the hosts fileShow sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmpBinary or memory string: Program Manager
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmpBinary or memory string: Progman
                  Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exeCode function: 11_2_0726A300 GetUserNameA,
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                  Lowering of HIPS / PFW / Operating System Security Settings:

                  barindex
                  Modifies the hosts fileShow sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected AgentTeslaShow sources
                  Source: Yara matchFile source: 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.301127275.0000000002BC1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.301544638.0000000003B41000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.316335903.0000000002978000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.252121672.0000000002D02000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6248, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6996, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6536, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 1740, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6904, type: MEMORY
                  Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Tries to harvest and steal ftp login credentialsShow sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                  Tries to steal Mail credentials (via file access)Show sources
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Yara matchFile source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.494562870.0000000003276000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6996, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6904, type: MEMORY

                  Remote Access Functionality:

                  barindex
                  Yara detected AgentTeslaShow sources
                  Source: Yara matchFile source: 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.301127275.0000000002BC1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.301544638.0000000003B41000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.316335903.0000000002978000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.252121672.0000000002D02000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6248, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6996, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6536, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 1740, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vlc.exe PID: 6904, type: MEMORY
                  Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management Instrumentation221Registry Run Keys / Startup Folder11Process Injection112File and Directory Permissions Modification1OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Disable or Modify Tools1Input Capture1File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Credentials in Registry1System Information Discovery124SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing3NTDSQuery Registry1Distributed Component Object ModelInput Capture1Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsSecurity Software Discovery321SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion14Cached Domain CredentialsVirtualization/Sandbox Evasion14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                  Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 323839 Sample: SecuriteInfo.com.Trojan.Mul... Startdate: 27/11/2020 Architecture: WINDOWS Score: 100 40 novget.com 2->40 42 nagano-19599.herokussl.com 2->42 44 2 other IPs or domains 2->44 60 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->60 62 Found malware configuration 2->62 64 Multi AV Scanner detection for dropped file 2->64 66 8 other signatures 2->66 7 SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 1 6 2->7         started        11 vlc.exe 2 2->11         started        13 vlc.exe 3 2->13         started        signatures3 process4 file5 34 C:\Users\user\AppData\Roaming\...\vlc.exe, PE32 7->34 dropped 36 C:\Users\user\...\vlc.exe:Zone.Identifier, ASCII 7->36 dropped 38 SecuriteInfo.com.T...61980.13868.exe.log, ASCII 7->38 dropped 68 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->68 70 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->70 72 Injects a PE file into a foreign processes 7->72 15 SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 15 2 7->15         started        19 SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 7->19         started        21 vlc.exe 11->21         started        24 vlc.exe 2 13->24         started        26 vlc.exe 13->26         started        28 vlc.exe 13->28         started        30 vlc.exe 13->30         started        signatures6 process7 dnsIp8 46 elb097307-934924932.us-east-1.elb.amazonaws.com 184.73.247.141, 443, 49742 AMAZON-AESUS United States 15->46 48 nagano-19599.herokussl.com 15->48 50 api.ipify.org 15->50 52 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->52 54 Tries to steal Mail credentials (via file access) 15->54 56 Tries to harvest and steal ftp login credentials 15->56 58 2 other signatures 15->58 32 C:\Windows\System32\drivers\etc\hosts, ASCII 21->32 dropped file9 signatures10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe30%VirustotalBrowse
                  SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe31%ReversingLabsByteCode-MSIL.Infostealer.Maslog
                  SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe31%ReversingLabsByteCode-MSIL.Infostealer.Maslog

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                  20.2.vlc.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                  19.2.vlc.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                  Domains

                  SourceDetectionScannerLabelLink
                  novget.com0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.typography.netalik0%Avira URL Cloudsafe
                  http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                  http://www.fontbureau.comessedf0%Avira URL Cloudsafe
                  https://discord.com/0%URL Reputationsafe
                  https://discord.com/0%URL Reputationsafe
                  https://discord.com/0%URL Reputationsafe
                  https://discord.com/0%URL Reputationsafe
                  http://www.fontbureau.comalsF0%URL Reputationsafe
                  http://www.fontbureau.comalsF0%URL Reputationsafe
                  http://www.fontbureau.comalsF0%URL Reputationsafe
                  http://www.fontbureau.comalsF0%URL Reputationsafe
                  http://www.fontbureau.comditom0%Avira URL Cloudsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.sandoll.co.krU0%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/r-t0%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/uheT0%Avira URL Cloudsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.carterandcone.comyrlS0%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/Liha0%Avira URL Cloudsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                  http://www.fontbureau.comique0%Avira URL Cloudsafe
                  http://www.galapagosdesign.com/0%URL Reputationsafe
                  http://www.galapagosdesign.com/0%URL Reputationsafe
                  http://www.galapagosdesign.com/0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/T0%Avira URL Cloudsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/R0%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/N0%Avira URL Cloudsafe
                  http://www.fontbureau.comaT0%Avira URL Cloudsafe
                  http://www.carterandcone.comq0%Avira URL Cloudsafe
                  http://novget.com0%Avira URL Cloudsafe
                  https://api.ipify.org4$l80%Avira URL Cloudsafe
                  http://5YdEMfw1vYcxQtIJ.com0%Avira URL Cloudsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  https://discord.com/40%Avira URL Cloudsafe
                  https://discord.com/80%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/m0%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/l0%Avira URL Cloudsafe
                  http://www.typography.netsiv-u0%Avira URL Cloudsafe
                  http://HReuFq.com0%Avira URL Cloudsafe
                  http://www.carterandcone.comon0%Avira URL Cloudsafe
                  http://www.fontbureau.comitud0%Avira URL Cloudsafe
                  http://www.typography.netez0%Avira URL Cloudsafe
                  http://www.fontbureau.comI.TTF0%Avira URL Cloudsafe
                  http://www.carterandcone.comn-u0%URL Reputationsafe
                  http://www.carterandcone.comn-u0%URL Reputationsafe
                  http://www.carterandcone.comn-u0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/Y0t0%Avira URL Cloudsafe
                  http://www.carterandcone.com0%URL Reputationsafe
                  http://www.carterandcone.com0%URL Reputationsafe
                  http://www.carterandcone.com0%URL Reputationsafe
                  http://www.fontbureau.comFN0%Avira URL Cloudsafe
                  http://www.typography.netivh0%Avira URL Cloudsafe
                  https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                  https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                  https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                  http://schemas.microso0%Avira URL Cloudsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://www.fontbureau.comcom0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  elb097307-934924932.us-east-1.elb.amazonaws.com
                  		184.73.247.141
                  		truefalse
                    		high
                    novget.com
                    		167.88.170.2
                    		truetrueunknown
                    api.ipify.org
                    		unknown
                    		unknownfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.typography.netalikSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218827779.0000000005C2B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://127.0.0.1:HTTP/1.1SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://www.fontbureau.comessedfSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224198483.0000000005C34000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://discord.com/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exefalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersvlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comalsFSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225588787.0000000005C34000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.comditomSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sajatypeworks.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.sandoll.co.krUSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.219300688.0000000005C1A000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/r-tSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/uheTSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220932324.0000000005C34000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmpfalse
                          		high
                          http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.carterandcone.comyrlSSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/LihaSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220932324.0000000005C34000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.urwpp.deDPleaseSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.zhongyicts.com.cnSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492364241.0000000003098000.00000004.00000001.sdmpfalse
                            		high
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comiqueSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223821132.0000000005C34000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.galapagosdesign.com/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.226940473.0000000005C33000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/TSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/RSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221333628.0000000005C34000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/NSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comaTSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.230794690.0000000005C33000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.carterandcone.comqSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.com/NSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223959100.0000000005C34000.00000004.00000001.sdmpfalse
                              		high
                              http://novget.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.499127131.00000000034D6000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.ipify.org4$l8vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://5YdEMfw1vYcxQtIJ.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.498331561.000000000348A000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.499427077.00000000034E3000.00000004.00000001.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.carterandcone.comlSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                		high
                                https://discord.com/4SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exefalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/tSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222469453.0000000005C34000.00000004.00000001.sdmpfalse
                                  		unknown
                                  https://discord.com/8SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/pSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220785926.0000000005C2B000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/mSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/lSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.typography.netsiv-uSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://HReuFq.comvlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.comonSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220201223.0000000005C12000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.comitudSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225009614.0000000005C34000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.typography.netezSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designersGSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.comI.TTFSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.carterandcone.comn-uSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220201223.0000000005C12000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/?SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers?SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designersESecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224188865.0000000005C52000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.tiro.comvlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://elb097307-934924932.us-east-1.elb.amazonaws.comvlc.exe, 00000013.00000002.492517745.00000000030AC000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designers/OSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223854426.0000000005C52000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.goodfont.co.krSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/Y0tSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.carterandcone.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designersPSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225123261.0000000005C52000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.fontbureau.comFNSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.typography.netivhSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://api.ipify.orgGETMozilla/5.0vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.microsovlc.exefalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.typography.netDSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://api.ipify.orgSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://fontfabrik.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designerskSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225457522.0000000005C52000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.comcomSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225487535.0000000005C34000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/jp/mSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fonts.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.sandoll.co.krSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.219300688.0000000005C1A000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.comvTSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225588787.0000000005C34000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.jiyu-kobo.co.jp/jp/TSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designerszSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224188865.0000000005C52000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.zhongyicts.com.cno.3SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://www.sakkal.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222024096.0000000005C56000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.comoitumSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.230975135.0000000005C33000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.fontbureau.comueedSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224146770.0000000005C34000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://api.ipify.org/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492364241.0000000003098000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.comSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://DynDns.comDynDNSvlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://en.wikipNSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218382193.0000000005C30000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.fontbureau.comtuSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.fontbureau.comessed7SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.fontbureau.comL.TTFSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224549941.0000000005C34000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.jiyu-kobo.co.jp/jp/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222987089.0000000005C34000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.fontbureau.comdSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225487535.0000000005C34000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://api.ipify.orgvlc.exe, 00000013.00000002.492517745.00000000030AC000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.founder.com.cn/cnSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.typography.neta_SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		low
                                                                  http://www.monotype.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.229992289.0000000005C1B000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://api.telegram.org/bot%telegramapi%/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221786965.0000000005C34000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers9SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225560487.0000000005C4E000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers8SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        https://secure.comodo.com/CPS0SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.494298446.000000000325B000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------xSecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmpfalse
                                                                            		high

                                                                            Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            184.73.247.141
                                                                            		unknownUnited States
                                                                            		14618AMAZON-AESUSfalse

                                                                            General Information

                                                                            Joe Sandbox Version:31.0.0 Red Diamond
                                                                            Analysis ID:323839
                                                                            Start date:27.11.2020
                                                                            Start time:16:08:04
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 12m 51s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:light
                                                                            Sample file name:SecuriteInfo.com.Trojan.MulDrop15.61980.13868.3384 (renamed file extension from 3384 to exe)
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:30
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.adwa.spyw.evad.winEXE@17/7@6/1
                                                                            EGA Information:Failed
                                                                            HDC Information:
                                                                            • Successful, ratio: 0% (good quality ratio 0%)
                                                                            • Quality average: 82%
                                                                            • Quality standard deviation: 11%
                                                                            HCA Information:
                                                                            • Successful, ratio: 97%
                                                                            • Number of executed functions: 0
                                                                            • Number of non-executed functions: 0
                                                                            Cookbook Comments:
                                                                            • Adjust boot time
                                                                            • Enable AMSI
                                                                            Warnings:
                                                                            Show All
                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                            • Excluded IPs from analysis (whitelisted): 168.61.161.212, 52.147.198.201, 40.88.32.150, 51.11.168.160, 23.210.248.85, 20.54.26.129, 51.104.144.132, 92.122.213.247, 92.122.213.194
                                                                            • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            16:09:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run vlc "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"
                                                                            16:09:23AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run vlc "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe"
                                                                            16:09:29API Interceptor670x Sleep call for process: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe modified
                                                                            16:09:47API Interceptor984x Sleep call for process: vlc.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            184.73.247.141WeBU3HLcSGLmmDb.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            phy__1__31629__2649094674__1605642612.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/?format=xml
                                                                            h5I9F5YQyX.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            14RP4w9CuA.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            FACTURA PENDIENTE.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            Swift Copy_G3181992.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            Haruko Industrial Supply offer.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            SKM__C20192910887888001990.pdf.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            5fNtovgDmX.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            1104_83924.xlsbGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            OZmn6gKEgi.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            E099874321.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            BL2648372240.xls.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            ZAzoeb7NY6.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            7Pkuj1axGK.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            35pDlzhl45.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            B3T7eh73ok.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/?format=xml
                                                                            Payment.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            pqE2Ika4EY.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/
                                                                            QN27UyUjZ5.exeGet hashmaliciousBrowse
                                                                            • api.ipify.org/

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            novget.comBjtr3wfVjY.exeGet hashmaliciousBrowse
                                                                            • 167.88.170.2
                                                                            l2aaJwiUce.exeGet hashmaliciousBrowse
                                                                            • 167.88.170.2
                                                                            7Z50XcJvKchMDzU.exeGet hashmaliciousBrowse
                                                                            • 167.88.170.2
                                                                            elb097307-934924932.us-east-1.elb.amazonaws.comSecuriteInfo.com.Trojan.PWS.Stealer.29618.24275.exeGet hashmaliciousBrowse
                                                                            • 54.225.169.28
                                                                            SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeGet hashmaliciousBrowse
                                                                            • 54.235.142.93
                                                                            ORDER.exeGet hashmaliciousBrowse
                                                                            • 54.243.164.148
                                                                            swift copy.exeGet hashmaliciousBrowse
                                                                            • 23.21.42.25
                                                                            26-11-20_Dhl_Signed_document-pdf.exeGet hashmaliciousBrowse
                                                                            • 54.225.220.115
                                                                            Arrivalnotice2020pdf.exeGet hashmaliciousBrowse
                                                                            • 174.129.214.20
                                                                            lxpo.exeGet hashmaliciousBrowse
                                                                            • 54.204.14.42
                                                                            guy1.exeGet hashmaliciousBrowse
                                                                            • 54.225.66.103
                                                                            guy2.exeGet hashmaliciousBrowse
                                                                            • 54.243.161.145
                                                                            PO_0012009.xlsxGet hashmaliciousBrowse
                                                                            • 23.21.252.4
                                                                            5C.exeGet hashmaliciousBrowse
                                                                            • 54.225.169.28
                                                                            INV-6367-20_pdf.exeGet hashmaliciousBrowse
                                                                            • 54.225.66.103
                                                                            #A06578987.xlsmGet hashmaliciousBrowse
                                                                            • 54.204.14.42
                                                                            SecuriteInfo.com.Variant.Bulz.233365.3916.exeGet hashmaliciousBrowse
                                                                            • 23.21.252.4
                                                                            https://sugar-stirring-mockingbird.glitch.me/#comp@hansi.atGet hashmaliciousBrowse
                                                                            • 54.225.169.28
                                                                            INVOICE.xlsxGet hashmaliciousBrowse
                                                                            • 54.204.14.42
                                                                            PR24869408-V2.PDF.exeGet hashmaliciousBrowse
                                                                            • 174.129.214.20
                                                                            Inquiry_pdf.exeGet hashmaliciousBrowse
                                                                            • 23.21.42.25
                                                                            98650107.pdf.exeGet hashmaliciousBrowse
                                                                            • 23.21.42.25
                                                                            #U00d6deme Onay#U0131 Makbuzu.exeGet hashmaliciousBrowse
                                                                            • 174.129.214.20

                                                                            ASN

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            AMAZON-AESUSDirect Deposit.xlsxGet hashmaliciousBrowse
                                                                            • 34.231.129.212
                                                                            Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                            • 52.205.236.122
                                                                            Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                            • 52.205.236.122
                                                                            SecuriteInfo.com.Trojan.PWS.Stealer.29618.24275.exeGet hashmaliciousBrowse
                                                                            • 54.225.169.28
                                                                            SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeGet hashmaliciousBrowse
                                                                            • 54.235.142.93
                                                                            ORDER.exeGet hashmaliciousBrowse
                                                                            • 54.243.164.148
                                                                            swift copy.exeGet hashmaliciousBrowse
                                                                            • 23.21.42.25
                                                                            26-11-20_Dhl_Signed_document-pdf.exeGet hashmaliciousBrowse
                                                                            • 54.225.220.115
                                                                            Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                            • 34.231.129.212
                                                                            Direct Deposit.xlsxGet hashmaliciousBrowse
                                                                            • 52.205.236.122
                                                                            https://is.gd/NLY8SbGet hashmaliciousBrowse
                                                                            • 35.174.78.146
                                                                            Arrivalnotice2020pdf.exeGet hashmaliciousBrowse
                                                                            • 174.129.214.20
                                                                            guy1.exeGet hashmaliciousBrowse
                                                                            • 54.225.66.103
                                                                            guy2.exeGet hashmaliciousBrowse
                                                                            • 54.243.161.145
                                                                            https://34.75.2o2.lol/XYWNc0aW9uPWwNsaWNrJngVybD1ovndHRwnczovL3NleY3wVyZWQtbG9naW4ubmV0nL3BhZ2VzLzQyY2FkNTJhZmU3YSZyZWNpcGllbnRfaWQ9NzM2OTg3ODg4JmNhbXBhaWduX3J1bl9pZD0zOTM3OTczGet hashmaliciousBrowse
                                                                            • 3.215.226.95
                                                                            https://bit.do/fLpprGet hashmaliciousBrowse
                                                                            • 54.83.52.76
                                                                            PO_0012009.xlsxGet hashmaliciousBrowse
                                                                            • 23.21.252.4
                                                                            https://webnavigator.co/?adprovider=AppFocus1&source=d-cp11560482685&group=cg60&device=c&keyword=&creative=477646941053&adposition=none&placement=www.123homeschool4me.com&target=segment_be_a_7802457135858218830&sl=&caid=11560482685&gw=1&test=%3a%2f%2fmailGet hashmaliciousBrowse
                                                                            • 54.90.26.145
                                                                            https://m365.eu.vadesecure.com/safeproxy/v4?f=xQsVwKRZoQHMcJWN90zqnir6G6pZJkmZJBUJoNEfoN5w0NIk94-OeCH1NldcAqKsz75KalR9dIZlPCJr1Ux0xQ&i=dKwbScfh0hAXC0Inkkq0sM5FeXPK9I7Ny4D2nAPOiEibKJwP2etJDqX8WzAoEu0mklzE6wT-r8I8OtTRdIg8Sg&k=EPqM&r=_vxI1MPLJP9RjHYc6dmEH2aQYLnm7iSEcU9gx_WNg2_vrJo8MeAqNzNCqHX9DNrQ&s=dbc75c7ed54466f34eeae3fd3b1612b20fb815efc99933570f78acd79467623c&u=https%3A%2F%2Femail.utest.com%2Fls%2Fclick%3Fupn%3DlGjzeq3i4yih7CYyWDD2uGWEioaO303Ya1CTzgGY6ZFHmgV-2FF-2FEWXdAYvLiLIvET2r-2BfuQ5qIL56xFMZkA-2F-2BXKhuWb2hSemZwMxFmG0rDjjP9tlrcROzWmQSAh2kMQamb79I1cx4-2Fvjhww3n8oZQi-2FnOhlQdbGdNxKrX28q7P-2FPufa0AAvr-2FvNJcD-2FrxpMHjDG9dPJU0WEGqi12uVZQLCz-2BjYAJF5yCzK-2FjUezEn2d6sv-2BTETl96ejjfG9yQ2VbdWqGp_snpiKdUCY2bDrEnMsWMAnz6f3HkWPd0oUIj3WsKz0V4NahNEm-2BJ9rDW2-2Fib8wsclxoRuHsrv-2B0aoCVw0ftXwGZJTPgQ4k6DZXQjAqFeejOYe-2FRbaSc1Yf5Xj5PUa6lKqmFYNWSkevePONwyMaBGxV4NDGtgMbAc7jyOEWYDUniHPiY87Lpiw631423FED14OvXIfrL7S45QvDvK6-2Fc04r-2B65lMxyCebYSr-2FOr4bCpGQ-3DGet hashmaliciousBrowse
                                                                            • 52.202.11.207
                                                                            https://webmail-re5rere.web.app/?emailtoken=test@test.com&domain=test.comGet hashmaliciousBrowse
                                                                            • 34.236.142.3

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Trojan.PWS.Stealer.29618.24275.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            Purchase Order.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            SecuriteInfo.com.Trojan.MulDrop15.61981.23282.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            ORDER.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            Mixtec New Order And Price List Requsting Form_pdf.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            swift copy.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            26-11-20_Dhl_Signed_document-pdf.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            Arrivalnotice2020pdf.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            SecuriteInfo.com.Mal.Generic-S.26042.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            guy1.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            guy2.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            Exodus.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            INV-6367-20_pdf.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            #A06578987.xlsmGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            Order 51897.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            PR24869408-V2.PDF.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            98650107.pdf.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            #U00d6deme Onay#U0131 Makbuzu.exeGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            Izezma64.dllGet hashmaliciousBrowse
                                                                            • 184.73.247.141
                                                                            fuxenm32.dllGet hashmaliciousBrowse
                                                                            • 184.73.247.141

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.log
                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:modified
                                                                            Size (bytes):1391
                                                                            Entropy (8bit):5.344111348947579
                                                                            Encrypted:false
                                                                            SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4xLE4qE4W:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzh
                                                                            MD5:E87C60A24438CC611338EA5ACB433A0A
                                                                            SHA1:E0C6A7D5CFE32BB2178E71DEE79971A51697B7DD
                                                                            SHA-256:80DAB47D7A9E233A692D10ACAF5793E34911836D36DB2E11BB7C5D42DE39782A
                                                                            SHA-512:3DBD6773153DC9D05558ED491A92C9B4B72D594263D7BD2D06BDDCF09BE55477D35041145219A5E9A46B38575E5B60DA91C6870B2CA29A83388695AD389B8EBF
                                                                            Malicious:true
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vlc.exe.log
                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1391
                                                                            Entropy (8bit):5.344111348947579
                                                                            Encrypted:false
                                                                            SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4xLE4qE4W:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzh
                                                                            MD5:E87C60A24438CC611338EA5ACB433A0A
                                                                            SHA1:E0C6A7D5CFE32BB2178E71DEE79971A51697B7DD
                                                                            SHA-256:80DAB47D7A9E233A692D10ACAF5793E34911836D36DB2E11BB7C5D42DE39782A
                                                                            SHA-512:3DBD6773153DC9D05558ED491A92C9B4B72D594263D7BD2D06BDDCF09BE55477D35041145219A5E9A46B38575E5B60DA91C6870B2CA29A83388695AD389B8EBF
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):518656
                                                                            Entropy (8bit):7.090523037661616
                                                                            Encrypted:false
                                                                            SSDEEP:12288:5gMuIpvMHWB2naHLmFGlZ09FQFFFFFFFFFFFFFFFFFFFFFRYH8txxxxxxxxxxxxc:mICE2n+jZIFqy
                                                                            MD5:0998148D355B1E7BAD7B44558AA4C125
                                                                            SHA1:5D062CB98564C1F2BC821C0A3E81B228780F77F7
                                                                            SHA-256:8EF317F2278FBE6A533E8F78B932698E986280D2F4A6716AAAAA4DC5692222A8
                                                                            SHA-512:0F824BC00379FF7F0E48C9D9E9ADFF8D38A6424B07B9E81528156747A628603E85E986DCBC618BF739FA06CCECA6343519D24C80C2B397A7887CDCAC0A0F8F32
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 31%
                                                                            Reputation:low
                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+._.....................*......^.... ........@.. .......................@............@.....................................K........&................... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc....&.......(..................@..@.reloc....... ......................@..B................@.......H........1..87......n....h..*s...........................................0..t........(....8B...8........E....?...........8:....(.... .....:....&8....*.(....8.....(.... .....:....&8.....(.... ....8.....0..@....... ........8........E..................../...............8....8.... ....8....s......8....8.... ....8..........(....r...p................(.......(..................(.......o....t....}.... ....(....9K...& ....8@...s...... ....(....9*...&8 .....(....8]... ...... ....8....*
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe:Zone.Identifier
                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):26
                                                                            Entropy (8bit):3.95006375643621
                                                                            Encrypted:false
                                                                            SSDEEP:3:ggPYV:rPYV
                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                            Malicious:true
                                                                            Reputation:high, very likely benign file
                                                                            Preview: [ZoneTransfer]....ZoneId=0
                                                                            C:\Windows\System32\drivers\etc\hosts
                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:modified
                                                                            Size (bytes):11
                                                                            Entropy (8bit):2.663532754804255
                                                                            Encrypted:false
                                                                            SSDEEP:3:iLE:iLE
                                                                            MD5:B24D295C1F84ECBFB566103374FB91C5
                                                                            SHA1:6A750D3F8B45C240637332071D34B403FA1FF55A
                                                                            SHA-256:4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4
                                                                            SHA-512:9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA
                                                                            Malicious:true
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview: ..127.0.0.1

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Entropy (8bit):7.090523037661616
                                                                            TrID:
                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                            File name:SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            File size:518656
                                                                            MD5:0998148d355b1e7bad7b44558aa4c125
                                                                            SHA1:5d062cb98564c1f2bc821c0a3e81b228780f77f7
                                                                            SHA256:8ef317f2278fbe6a533e8f78b932698e986280d2f4a6716aaaaa4dc5692222a8
                                                                            SHA512:0f824bc00379ff7f0e48c9d9e9adff8d38a6424b07b9e81528156747a628603e85e986dcbc618bf739fa06cceca6343519d24c80c2b397a7887cdcac0a0f8f32
                                                                            SSDEEP:12288:5gMuIpvMHWB2naHLmFGlZ09FQFFFFFFFFFFFFFFFFFFFFFRYH8txxxxxxxxxxxxc:mICE2n+jZIFqy
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+._.....................*......^.... ........@.. .......................@............@................................

                                                                            File Icon

                                                                            Icon Hash:d098909eaab2a282

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x43dc5e
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                            Time Stamp:0x5FC02BDB [Thu Nov 26 22:27:39 2020 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:v4.0.30319
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp dword ptr [00402000h]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3dc100x4b.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e0000x426c8.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x820000xc.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x20000x3bc640x3be00False0.969386090814data7.96249614821IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                            .rsrc0x3e0000x426c80x42800False0.409991042058data5.87126152063IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0x820000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountry
                                                                            RT_ICON0x3e4c00x3acdPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            RT_ICON0x41f900x668data
                                                                            RT_ICON0x425f80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4287137928, next used block 12320655
                                                                            RT_ICON0x428e00x1e8data
                                                                            RT_ICON0x42ac80x128GLS_BINARY_LSB_FIRST
                                                                            RT_ICON0x42bf00x662aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            RT_ICON0x4921c0xea8data
                                                                            RT_ICON0x4a0c40x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15987957, next used block 16184308
                                                                            RT_ICON0x4a96c0x6c8data
                                                                            RT_ICON0x4b0340x568GLS_BINARY_LSB_FIRST
                                                                            RT_ICON0x4b59c0x6014PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            RT_ICON0x515b00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 2533359616, next used block 620756992
                                                                            RT_ICON0x61dd80x94a8data
                                                                            RT_ICON0x6b2800x67e8data
                                                                            RT_ICON0x71a680x5488data
                                                                            RT_ICON0x76ef00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 16777215, next used block 520093696
                                                                            RT_ICON0x7b1180x25a8data
                                                                            RT_ICON0x7d6c00x10a8data
                                                                            RT_ICON0x7e7680x988data
                                                                            RT_ICON0x7f0f00x468GLS_BINARY_LSB_FIRST
                                                                            RT_GROUP_ICON0x7f5580x11edata
                                                                            RT_VERSION0x7f6780x3f8data
                                                                            RT_MANIFEST0x7fa700xc55XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                            Imports

                                                                            DLLImport
                                                                            mscoree.dll_CorExeMain

                                                                            Version Infos

                                                                            DescriptionData
                                                                            Translation0x0000 0x04b0
                                                                            LegalCopyrightCopyright (c) 2020 Discord Inc. All rights reserved.
                                                                            Assembly Version0.0.52.0
                                                                            InternalNameJqeofcirr6.exe
                                                                            FileVersion0.0.52.0
                                                                            CompanyNameDiscord Inc.
                                                                            CommentsDiscord - https://discord.com/
                                                                            ProductNameDiscord - https://discord.com/
                                                                            ProductVersion0.0.52.0
                                                                            FileDescriptionDiscord - https://discord.com/
                                                                            OriginalFilenameJqeofcirr6.exe

                                                                            Network Behavior

                                                                            Snort IDS Alerts

                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                            11/27/20-16:11:05.994110TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49743587192.168.2.3167.88.170.2
                                                                            11/27/20-16:11:11.304820TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49745587192.168.2.3167.88.170.2

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Nov 27, 2020 16:10:52.158862114 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.263959885 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.264108896 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.360889912 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.463006020 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.463107109 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.463140011 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.463161945 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.463205099 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.463321924 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.463380098 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.464363098 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.501524925 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.603996038 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:52.646924973 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:52.883559942 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:10:53.026262045 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:53.222007036 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:10:53.272025108 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:11:04.340401888 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:11:04.442574024 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:11:04.442604065 CET44349742184.73.247.141192.168.2.3
                                                                            Nov 27, 2020 16:11:04.442673922 CET49742443192.168.2.3184.73.247.141
                                                                            Nov 27, 2020 16:11:04.442713022 CET49742443192.168.2.3184.73.247.141

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Nov 27, 2020 16:08:53.528259039 CET5598453192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:53.555396080 CET53559848.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:54.346304893 CET6418553192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:54.373559952 CET53641858.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:55.077522993 CET6511053192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:55.104626894 CET53651108.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:55.727773905 CET5836153192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:55.754899025 CET53583618.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:56.383045912 CET6349253192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:56.410063982 CET53634928.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:57.223372936 CET6083153192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:57.250415087 CET53608318.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:58.022825956 CET6010053192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:58.058121920 CET53601008.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:58.771238089 CET5319553192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:58.806698084 CET53531958.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:08:59.474934101 CET5014153192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:08:59.501928091 CET53501418.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:00.408293962 CET5302353192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:00.435436964 CET53530238.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:01.230299950 CET4956353192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:01.257329941 CET53495638.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:01.880844116 CET5135253192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:01.908000946 CET53513528.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:02.573705912 CET5934953192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:02.600739002 CET53593498.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:03.226224899 CET5708453192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:03.265074968 CET53570848.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:03.861419916 CET5882353192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:03.888498068 CET53588238.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:09.480675936 CET5756853192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:09.516343117 CET53575688.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:10.691750050 CET5054053192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:10.718745947 CET53505408.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:11.561167955 CET5436653192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:11.596489906 CET53543668.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:18.477480888 CET5303453192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:18.504587889 CET53530348.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:21.647043943 CET5776253192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:21.685254097 CET53577628.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:40.545411110 CET5543553192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:40.588783026 CET53554358.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:52.954413891 CET5071353192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:52.981622934 CET53507138.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:09:56.917171001 CET5613253192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:09:56.954147100 CET53561328.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:10:28.759417057 CET5898753192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:10:28.786559105 CET53589878.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:10:30.345846891 CET5657953192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:10:30.381548882 CET53565798.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:10:51.953882933 CET6063353192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:10:51.980912924 CET53606338.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:10:52.011595964 CET6129253192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:10:52.038728952 CET53612928.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:11:04.332662106 CET6361953192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:11:04.384574890 CET53636198.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:11:08.244714022 CET6493853192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:11:08.271965027 CET53649388.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:11:08.275780916 CET6194653192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:11:08.303155899 CET53619468.8.8.8192.168.2.3
                                                                            Nov 27, 2020 16:11:09.849248886 CET6491053192.168.2.38.8.8.8
                                                                            Nov 27, 2020 16:11:09.884805918 CET53649108.8.8.8192.168.2.3

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                            Nov 27, 2020 16:10:51.953882933 CET192.168.2.38.8.8.80x8481Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.011595964 CET192.168.2.38.8.8.80xf6b0Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:04.332662106 CET192.168.2.38.8.8.80xc01fStandard query (0)novget.comA (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.244714022 CET192.168.2.38.8.8.80xc777Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.275780916 CET192.168.2.38.8.8.80xa647Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:09.849248886 CET192.168.2.38.8.8.80x4321Standard query (0)novget.comA (IP address)IN (0x0001)

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com184.73.247.141A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.42.25A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.66.103A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.220.115A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.182.194A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.164.148A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:51.980912924 CET8.8.8.8192.168.2.30x8481No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.252.4A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com174.129.214.20A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.204.14.42A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.42.25A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.142.93A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.220.115A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.169.28A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.182.194A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:10:52.038728952 CET8.8.8.8192.168.2.30xf6b0No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.66.103A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:04.384574890 CET8.8.8.8192.168.2.30xc01fNo error (0)novget.com167.88.170.2A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.169.28A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.182.194A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.204.14.42A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.66.103A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.252.36A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.42.25A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.271965027 CET8.8.8.8192.168.2.30xc777No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.126.66A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.169.28A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.182.194A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.204.14.42A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.66.103A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.252.36A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.42.25A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:08.303155899 CET8.8.8.8192.168.2.30xa647No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.126.66A (IP address)IN (0x0001)
                                                                            Nov 27, 2020 16:11:09.884805918 CET8.8.8.8192.168.2.30x4321No error (0)novget.com167.88.170.2A (IP address)IN (0x0001)

                                                                            HTTPS Packets

                                                                            TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                            Nov 27, 2020 16:10:52.464363098 CET184.73.247.141443192.168.2.349742CN=*.ipify.org, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBWed Jan 24 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue Jan 19 01:00:00 CET 2010Sun Jan 24 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Tue Jan 19 00:59:59 CET 2038771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                            CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBWed Feb 12 01:00:00 CET 2014Mon Feb 12 00:59:59 CET 2029
                                                                            CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Jan 19 01:00:00 CET 2010Tue Jan 19 00:59:59 CET 2038

                                                                            Code Manipulations

                                                                            Statistics

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            Analysis Process: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 1740 Parent PID: 5712

                                                                            General

                                                                            Start time:16:08:57
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe'
                                                                            Imagebase:0x900000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.252121672.0000000002D02000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Analysis Process: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5936 Parent PID: 1740

                                                                            General

                                                                            Start time:16:09:12
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            Imagebase:0x380000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low

                                                                            Analysis Process: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664 Parent PID: 1740

                                                                            General

                                                                            Start time:16:09:12
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
                                                                            Imagebase:0xdf0000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.494562870.0000000003276000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6248 Parent PID: 3388

                                                                            General

                                                                            Start time:16:09:23
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                                                                            Imagebase:0x720000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.301127275.0000000002BC1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.301544638.0000000003B41000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 31%, ReversingLabs
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6536 Parent PID: 3388

                                                                            General

                                                                            Start time:16:09:31
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
                                                                            Imagebase:0x450000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.316335903.0000000002978000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6828 Parent PID: 6248

                                                                            General

                                                                            Start time:16:09:34
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Imagebase:0x310000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6888 Parent PID: 6248

                                                                            General

                                                                            Start time:16:09:35
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Imagebase:0x160000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6896 Parent PID: 6248

                                                                            General

                                                                            Start time:16:09:36
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Imagebase:0x210000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6904 Parent PID: 6248

                                                                            General

                                                                            Start time:16:09:36
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Imagebase:0xa30000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Analysis Process: vlc.exe PID: 6996 Parent PID: 6536

                                                                            General

                                                                            Start time:16:09:43
                                                                            Start date:27/11/2020
                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
                                                                            Imagebase:0x870000
                                                                            File size:518656 bytes
                                                                            MD5 hash:0998148D355B1E7BAD7B44558AA4C125
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Disassembly

                                                                            Code Analysis

                                                                            Reset < >