Play interactive tour

Edit tour

Windows Analysis Report NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.scr

Overview

General Information

Sample Name:	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.scr (renamed file extension from scr to exe)
Analysis ID:	480139
MD5:	f32aa361fffe742283b359c7ddd89b12
SHA1:	ac49b724960549f4c0ab55f4eb5c3bc47e1035d6
SHA256:	2542ddfa02d8a9a56738e822dd5ee0db7540229d18903dd29a46db06d87413dc
Infos:
Most interesting Screenshot:

Detection

Clipboard Hijacker

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Clipboard Hijacker

Multi AV Scanner detection for dropped file

Drops PE files to the startup folder

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

.NET source code contains very large strings

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Stores files to the Windows start menu directory

Creates processes with suspicious names

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Drops PE files

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a window with clipboard capturing capabilities

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 908 cmdline: 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 1564 cmdline: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 3920 cmdline: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 3340 cmdline: 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' .. MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 1384 cmdline: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 3412 cmdline: 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' .. MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 3112 cmdline: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 2212 cmdline: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 2100 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 6592 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 6652 cmdline: 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' MD5: F32AA361FFFE742283B359C7DDD89B12)

NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe (PID: 6948 cmdline: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe MD5: F32AA361FFFE742283B359C7DDD89B12)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author
0000001E.00000002.474773876.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
0000000E.00000002.474728537.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
00000006.00000002.474719464.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
00000008.00000002.474667341.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
00000019.00000002.474822513.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3920	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3340	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3340	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 1384	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3412	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3412	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2212	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2100	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2100	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6592	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6652	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6652	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6948	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Click to see the 25 entries

Unpacked PEs

Source	Rule	Description	Author
30.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
0.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2822534.1.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
7.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.3552534.1.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
8.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
25.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
12.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2502534.1.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
14.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
26.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2a62534.1.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
16.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2882900.1.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
26.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2a62534.1.raw.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
6.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
16.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2882900.1.raw.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
12.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2502534.1.raw.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
0.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2822534.1.raw.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
7.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.3552534.1.raw.unpack	JoeSecurity_Clipboard_Hijacker_1	Yara detected Clipboard Hijacker	Joe Security
Click to see the 10 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Virustotal: Detection: 23%

Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Virustotal: Detection: 23%			Perma Link
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Virustotal: Detection: 23%			Perma Link

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.485103633.00000000031D2000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.484647024.0000000002B80000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.484280424.0000000002C00000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.483378532.0000000002EB2000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.484864285.0000000002DB0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000010.00000002.297726117.0000000000CDB000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Window created: window name: CLIPBRDWNDCLASS

System Summary:

.NET source code contains very large strings

Show sources

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, MainForm.cs	Long String: Length: 148742
Source: 0.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.130000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 0.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.130000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 5.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.290000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 5.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.290000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.6.dr, MainForm.cs	Long String: Length: 148742
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe0.6.dr, MainForm.cs	Long String: Length: 148742
Source: 6.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.bf0000.1.unpack, MainForm.cs	Long String: Length: 148742
Source: 6.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.bf0000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 7.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.f30000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 7.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.f30000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 8.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.590000.1.unpack, MainForm.cs	Long String: Length: 148742
Source: 8.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.590000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 12.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.1d0000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 12.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.1d0000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 13.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.250000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 13.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.250000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 14.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.660000.1.unpack, MainForm.cs	Long String: Length: 148742
Source: 14.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.660000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 16.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.520000.0.unpack, MainForm.cs	Long String: Length: 148742
Source: 16.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.520000.0.unpack, MainForm.cs	Long String: Length: 148742

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 0_2_00A6C2B4	0_2_00A6C2B4
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 0_2_00A6E608	0_2_00A6E608
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 0_2_00A6E618	0_2_00A6E618
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 6_2_0134B89C	6_2_0134B89C
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 6_2_0134DB18	6_2_0134DB18
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 6_2_0134DB08	6_2_0134DB08
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 6_2_061AC898	6_2_061AC898
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 7_2_0164C2B4	7_2_0164C2B4
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 7_2_0164E608	7_2_0164E608
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 7_2_0164E618	7_2_0164E618
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 8_2_00FDB89C	8_2_00FDB89C
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 8_2_00FDDB18	8_2_00FDDB18
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 8_2_00FDDB08	8_2_00FDDB08
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 8_2_05F5C898	8_2_05F5C898

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Virustotal: Detection: 23%

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File read: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Jump to behavior

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File created: C:\Users\user\AppData\Local\Temp\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Jump to behavior

Source: classification engine

Classification label: mal92.adwa.spyw.evad.winEXE@19/18@0/0

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\C://Users//user//AppData//Roaming//Microsoft//Windows//Start Menu//Programs//Startup//NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\C://Users//user//Desktop//NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.130000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.130000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.290000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 5.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.290000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.6.dr, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe0.6.dr, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 6.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.bf0000.1.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 6.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.bf0000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 7.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.f30000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 7.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.f30000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 8.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.590000.1.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 8.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.590000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 12.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.1d0000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 12.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.1d0000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.250000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 13.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.250000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 14.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.660000.1.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 14.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.660000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 16.0.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.520000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 16.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.520000.0.unpack, MainForm.cs	.Net Code: X0FT_FT2 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 0_2_00137924 push ss; retf	0_2_00137926
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 5_2_00297924 push ss; retf	5_2_00297926
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 6_2_00BF7924 push ss; retf	6_2_00BF7926
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 6_2_061ADA58 push eax; ret	6_2_061ADC29
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 7_2_00F37924 push ss; retf	7_2_00F37926
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 8_2_00597924 push ss; retf	8_2_00597926
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Code function: 8_2_00FDB5E0 push esp; retn 04DEh	8_2_00FDCC0D

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: \new covid-19 response & survivors {youtube instruction}.exe

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe			Jump to dropped file
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: C:\Users\user\AppData\Local\Temp\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe			Jump to dropped file

Boot Survival:

Drops PE files to the startup folder

Show sources

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Jump to dropped file

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe			Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.lnk			Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6652, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 580	Thread sleep time: -38685s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 5124	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 1236	Thread sleep time: -41661s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 3008	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 5496	Thread sleep time: -40769s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 3008	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 1760	Thread sleep time: -41291s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 4072	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 6656	Thread sleep time: -45698s >= -30000s
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe TID: 6684	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 38685	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 41661	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 40769	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 41291
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 45698
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Memory written: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Memory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Memory written: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe base: 400000 value starts with: 4D5A

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.483274538.00000000019E0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.482203750.0000000001380000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.481014967.00000000014D0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.481056709.00000000017A0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.482788621.00000000016D0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.483274538.00000000019E0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.482203750.0000000001380000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.481014967.00000000014D0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.481056709.00000000017A0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.482788621.00000000016D0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.483274538.00000000019E0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.482203750.0000000001380000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.481014967.00000000014D0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.481056709.00000000017A0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.482788621.00000000016D0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.483274538.00000000019E0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.482203750.0000000001380000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.481014967.00000000014D0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.481056709.00000000017A0000.00000002.00020000.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.482788621.00000000016D0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Clipboard Hijacker

Show sources

Source: Yara match	File source: 30.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2822534.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.3552534.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2502534.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2a62534.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2882900.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2a62534.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2882900.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2502534.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.2822534.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.3552534.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.474773876.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.474728537.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.474719464.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.474667341.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.474822513.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3920, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 1384, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6592, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6652, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6948, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Startup Items1	Startup Items1	Masquerading1	Input Capture1	Security Software Discovery21	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Registry Run Keys / Startup Folder121	Process Injection112	Disable or Modify Tools1	LSASS Memory	Process Discovery2	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Registry Run Keys / Startup Folder121	Virtualization/Sandbox Evasion21	Security Account Manager	Virtualization/Sandbox Evasion21	SMB/Windows Admin Shares	Clipboard Data1	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	File and Directory Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	System Information Discovery12	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing1	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	24%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	24%	Virustotal		Browse
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	24%	Virustotal		Browse

Unpacked PE Files

Source	Detection	Scanner	Label	Download
30.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1100742	Download File
8.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1100742	Download File
25.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1100742	Download File
14.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1100742	Download File
6.2.NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1100742	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designersG	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.tiro.com	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.goodfont.co.kr	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/cThe	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.fonts.com	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false		high
http://www.sandoll.co.kr	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.485103633.00000000031D2000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.484647024.0000000002B80000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.484280424.0000000002C00000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.483378532.0000000002EB2000.00000004.00000001.sdmp, NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.484864285.0000000002DB0000.00000004.00000001.sdmp	false		high
http://www.sakkal.com	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229837698.0000000006662000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	480139
Start date:	08.09.2021
Start time:	23:29:29
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.scr (renamed file extension from scr to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	37
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.adwa.spyw.evad.winEXE@19/18@0/0
EGA Information:	Successful, ratio: 80%
HDC Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 103 Number of non-executed functions: 3
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Execution Graph export aborted for target NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, PID 1564 because there are no executed function Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:30:26	API Interceptor	11x Sleep call for process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe modified
23:30:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater "C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe" ..
23:30:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdater "C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe" ..
23:30:46	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
23:30:54	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.lnk

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_oayvklpnunw4sgm2rurvkldiyxi41cfl\1.0.0.0\1x2042sd.newcfg Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	938
Entropy (8bit):	4.93731149859316
Encrypted:	false
SSDEEP:	24:2dqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:crr7HKh7HqT6N9ayZd
MD5:	C9B8B641854AA4350B67762FB49C37B7
SHA1:	580CE883ECFF4ECE9F1CF214E01651E71E412E5C
SHA-256:	8ACCDB0C85AEBF3B9A1791B7F0F3ECE502872749DB5348E9C4592CB381CFFEE8
SHA-512:	327A6767E12D500DF9241332D026EBD83720792B41ED20DBBBBBD0DFE44320E385CBE33035D64F8F2C367903CDEBC3D9368701F2236483B30E7F5EE55B2C1113
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_oayvklpnunw4sgm2rurvkldiyxi41cfl\1.0.0.0\cq4jcbh5.newcfg Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.941171678472515
Encrypted:	false
SSDEEP:	24:cdqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:6rr7HKh7HqT6N9ayZd
MD5:	3732164050CA685EB9FD4A8FB5375474
SHA1:	E3CEF8F7F86208FFEC490CCEF3B103D47234AD34
SHA-256:	4F22E67B19A79A96450A9A5095E266E6B4BED2A1182BEA65178719FF884BDE1A
SHA-512:	22A6847813C5988239383A4FE81F6B05153028B4087BB510E280E5E0EFDB64ABBA83EE47C086D41CE1C9436365BDCE4CBE792A7DA85487AC01C4289DB8702166
Malicious:	false
Reputation:	low
Preview:	x<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_oayvklpnunw4sgm2rurvkldiyxi41cfl\1.0.0.0\g5bnkh4f.newcfg Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.941171678472515
Encrypted:	false
SSDEEP:	24:cdqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:6rr7HKh7HqT6N9ayZd
MD5:	3732164050CA685EB9FD4A8FB5375474
SHA1:	E3CEF8F7F86208FFEC490CCEF3B103D47234AD34
SHA-256:	4F22E67B19A79A96450A9A5095E266E6B4BED2A1182BEA65178719FF884BDE1A
SHA-512:	22A6847813C5988239383A4FE81F6B05153028B4087BB510E280E5E0EFDB64ABBA83EE47C086D41CE1C9436365BDCE4CBE792A7DA85487AC01C4289DB8702166
Malicious:	false
Reputation:	low
Preview:	x<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_oayvklpnunw4sgm2rurvkldiyxi41cfl\1.0.0.0\ldanjrhm.newcfg Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.941171678472515
Encrypted:	false
SSDEEP:	24:cdqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:6rr7HKh7HqT6N9ayZd
MD5:	3732164050CA685EB9FD4A8FB5375474
SHA1:	E3CEF8F7F86208FFEC490CCEF3B103D47234AD34
SHA-256:	4F22E67B19A79A96450A9A5095E266E6B4BED2A1182BEA65178719FF884BDE1A
SHA-512:	22A6847813C5988239383A4FE81F6B05153028B4087BB510E280E5E0EFDB64ABBA83EE47C086D41CE1C9436365BDCE4CBE792A7DA85487AC01C4289DB8702166
Malicious:	false
Reputation:	low
Preview:	x<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_oayvklpnunw4sgm2rurvkldiyxi41cfl\1.0.0.0\user.config (copy) Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.941171678472515
Encrypted:	false
SSDEEP:	24:cdqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:6rr7HKh7HqT6N9ayZd
MD5:	3732164050CA685EB9FD4A8FB5375474
SHA1:	E3CEF8F7F86208FFEC490CCEF3B103D47234AD34
SHA-256:	4F22E67B19A79A96450A9A5095E266E6B4BED2A1182BEA65178719FF884BDE1A
SHA-512:	22A6847813C5988239383A4FE81F6B05153028B4087BB510E280E5E0EFDB64ABBA83EE47C086D41CE1C9436365BDCE4CBE792A7DA85487AC01C4289DB8702166
Malicious:	false
Reputation:	low
Preview:	x<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_tatlunv3zyeed5hjoxnwtpxouqttf0vz\1.0.0.0\jd3pojeo.newcfg Download File
Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	938
Entropy (8bit):	4.93731149859316
Encrypted:	false
SSDEEP:	24:2dqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:crr7HKh7HqT6N9ayZd
MD5:	C9B8B641854AA4350B67762FB49C37B7
SHA1:	580CE883ECFF4ECE9F1CF214E01651E71E412E5C
SHA-256:	8ACCDB0C85AEBF3B9A1791B7F0F3ECE502872749DB5348E9C4592CB381CFFEE8
SHA-512:	327A6767E12D500DF9241332D026EBD83720792B41ED20DBBBBBD0DFE44320E385CBE33035D64F8F2C367903CDEBC3D9368701F2236483B30E7F5EE55B2C1113
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Get_Cliboard_Address\NEW_COVID-19_Response_&_S_Url_tatlunv3zyeed5hjoxnwtpxouqttf0vz\1.0.0.0\user.config (copy) Download File
Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	938
Entropy (8bit):	4.93731149859316
Encrypted:	false
SSDEEP:	24:2dqIK07E449IEK6E4Ev+XrU6N9avX6Zvpr:crr7HKh7HqT6N9ayZd
MD5:	C9B8B641854AA4350B67762FB49C37B7
SHA1:	580CE883ECFF4ECE9F1CF214E01651E71E412E5C
SHA-256:	8ACCDB0C85AEBF3B9A1791B7F0F3ECE502872749DB5348E9C4592CB381CFFEE8
SHA-512:	327A6767E12D500DF9241332D026EBD83720792B41ED20DBBBBBD0DFE44320E385CBE33035D64F8F2C367903CDEBC3D9368701F2236483B30E7F5EE55B2C1113
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Get_Cliboard_Address.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Get_Cliboard_Address.My.MySettings>.. <setting name="GET_" serializeAs="String">.. <value>2021-09-11</value>.. </setting>.. <setting name="SET_" serializeAs="String">.. <value>1</value>.. </setting>.. </Get_Cliboard_Address.My.MySettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe.log Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.355304211458859
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
MD5:	FED34146BF2F2FA59DCF8702FCC8232E
SHA1:	B03BFEA175989D989850CF06FE5E7BBF56EAA00A
SHA-256:	123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
SHA-512:	1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

C:\Users\user\AppData\Local\Temp\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	550400
Entropy (8bit):	5.957862904488846
Encrypted:	false
SSDEEP:	6144:sUrUPKFJLgG5LC+IxkROhWHHro3S4qix7B2MtxEC:RvLyaTHro7X2M/
MD5:	F32AA361FFFE742283B359C7DDD89B12
SHA1:	AC49B724960549F4C0AB55F4EB5C3BC47E1035D6
SHA-256:	2542DDFA02D8A9A56738E822DD5EE0DB7540229D18903DD29A46DB06D87413DC
SHA-512:	26E933B975DBF59A45F91877FEAEA96A1FE06F0E67BCBFB970CE7105ED207D5C5A1517E9E4B58BFF00E28CCB6262E84EFE58A4ED7C99358FC4A051A1C0B379E1
Malicious:	true
Antivirus:	Antivirus: Virustotal, Detection: 24%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8a..............0..\...........z... ........@.. ....................................@.................................Lz..O.................................................................................... ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H........n..........F....m...............................................0...........r...p.+....0...........r;..p.+....0..................+..".(.....^..}.....(.......(.........0.............+....0..+.........,..{.......+....,...{....o........(.......0............(......"...@"..@As....(.......(.......o...... .... ....s....(.......( ......(!......(".....rQ..p(#......($......(%.....r]..po&......('....z..}......}.....(.......(!....*.0.............((.....{.....o).....{....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	550400
Entropy (8bit):	5.957862904488846
Encrypted:	false
SSDEEP:	6144:sUrUPKFJLgG5LC+IxkROhWHHro3S4qix7B2MtxEC:RvLyaTHro7X2M/
MD5:	F32AA361FFFE742283B359C7DDD89B12
SHA1:	AC49B724960549F4C0AB55F4EB5C3BC47E1035D6
SHA-256:	2542DDFA02D8A9A56738E822DD5EE0DB7540229D18903DD29A46DB06D87413DC
SHA-512:	26E933B975DBF59A45F91877FEAEA96A1FE06F0E67BCBFB970CE7105ED207D5C5A1517E9E4B58BFF00E28CCB6262E84EFE58A4ED7C99358FC4A051A1C0B379E1
Malicious:	true
Antivirus:	Antivirus: Virustotal, Detection: 24%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8a..............0..\...........z... ........@.. ....................................@.................................Lz..O.................................................................................... ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H........n..........F....m...............................................0...........r...p.+....0...........r;..p.+....0..................+..".(.....^..}.....(.......(.........0.............+....0..+.........,..{.......+....,...{....o........(.......0............(......"...@"..@As....(.......(.......o...... .... ....s....(.......( ......(!......(".....rQ..p(#......($......(%.....r]..po&......('....z..}......}.....(.......(!....*.0.............((.....{.....o).....{....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.lnk Download File
Process:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Icon number=0, Archive, ctime=Thu Sep 9 05:30:15 2021, mtime=Thu Sep 9 05:31:13 2021, atime=Thu Sep 9 05:30:18 2021, length=550400, window=hide
Category:	dropped
Size (bytes):	1784
Entropy (8bit):	3.6780290205567545
Encrypted:	false
SSDEEP:	24:8T9ML+nFUUBtX+bFBTAQATQiX+bFBThPBX+bFBTLONQYX+bFBTrmKY:8ZmmFUVFBsTsFBdPIFBfa0FBnfY
MD5:	4EE04CFF966A2CA9974D14E198A2F1AB
SHA1:	D7AE61E1ED522E655553395C1AF3C5E284A5903F
SHA-256:	1C648EF3403064FA6246FE20D6B0F7ACCECE6948C1DA275D05E9C35501754F6B
SHA-512:	E8DDAF6563E0B348640B28DD993AB267D4B128991DA749C111C7017F8934583A3A26B692B9545762B0E224772FB35EAE61C9D5E06A947CBF759167F7D545898D
Malicious:	false
Preview:	L..................F.@.. ....5.&D.....&ID....1.(D....f...........................P.O. .:i.....+00.:...:..,.LB.)...A&...&......N....-...5.&D.....HJD.......2..f..)S.3 .NEWCOV~1.EXE.........)S.3)S.3....H.........................N.E.W. .C.O.V.I.D.-.1.9. .R.e.s.p.o.n.s.e. .&. .S.u.r.v.i.v.o.r.s. .{.Y.O.U.T.U.B.E. .I.N.S.T.R.U.C.T.I.O.N.}...e.x.e.......................-...................._1......C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe..X.....\.....\.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.N.E.W. .C.O.V.I.D.-.1.9. .R.e.s.p.o.n.s.e. .&. .S.u.r.v.i.v.o.r.s. .{.Y.O.U.T.U.B.E. .I.N.S.T.R.U.C.T.I.O.N.}...e.x.e.R.C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.D.e.s.k.t.o.p.\.N.E.W. .C.O.V.I.D.-.1.9. .R.e.s.p.o.n.s.e. .&. .S.u.r.v.i.v.o.r.s. .{.Y.O.U.T.U.B.E. .I.N.S.T.R.U.C.T.I.O.N.}...e.x.e.........%USERPROFILE%\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe....................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.957862904488846
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
File size:	550400
MD5:	f32aa361fffe742283b359c7ddd89b12
SHA1:	ac49b724960549f4c0ab55f4eb5c3bc47e1035d6
SHA256:	2542ddfa02d8a9a56738e822dd5ee0db7540229d18903dd29a46db06d87413dc
SHA512:	26e933b975dbf59a45f91877feaea96a1fe06f0e67bcbfb970ce7105ed207d5c5a1517e9e4b58bff00e28ccb6262e84efe58a4ed7c99358fc4a051a1c0b379e1
SSDEEP:	6144:sUrUPKFJLgG5LC+IxkROhWHHro3S4qix7B2MtxEC:RvLyaTHro7X2M/
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8a..............0..\...........z... ........@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x487a9e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x6138C3A7 [Wed Sep 8 14:07:35 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x87a4c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x88000	0x5fc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x85aa4	0x85c00	False	0.506591340537	data	5.96411298414	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x88000	0x5fc	0x600	False	0.432291666667	data	4.20430574648	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8a000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x88090	0x36c	data
RT_MANIFEST	0x8840c	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2014
Assembly Version	1.0.0.0
InternalName	Int32ArrayTypeIn.exe
FileVersion	1.0.0.0
CompanyName
LegalTrademarks
Comments
ProductName	ConsoleGameCollection
ProductVersion	1.0.0.0
FileDescription	ConsoleGameCollection
OriginalFilename	Int32ArrayTypeIn.exe

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908 Parent PID: 5252

General

Start time:	23:30:19
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe'
Imagebase:	0x130000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 1564 Parent PID: 908

General

Start time:	23:30:27
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0x290000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3920 Parent PID: 908

General

Start time:	23:30:27
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0xbf0000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 00000006.00000002.474719464.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3340 Parent PID: 3388

General

Start time:	23:30:38
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' ..
Imagebase:	0xf30000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 1384 Parent PID: 3340

General

Start time:	23:30:42
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0x590000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 00000008.00000002.474667341.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3412 Parent PID: 3388

General

Start time:	23:30:46
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' ..
Imagebase:	0x1d0000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3112 Parent PID: 3412

General

Start time:	23:30:50
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0x250000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2212 Parent PID: 3412

General

Start time:	23:30:50
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0x660000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 0000000E.00000002.474728537.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 2100 Parent PID: 3388

General

Start time:	23:30:55
Start date:	08/09/2021
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe'
Imagebase:	0x520000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 24%, Virustotal, Browse
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6592 Parent PID: 2100

General

Start time:	23:31:01
Start date:	08/09/2021
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0xaa0000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 00000019.00000002.474822513.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6652 Parent PID: 3388

General

Start time:	23:31:03
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe'
Imagebase:	0x630000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 6948 Parent PID: 6652

General

Start time:	23:31:09
Start date:	08/09/2021
Path:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Imagebase:	0x7a0000
File size:	550400 bytes
MD5 hash:	F32AA361FFFE742283B359C7DDD89B12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker_1, Description: Yara detected Clipboard Hijacker, Source: 0000001E.00000002.474773876.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908 Parent PID: 5252 NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exeCOMMON

Execution Graph

Execution Coverage:	9.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	118
Total number of Limit Nodes:	3

Executed Functions

Function 00A69430, Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A69676

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 9093b4bd9aec35dde146b112857a3fac0039c58fea3e32713c4c6f267fb04c2e
Instruction ID: 45b198db8880bdf0a928b6d2f26d64c6a7b0829fc2f6657e3fd45fc98cb3852d
Opcode Fuzzy Hash: 9093b4bd9aec35dde146b112857a3fac0039c58fea3e32713c4c6f267fb04c2e
Instruction Fuzzy Hash: 03712570A00B058FDB64DF6AD14579BBBF9BF88304F008A29D48AD7A50DB75E809CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E1E0, Relevance: 1.6, APIs: 1, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A6FEAA

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: f2bfde78a24435d064afe58d3bba07282ed7c8518e727c516c09503970d047f1
Instruction ID: 2d00954668284c85c407280553dadc97af12440386946550dd19d247cf07cbc1
Opcode Fuzzy Hash: f2bfde78a24435d064afe58d3bba07282ed7c8518e727c516c09503970d047f1
Instruction Fuzzy Hash: 4C510FB1D04348DFDB15CFA9D884ADEBFB5BF48314F24852AE818AB221D7719885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A6FD8C, Relevance: 1.6, APIs: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A6FEAA

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: fb58e81d0c96b520cf179017da17722dc2641f0e47259785dec83fad66f5861e
Instruction ID: f905b040020bb337b254585bd73ff6afa046818e62abc97e66b6d4f883e6f7df
Opcode Fuzzy Hash: fb58e81d0c96b520cf179017da17722dc2641f0e47259785dec83fad66f5861e
Instruction Fuzzy Hash: E751DDB1D003489FDB14CFA9D884ADEFFB1BF48314F24862AE819AB251D7759845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E1FC, Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00A6FEAA

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: d2a7d945625526ebdaf5c56a6ac98f268c341e2e9c8f488858ea7881b3db8abc
Instruction ID: 008057dbb727ab7bc3056397442959ec3cacaf5c30d6bf2fc08f825a1454ecd2
Opcode Fuzzy Hash: d2a7d945625526ebdaf5c56a6ac98f268c341e2e9c8f488858ea7881b3db8abc
Instruction Fuzzy Hash: C051EEB1D003089FDB14CFA9D884ADEBFB5BF48314F24852AE819AB211D7719841CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A65365, Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A65421

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 0f4d9ebc4b22824d89053a74a0a86eb859b96643305e00a7d223b0a532eb8ede
Instruction ID: e767f99b0d6f11340867b4fd5a8bf61d87aab792103c89e88d22f67d64121202
Opcode Fuzzy Hash: 0f4d9ebc4b22824d89053a74a0a86eb859b96643305e00a7d223b0a532eb8ede
Instruction Fuzzy Hash: 07411271D00658CEDB24CFA9C888BDEBBB6BF48308F248469D418BB251DB755986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A63E20, Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A65421

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: fe84977fa0481001fe63776127b01a850493d9413e79c896dfca63fbf8fb69d2
Instruction ID: 0e0f13b51780c2242fb105ccbdc711d513bc6ea62d8d35dafc8bbb74812d2e74
Opcode Fuzzy Hash: fe84977fa0481001fe63776127b01a850493d9413e79c896dfca63fbf8fb69d2
Instruction Fuzzy Hash: 9541E0B1D00618CFDB24DFA9C848BDEBBB6BF48308F248469D419BB251DB756985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A6B948, Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A6B916,?,?,?,?,?), ref: 00A6B9D7

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8ba7786bdaa7bdcbba26375379a4d24f89fe2a0ed9c79ce1aa8dbfe8d2b079ff
Instruction ID: 6a829614f4f6f046ebc7b6a2e22f6189d533faf6c4979edc8dbb5653cf11aa06
Opcode Fuzzy Hash: 8ba7786bdaa7bdcbba26375379a4d24f89fe2a0ed9c79ce1aa8dbfe8d2b079ff
Instruction Fuzzy Hash: B121F0B5900248AFDB10CFAAD984AEEBFF4AF48324F14841AE955A3310C375A955CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A6AB3C, Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A6B916,?,?,?,?,?), ref: 00A6B9D7

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 24190eb9070a4855048866aa3e561dce25bc5f3ce64435841f9fa375356f10af
Instruction ID: bd3c76996c35596e1379f4c371269de75d7defe4972e35efd7e44894d00950c1
Opcode Fuzzy Hash: 24190eb9070a4855048866aa3e561dce25bc5f3ce64435841f9fa375356f10af
Instruction Fuzzy Hash: 6B21E5B59002489FDB10CF99D984AEEBFF8EB48324F14841AE915B3311D374A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A68EC8, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A696F1,00000800,00000000,00000000), ref: 00A69902

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e015ae56049553263310414468c4fee9258f65a9c02d55584c8995b5528e75d0
Instruction ID: 42cf3303ff9cde7b6d594517aa5248240fe0c2f9e7f1df3ea7ade588d107b5ea
Opcode Fuzzy Hash: e015ae56049553263310414468c4fee9258f65a9c02d55584c8995b5528e75d0
Instruction Fuzzy Hash: D411F2B69002498FCB10CF9AC444AEEBBF8AB58324F14842EE429A7210C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A69892, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A696F1,00000800,00000000,00000000), ref: 00A69902

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a7954a1720f73fb4c85b4d15fb70e7ab6508cfdbb6b1df86bd0f8a9b2b92b1a1
Instruction ID: a78326a7aa066eb5f896d18eede7ccce72c6f8404835cf24d5c9a4ac7c2272bc
Opcode Fuzzy Hash: a7954a1720f73fb4c85b4d15fb70e7ab6508cfdbb6b1df86bd0f8a9b2b92b1a1
Instruction Fuzzy Hash: E81106B6C002488FDB10CFAAC484AEEFBF8AB48314F14842ED455A7210C7759945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A69610, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A69676

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b7e0f937e631e2ee26ece0481485c7a377df53300e21fcf4bd2506d5d6da9a4b
Instruction ID: 24ede7905418d167633028087e7cf90d3b438316bd859496b0fa066a5c71f6ac
Opcode Fuzzy Hash: b7e0f937e631e2ee26ece0481485c7a377df53300e21fcf4bd2506d5d6da9a4b
Instruction Fuzzy Hash: E311DFB6C007498FDB10CF9AC444ADEFBF8AB89324F14852AD829B7710D379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00A6E618, Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9649fb7db4086c043f5319003b52448b01b127540b03cdc7cd1b484d3db9fa5
Instruction ID: 71957456358e389f065967785d3fee69000197893e5b45cc633ff521d3bfc556
Opcode Fuzzy Hash: f9649fb7db4086c043f5319003b52448b01b127540b03cdc7cd1b484d3db9fa5
Instruction Fuzzy Hash: 471293F9411F46CBE730CF65ED981893BA1F746328B904708D2A12BAF6DBB4124ACF55

Uniqueness

Uniqueness Score: -1.00%

Function 00A6C2B4, Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e92940ed48c55354783d623ba1ebb426096e95c7d76b769663c7c058917418
Instruction ID: 15837e71fc8484c038b34b78e257446a4d509014332ef9bc2119468f517f9d64
Opcode Fuzzy Hash: a1e92940ed48c55354783d623ba1ebb426096e95c7d76b769663c7c058917418
Instruction Fuzzy Hash: 96A16A36E002198FCF05DFB5C9449EEBBB2FF89310B15856AE905AB265EB31E915CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E608, Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.226946489.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07ccd643b14117a1276f36b7c16a7c4a44fdb6456227c31129ea83b969a16bd2
Instruction ID: c94d822f2aaf68390bd72a1a0f9a762d84dc510d21158df5c9dd40e3a20a4b02
Opcode Fuzzy Hash: 07ccd643b14117a1276f36b7c16a7c4a44fdb6456227c31129ea83b969a16bd2
Instruction Fuzzy Hash: 97C118B9811F468BD720DF65EC881897BB1FB86328F514708D2612B6F6DFB4124ACF54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3920 Parent PID: 908 NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exeCOMMON

Execution Graph

Execution Coverage:	6.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	120
Total number of Limit Nodes:	5

Executed Functions

Function 0134F140, Relevance: 1.7, APIs: 1, Instructions: 242
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0134F3AA

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 22b07b9497b61d5a8934a95764d27aa00c68b99b457a3fdbeb62db12349fd3c7
Instruction ID: 012730e212ac6225744eed17784d0484b3e7783a35bec41c3c7362c78560e83b
Opcode Fuzzy Hash: 22b07b9497b61d5a8934a95764d27aa00c68b99b457a3fdbeb62db12349fd3c7
Instruction Fuzzy Hash: 74916271C093899FDB02CFA9C8905DDBFB1AF4A304F19859BE484AB262D3349856CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01348988, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a1ce5e0c23808eee2ecaf489069ae0dc967de2d4bdb14cc76d3beade4219eda6
Instruction ID: cac9205a3c2ae5ff3d922c143fcbf2dfa36d533a1e02e543d8fb56efbcb54670
Opcode Fuzzy Hash: a1ce5e0c23808eee2ecaf489069ae0dc967de2d4bdb14cc76d3beade4219eda6
Instruction Fuzzy Hash: D4712670A00B058FE724DFAAC05579ABBF5FF48208F00896DD49AD7A40DB75F845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0134D4FC, Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0134F3AA

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: ff9a8440b47b32a2f8a6f55b0c6f4116f7330bb43091b5d02b22eaf9b558b8f7
Instruction ID: 66a8280aec13d9941a67172fef1d67d27fd615524189f5250f5f27204b759fb9
Opcode Fuzzy Hash: ff9a8440b47b32a2f8a6f55b0c6f4116f7330bb43091b5d02b22eaf9b558b8f7
Instruction Fuzzy Hash: 7C51BEB1D103489FDB14CF99C884ADEBBF5FF48314F64862AE819AB210D775A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01348F12, Relevance: 1.6, APIs: 1, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0134AF5E,?,?,?,?,?), ref: 0134B01F

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 23a5a1efb8a957fc2121f33090ac87dc79d0cecfc9585a087eb193dcaa0a60cd
Instruction ID: 6cceff84c0d5985c146c1bf00a71e18fe9ab2ad50632956d1dfe94a207c026e9
Opcode Fuzzy Hash: 23a5a1efb8a957fc2121f33090ac87dc79d0cecfc9585a087eb193dcaa0a60cd
Instruction Fuzzy Hash: B02124B5D00348AFDB10CF99D884AEEBBF8EB48324F14851AE925A3350D374A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01348F88, Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0134AF5E,?,?,?,?,?), ref: 0134B01F

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 90be8e7f30698e86efbdd63f7744a27b650f022eff616bb009b22f212e4fa815
Instruction ID: 33ce617de452aec2a67dd2865ec555d610696a5f28cc9dc1f88f6f00448c1620
Opcode Fuzzy Hash: 90be8e7f30698e86efbdd63f7744a27b650f022eff616bb009b22f212e4fa815
Instruction Fuzzy Hash: 3821E3B5900248AFDB10CF99D884AEEFFF8EB48324F14841AE914B7350D375A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134AF91, Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0134AF5E,?,?,?,?,?), ref: 0134B01F

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 66504bdb811b61042500c6902c149ea2610071972c0e2ea4a634f3bde34f9689
Instruction ID: 3a713aa57b86736779b4b674cbb0287cd67c65886fccd1e9ce290ab44df19654
Opcode Fuzzy Hash: 66504bdb811b61042500c6902c149ea2610071972c0e2ea4a634f3bde34f9689
Instruction Fuzzy Hash: 0E21DFB5D002589FDB10CFA9D984AEEBBF8EF08324F14841AE954B3310D379A954CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 061ABBDC, Relevance: 1.6, APIs: 1, Instructions: 55
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,061ACA7A,00000000,00000000,041040F0,0314A31C), ref: 061ACEC8

Memory Dump Source

Source File: 00000006.00000002.487848176.00000000061A0000.00000040.00000001.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_61a0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 4409f0a244f233ba3f34f1c76d599aed7f4354c876a14cd00c206603d128c477
Instruction ID: 9f65f8a45a49bc4f8dc4e6a31d03fa2efe36a1276f6e2ebd9eecb1afd225fab4
Opcode Fuzzy Hash: 4409f0a244f233ba3f34f1c76d599aed7f4354c876a14cd00c206603d128c477
Instruction Fuzzy Hash: EC1129B5C003499FDB10CF9AD584BEEBBF8EB08320F00842AE515B3200C374A554CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01348C00, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01349049,00000800,00000000,00000000), ref: 0134925A

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 31b009a7c352ac3af6b6f69272be0f4608ae5ee21ebd82dcc0ed277c4c0dc36a
Instruction ID: 06a821a8a06d4ebd1b7aec710f30be674b7ac147cacb02c86ad30376138a8ba1
Opcode Fuzzy Hash: 31b009a7c352ac3af6b6f69272be0f4608ae5ee21ebd82dcc0ed277c4c0dc36a
Instruction Fuzzy Hash: D41103B69002499FDB10CF9AC444BDEFBF8AB48328F14852AE519B7200C375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 061AD128, Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,061ACB07,00000000,041040F0,0314A31C,00000000,?), ref: 061AD195

Memory Dump Source

Source File: 00000006.00000002.487848176.00000000061A0000.00000040.00000001.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_61a0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 56ad4ec0564b2ec194fb51efedc2b9a10e2e70a554edb2f0685295331370cc7b
Instruction ID: f58a55e57561f6bd25f5fc8e16e3aadb9623de7996a48ca7f8a67c3b5c184465
Opcode Fuzzy Hash: 56ad4ec0564b2ec194fb51efedc2b9a10e2e70a554edb2f0685295331370cc7b
Instruction Fuzzy Hash: F011D6B5C007499FDB10CF99D944BEEBBF8AB48324F14842AE854A3601D374A554CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 061ABBF4, Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,061ACB07,00000000,041040F0,0314A31C,00000000,?), ref: 061AD195

Memory Dump Source

Source File: 00000006.00000002.487848176.00000000061A0000.00000040.00000001.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_61a0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 9501402e45ad16eae7230dc97b0c404094755103d3e6ba263c4a7607fc78c4c9
Instruction ID: 43e8da5059b87c74ac048ecf782af0d039d7778d568d03166406f35daa0df863
Opcode Fuzzy Hash: 9501402e45ad16eae7230dc97b0c404094755103d3e6ba263c4a7607fc78c4c9
Instruction Fuzzy Hash: 3311D3B5C007499FDB10CF9AD984BEEBBF8EB48324F54842AE454A3600C378A554CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 013491E9, Relevance: 1.6, APIs: 1, Instructions: 53
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01349049,00000800,00000000,00000000), ref: 0134925A

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: aae18187fa9eaf553529fdccef721461d39ca7faa5dc409d6fd6e1d2e8d30a12
Instruction ID: d77d98db514fe1be6438b901c31154b7d5b1c24f17c6cca90172948e1ed7d1fa
Opcode Fuzzy Hash: aae18187fa9eaf553529fdccef721461d39ca7faa5dc409d6fd6e1d2e8d30a12
Instruction Fuzzy Hash: 4E1112B6D002498FDB10CFAAC484BDEFBF4AF48328F14852AD569B7600C375A555CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 061ACE58, Relevance: 1.6, APIs: 1, Instructions: 51
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,061ACA7A,00000000,00000000,041040F0,0314A31C), ref: 061ACEC8

Memory Dump Source

Source File: 00000006.00000002.487848176.00000000061A0000.00000040.00000001.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_61a0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 733af1ef68718e5500bb3956b1e9b8610809b174f4e04cf1b24082408378e199
Instruction ID: 0aedbb0e947170c2d1129b946ff1aaed34e8ef074f7a398ea335f356f2090749
Opcode Fuzzy Hash: 733af1ef68718e5500bb3956b1e9b8610809b174f4e04cf1b24082408378e199
Instruction Fuzzy Hash: 3A11E4B5C002499FDB10CF99D545BEEBBF4EB08320F14852AE969B7250C378A555CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134645C, Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0134899B), ref: 01348BCE

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 17887f00f719c1a64924625d56aa29f5b945cb1922a9ddffea8f25a098086b1c
Instruction ID: 4a50f74da8e8477bcfafcb50f610f07fa55940cd9e36a2be9b3dc0cd62894d39
Opcode Fuzzy Hash: 17887f00f719c1a64924625d56aa29f5b945cb1922a9ddffea8f25a098086b1c
Instruction Fuzzy Hash: DC11F0B5C006498FDB10CF9AC444BDEFBF4AF48228F14856AD569B7600D375A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0134D534, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0134F4C8,?,?,?,?), ref: 0134F53D

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 0059cc5d6eae3cb4dcae876df16a5b80bd268928d29d72cfec5a92af585842d2
Instruction ID: a1dabe4cbe5a39a1fab8797c0cf6853429f9429ee8ec95c4fa6486138896e66a
Opcode Fuzzy Hash: 0059cc5d6eae3cb4dcae876df16a5b80bd268928d29d72cfec5a92af585842d2
Instruction Fuzzy Hash: D511F2B58002489FDB20CF99D485BEEBBF8EB48328F14855AE959B7700C375A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 061ABC28, Relevance: 1.5, APIs: 1, Instructions: 46
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,061ACBBF), ref: 061AD65D

Memory Dump Source

Source File: 00000006.00000002.487848176.00000000061A0000.00000040.00000001.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_61a0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 3fd671ed30a797efabc88f080ead1bd76d447f147b7af91b9a7fae637ae49d28
Instruction ID: 4b9ad44f7b59828b7760ddf99805b53e150ac73bf9df2eb5f18923e61e83d3fa
Opcode Fuzzy Hash: 3fd671ed30a797efabc88f080ead1bd76d447f147b7af91b9a7fae637ae49d28
Instruction Fuzzy Hash: 8311DFB5C046889FDB20CF9AD844BDEBBF4AB48224F10852AD429B7700D374A554CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 061AD5F8, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,061ACBBF), ref: 061AD65D

Memory Dump Source

Source File: 00000006.00000002.487848176.00000000061A0000.00000040.00000001.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_61a0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: d29a934b83314d76d95975314a4adda9fdb1b7057d9cae78581681d1a9b01883
Instruction ID: 8be318347337a72210ca3eb90f36093433f3bf0d3df87e720a5ee3a131d26a7b
Opcode Fuzzy Hash: d29a934b83314d76d95975314a4adda9fdb1b7057d9cae78581681d1a9b01883
Instruction Fuzzy Hash: 7211E0B5D006888FDB20CF9AD844BDEBBF4AF48324F14852AD469B7700D379A554CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0134F4D9, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0134F4C8,?,?,?,?), ref: 0134F53D

Memory Dump Source

Source File: 00000006.00000002.480550030.0000000001340000.00000040.00000001.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1340000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 3c1b5be3ae50ac695ff20ec66f75e965753912bcb15c0de1b2ac083323df85ad
Instruction ID: c47c4d9b754fd32502cd0ce58a327e8a1508532d1606dbf1f5fa6794505dff3e
Opcode Fuzzy Hash: 3c1b5be3ae50ac695ff20ec66f75e965753912bcb15c0de1b2ac083323df85ad
Instruction Fuzzy Hash: DC11F2B5800248CFDB10CF99D585BEEBBF8EB48324F14895AD958B7300C375AA54CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2630, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e2af7ab76000c5653189ac2c23148376c8b37e43d62e8a0986b0581c206329
Instruction ID: a8d2de6906bb527616216571cf23736a210593f051442136ece74b193b23700c
Opcode Fuzzy Hash: 42e2af7ab76000c5653189ac2c23148376c8b37e43d62e8a0986b0581c206329
Instruction Fuzzy Hash: F041A235B201108FDB48ABB9C4586ADBBE3AFC8724F184469E106DB3B4DFB49D418B61

Uniqueness

Uniqueness Score: -1.00%

Function 06FF21C8, Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c567a915834fdc381725bf5e10b6b2dd03b42e97443d0f23142250db3a630136
Instruction ID: fda045f3f72da524400a006d659618078b151888125dbce11aa37fb7d618e2b2
Opcode Fuzzy Hash: c567a915834fdc381725bf5e10b6b2dd03b42e97443d0f23142250db3a630136
Instruction Fuzzy Hash: E1416370F202058FEB54DB95C495BEDB7F2EF88324F248069D545AB3A0CBB5AD81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2828, Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d276b6224ac6f0cacd3bd2b12fcf2ebe13724fbd55c2efa0be2f326409aeda3
Instruction ID: 835f561fc4b80bf0eeb7c408af5dba614c30382f4ac51617e9a1bf1d9ebf6722
Opcode Fuzzy Hash: 9d276b6224ac6f0cacd3bd2b12fcf2ebe13724fbd55c2efa0be2f326409aeda3
Instruction Fuzzy Hash: 1F411575E102059FDB54CFA9D880ADEB7F5FF88210B14856AEA15E7360EB71E940CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06FF12B0, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b59d8d5e1fff01dba8a0a537bb101e5262e38150cf2c26443878da3a4b6c3543
Instruction ID: d6f6450c5e4f961cb72b03c68db3d851c3a80ae4b7d2260e79f1a9360a5ccd5c
Opcode Fuzzy Hash: b59d8d5e1fff01dba8a0a537bb101e5262e38150cf2c26443878da3a4b6c3543
Instruction Fuzzy Hash: 5C314C35A183408FC712DF74C8589DBBFEAAF9211870A84F9D159CB761DF359809CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 06FF13BC, Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44364b993ac00a1ec701e8429da58abaab376df5635bccd6b7f7916d5c06f3d5
Instruction ID: 397cb5daff2363ce00cc43cc634072925444cbdbb715ff8dbca908d0b5f82098
Opcode Fuzzy Hash: 44364b993ac00a1ec701e8429da58abaab376df5635bccd6b7f7916d5c06f3d5
Instruction Fuzzy Hash: F041F0B1D00248DFDB20CFE9C984ADEBBB5BF49318F24852AD508BB250D7756A49CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06FF13C8, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a85232d49e98fa2f016577289ed93d54de1ba9aac7cb4028e1834c0f68b169f2
Instruction ID: 021ee0d2371e8bb9bc05a7e9e249ab98f688bb0e25aab7b334de2cf047a69cea
Opcode Fuzzy Hash: a85232d49e98fa2f016577289ed93d54de1ba9aac7cb4028e1834c0f68b169f2
Instruction Fuzzy Hash: 0C41EFB1D00208DBDB20CFE9C984ADEBBB5BF49314F24852AD509BB250D7756A4ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 06FF1050, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a61371b3a0e2bbe040dc5ea0d08e1ca48310aa2afaf52b701582dbd07d1c125
Instruction ID: f7d907c6206c70e7df25feaf8bd76c0819c415d6276d6ae46eb6f42b4ac7438f
Opcode Fuzzy Hash: 9a61371b3a0e2bbe040dc5ea0d08e1ca48310aa2afaf52b701582dbd07d1c125
Instruction Fuzzy Hash: 9F31A230A20219CFCB64EFB9C455AEEB7F6BF84604F004969D51AAB364DB71DD04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06FF1046, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c61ef6901cb357fe2151ab9a6a8e0439725168099bbbbca47b6c62fcdc49546
Instruction ID: 0cda148d482e1c75825a0f2c5c5edc2006e27ffa70bac35add1728efc6938125
Opcode Fuzzy Hash: 6c61ef6901cb357fe2151ab9a6a8e0439725168099bbbbca47b6c62fcdc49546
Instruction Fuzzy Hash: 2A21A534A202448FCB64EFB5C855AEEBBF5AF45604F004968D515AB364EB71DC04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0116D4A0, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.478672672.000000000116D000.00000040.00000001.sdmp, Offset: 0116D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_116d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a718c62525688a802324aa53215eeca41d66165464a8c28d1ef8265db5791ce8
Instruction ID: 74dc017fad3dfdebc3b4a2c2d5b3ca593b51deca96bb23c1fec57ea04265b1b8
Opcode Fuzzy Hash: a718c62525688a802324aa53215eeca41d66165464a8c28d1ef8265db5791ce8
Instruction Fuzzy Hash: D8212B71604240DFDF19CF94E5C0B6ABF79FB84328F248569D9454B606C337D865CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0117D2E4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.478872931.000000000117D000.00000040.00000001.sdmp, Offset: 0117D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_117d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a19d6f5afe3e8ad4d2e1457771470eaf55aedac5a9a04e7a0ae874773f4deee
Instruction ID: f7c8152a0a13c9aa9f424b27086f2f80eae4963bb6a7ec908506c1b429f1e2f6
Opcode Fuzzy Hash: 0a19d6f5afe3e8ad4d2e1457771470eaf55aedac5a9a04e7a0ae874773f4deee
Instruction Fuzzy Hash: A52129B1508248DFDF09CF94E5C0B2ABB75FF84324F24C969D8094B346C336D446CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0117D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.478872931.000000000117D000.00000040.00000001.sdmp, Offset: 0117D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_117d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0eddcb67e608caf568f2d1f9d9cdb6ea47c1908fc30b70c67922ae694f73fcd
Instruction ID: 6761cf683fd10663ff13ebb3c443e8ce1a8dbd9ac610d07f71b7a75df7b35a06
Opcode Fuzzy Hash: a0eddcb67e608caf568f2d1f9d9cdb6ea47c1908fc30b70c67922ae694f73fcd
Instruction Fuzzy Hash: 6A212275504248DFCF1ACFA4E9C0B2ABB75FF88364F24C969D8094B346C336D856CA62

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2623, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63074500ff285644127add1ad51a79f0a8c60f257fe0cfc24fa9f6b959bf75a1
Instruction ID: 48031a5b1aa6130d89c19d91d02d5e305624605af8b6f7e0bd979f001ab75549
Opcode Fuzzy Hash: 63074500ff285644127add1ad51a79f0a8c60f257fe0cfc24fa9f6b959bf75a1
Instruction Fuzzy Hash: 1F112935B201144BDB446BB9C8586ED7BE7EF89310F440469E606D73E0DEF49D0587A1

Uniqueness

Uniqueness Score: -1.00%

Function 0117D006, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.478872931.000000000117D000.00000040.00000001.sdmp, Offset: 0117D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_117d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6a4fb3c90a33016fab33629b60cfdcfc60ae0c33fe3e1b636ef7be522a359a
Instruction ID: 553a97a037b8bdc1367820cb7286964af34faccfc8bcff72d565cb5853e6ad9c
Opcode Fuzzy Hash: 3e6a4fb3c90a33016fab33629b60cfdcfc60ae0c33fe3e1b636ef7be522a359a
Instruction Fuzzy Hash: 6B21CF354083848FCB07CF24D990B05BF71EF46214F28C1EAC8488F2A7C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0116D49B, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.478672672.000000000116D000.00000040.00000001.sdmp, Offset: 0116D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_116d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c7dd6b9201007781b88665aede95e17c7777dad59c38b1153ba7676d8db9d8
Instruction ID: 8c58c2cf9ceb309fa3b643c436d58a7d77116c2d07ea0d23a91a11fd8d1dde19
Opcode Fuzzy Hash: 75c7dd6b9201007781b88665aede95e17c7777dad59c38b1153ba7676d8db9d8
Instruction Fuzzy Hash: 3F11E176504280CFCF16CF44D5C0B16BF71FB84324F2482A9D9454B617C336D46ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 06FF27E0, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1141a85eebebb1e74e9d43107ddcef973069ae85e7f1a0fa542f8dc64b2dee
Instruction ID: b0ac853503353414ac9d9d21c9048bff70ad0c263c5f3e4f90bd6dd5f07f3b13
Opcode Fuzzy Hash: 5c1141a85eebebb1e74e9d43107ddcef973069ae85e7f1a0fa542f8dc64b2dee
Instruction Fuzzy Hash: 7E01D473A1D3D85FC713466498682C57F78AF67220B5A00EBD9D0D72E6E6205A0DC3A2

Uniqueness

Uniqueness Score: -1.00%

Function 0117D2DF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.478872931.000000000117D000.00000040.00000001.sdmp, Offset: 0117D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_117d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e326f80d702fa4eb37364846c3ef396a818da159fb4df6eedd1691dce976162
Instruction ID: 193d10ee6d25b074e03d7fe33c8681c541ae6cc353659d6e11989c91f93e2ade
Opcode Fuzzy Hash: 9e326f80d702fa4eb37364846c3ef396a818da159fb4df6eedd1691dce976162
Instruction Fuzzy Hash: 791193B5508284DFDB16CF14E5C4B19FB71FB84224F24C6A9D8484B746C33AD456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2968, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68210799c73e6c41d11cf91296b860978b687dcf140bae50f236736fde2e0e60
Instruction ID: c260778f4cb11661ac3ce88cf35de4149b841f676bb656cd60ffab13fe13c83e
Opcode Fuzzy Hash: 68210799c73e6c41d11cf91296b860978b687dcf140bae50f236736fde2e0e60
Instruction Fuzzy Hash: 1FF01C327201145BC7149AAEE4049AAB799EBD47727048037F605CB224DA72DC52D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2AB4, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a16cdfbdd17166bdfd05ec236cd6b8942dee91edd77bfc081db7a533cf010aa
Instruction ID: dec9f20ed8e59c3567769e8194aad0194293f5de485bd77b6c8a0e361e1734ab
Opcode Fuzzy Hash: 1a16cdfbdd17166bdfd05ec236cd6b8942dee91edd77bfc081db7a533cf010aa
Instruction Fuzzy Hash: 97F05566B240A08FE3261BBA64201BD3FC9CED3111308008BD645CB2F2DA05C603E351

Uniqueness

Uniqueness Score: -1.00%

Function 06FF329A, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3824e5e15da5fc3d8f4f7f3a2185f0d3fd71743c05bbbc6bc4d09fe797e9e78f
Instruction ID: 191bb94bd5759314169069a8912a0ffaac08924e1cb710e1878125a0c7d4db40
Opcode Fuzzy Hash: 3824e5e15da5fc3d8f4f7f3a2185f0d3fd71743c05bbbc6bc4d09fe797e9e78f
Instruction Fuzzy Hash: 00E09A327501100BC684976EA844AAA77D98FC6761F1940B6EA08CB6B2C952EC0282E0

Uniqueness

Uniqueness Score: -1.00%

Function 06FF32E0, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e08f9f85e1c8a79a7b7164bc9e01d3a42c126e4ebe99fb9306daa775cb68620
Instruction ID: 72f3ce6f8032c3d089717cfee650875dd0f4a0f558dfd02b92f21f075f40d8a1
Opcode Fuzzy Hash: 8e08f9f85e1c8a79a7b7164bc9e01d3a42c126e4ebe99fb9306daa775cb68620
Instruction Fuzzy Hash: C7E0ED367101108BD714DB6EF454EAAB7E9EFC5625B1980BAE209CB731CE61EC0287A0

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2A68, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e681cedaa66acd7ae4e1ab03194438901f59d04861f2dddbfcf7c03cac60096
Instruction ID: 97989ce5cd0750b6f35ba2ca4702ecc66f4424285b361fac887a2198dd6d062e
Opcode Fuzzy Hash: 7e681cedaa66acd7ae4e1ab03194438901f59d04861f2dddbfcf7c03cac60096
Instruction Fuzzy Hash: 55E0D831B204248796282799B0181FE77DEDFC9675704443AF60EC7240DE658806C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 06FF32A0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3962b34d016964161ad06dfa7407ef9b91afe9edb334c52638b05417067a8dfb
Instruction ID: 80d566c1b36697881f1da3a1775318cd61a562c0bdc5b82f873235b5f887334b
Opcode Fuzzy Hash: 3962b34d016964161ad06dfa7407ef9b91afe9edb334c52638b05417067a8dfb
Instruction Fuzzy Hash: 19E0B6367504148FC7089B6EE444D9AB7EEEFD9A7671940BBE209CB331CAA1DC4187E0

Uniqueness

Uniqueness Score: -1.00%

Function 06FF1258, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b3b80de8d2ea458ba105608c2eb00d76e13b7c23342a775d7f407c53c1132a8
Instruction ID: 530fba69907cb94304781a1142092b1287f1c94d2cb8fc3a1bac06e2bd34a9fb
Opcode Fuzzy Hash: 5b3b80de8d2ea458ba105608c2eb00d76e13b7c23342a775d7f407c53c1132a8
Instruction Fuzzy Hash: F4F0A070505348EFC702DBB0E8518DD7FB5EB0610471240D6D808D7751DA751E509BA2

Uniqueness

Uniqueness Score: -1.00%

Function 06FF2A58, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f90dec001d0fbd1d3e6ec55b70997520860095351eaceecfc4df2068f136de4
Instruction ID: 2285f8fd9b3d342864553d5b0df362ebae83482b42d37961a35e3ca4e8014bb2
Opcode Fuzzy Hash: 0f90dec001d0fbd1d3e6ec55b70997520860095351eaceecfc4df2068f136de4
Instruction Fuzzy Hash: F0E02635B1006187C30A2B88A5057BA378ECFC812570800BBE508CB283DE2088028392

Uniqueness

Uniqueness Score: -1.00%

Function 06FF1268, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.488079633.0000000006FF0000.00000040.00000001.sdmp, Offset: 06FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6ff0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cc7d0e7f34e63efbcdd8fdaf9ca189efcf5b7da9574356e54decc73d0023df9
Instruction ID: 4d275aa19451aa00efcc412c9e78eff8fc59c54bd2ccdab7642f88ac7b12c366
Opcode Fuzzy Hash: 7cc7d0e7f34e63efbcdd8fdaf9ca189efcf5b7da9574356e54decc73d0023df9
Instruction Fuzzy Hash: 81E08C70A10209FF8B00EFF5E9558ADB7FAEB4821471085A9D808D7710DBB26E90DB96

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 3340 Parent PID: 3388 NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exeCOMMON

Execution Graph

Execution Coverage:	9.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	97
Total number of Limit Nodes:	5

Executed Functions

Function 0164B718, Relevance: 6.1, APIs: 4, Instructions: 126
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0164B788
GetCurrentThread.KERNEL32 ref: 0164B7C5
GetCurrentProcess.KERNEL32 ref: 0164B802
GetCurrentThreadId.KERNEL32 ref: 0164B85B

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8840d0c465c623d7976279c3541acedd057465aa672b8f47d9e646b23da8844f
Instruction ID: 72b6704fa83c5e0e6a92bf9576826169410a3a8498fae8f7fddd2a9d07ce2dfd
Opcode Fuzzy Hash: 8840d0c465c623d7976279c3541acedd057465aa672b8f47d9e646b23da8844f
Instruction Fuzzy Hash: 015144B09006498FDB14CFA9D988BEEBBF5EF48314F248869E009A7361D7749844CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0164B728, Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0164B788
GetCurrentThread.KERNEL32 ref: 0164B7C5
GetCurrentProcess.KERNEL32 ref: 0164B802
GetCurrentThreadId.KERNEL32 ref: 0164B85B

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: ed17ec0e32a464b7762d5d70d695c9cd98cbe462d9c857ae89fb630ca89080d0
Instruction ID: 1bf18c3e7de5509334fc46b8a4eb944f119c5b48eae5bcd17799afe5ab5fd512
Opcode Fuzzy Hash: ed17ec0e32a464b7762d5d70d695c9cd98cbe462d9c857ae89fb630ca89080d0
Instruction Fuzzy Hash: D85144B09006488FDB14CFAAD988BEEBFF5EF48314F248869E409A7350D7749844CF65

Uniqueness

Uniqueness Score: -1.00%

Function 01649430, Relevance: 1.7, APIs: 1, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 01649676

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 8fa3906d4f8bca3e8ee4a136358b8335ae8a94835a70b3bb564381af7b23b7a4
Instruction ID: 9dc7d54b62d759b9332b9ae0a25291364b4203097ca8e9150b00d095a3abf9cd
Opcode Fuzzy Hash: 8fa3906d4f8bca3e8ee4a136358b8335ae8a94835a70b3bb564381af7b23b7a4
Instruction Fuzzy Hash: B5711470A00B058FDB64DF6AD48079BBBF5BF88318F10892DD58ADBB40E774E8058B91

Uniqueness

Uniqueness Score: -1.00%

Function 0164FD8C, Relevance: 1.6, APIs: 1, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0164FEAA

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 7b90c43da6f30606bc8a888fa66ec52ed9549f47167ded785f4b510ee09da7eb
Instruction ID: 7f6aa9892b5229b1619789cd947c8df2e8e1976e463759755d96e8e1e8fbea47
Opcode Fuzzy Hash: 7b90c43da6f30606bc8a888fa66ec52ed9549f47167ded785f4b510ee09da7eb
Instruction Fuzzy Hash: 2751BEB1D10348AFDF14CF9AD884ADEBFB1BF48310F24852AE819AB251D7759845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0164FD98, Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0164FEAA

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 7d8f56417a4f6b01a743f190d55c8e6230d9d2ba41897ffc3e34df09e78c3ce1
Instruction ID: 1004f8d6da19609b335fe129b4af4fa3898fe8b6b1f618a2195a9bfa8513753e
Opcode Fuzzy Hash: 7d8f56417a4f6b01a743f190d55c8e6230d9d2ba41897ffc3e34df09e78c3ce1
Instruction Fuzzy Hash: DA41CEB1D10348AFDB14CF9AD884ADEBFB5BF48314F24852AE819AB251D7749845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01645365, Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01645421

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 35db35caa9a4f3a89737dcc5d178e78aa84e3dbb5d8d15d8569b20bdde0edc36
Instruction ID: d7ba167661f45aedab953d6bc0d41d14791155bdce0e6f6669e53f23d28b34b5
Opcode Fuzzy Hash: 35db35caa9a4f3a89737dcc5d178e78aa84e3dbb5d8d15d8569b20bdde0edc36
Instruction Fuzzy Hash: 5F410F71D00218CFDB24CFA9D984BDEBBB5BF48309F24846AD419BB251E7715946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01643E20, Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01645421

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 42177d442561842ea73f1e8cc21b0e4e3dec4b5a5afc98ef4fd007470796d788
Instruction ID: 51ade7ecc4dd8062bf9afb5c59f15bea9492b9d2823507beef289c91a39497a3
Opcode Fuzzy Hash: 42177d442561842ea73f1e8cc21b0e4e3dec4b5a5afc98ef4fd007470796d788
Instruction Fuzzy Hash: 7D41E071D00618CFDB24DFAAC884BDEBBB5BF48308F248469D419BB251DBB56946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01647EB8, Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a41412907b4a8ca85d8b13ff1643290a06f9078033f9f0f8ed90292eb3e98e2
Instruction ID: 779ca8fb3d834764f8eca875d9a98930db113f88bd527b4bd0d183f557abbc98
Opcode Fuzzy Hash: 9a41412907b4a8ca85d8b13ff1643290a06f9078033f9f0f8ed90292eb3e98e2
Instruction Fuzzy Hash: 9B3104719043858FDB21CFADE9443EA7FF4EB46325F08449ED449A3786C3389948CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0164B948, Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164B9D7

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 13d2a39f8196414a4b45526494ed81296b2337959dd91fbd9fe929466b1741e2
Instruction ID: ee2f0a5b052a18c7c79bc66ec3a249ea0114327c6870c67081640073510fcf46
Opcode Fuzzy Hash: 13d2a39f8196414a4b45526494ed81296b2337959dd91fbd9fe929466b1741e2
Instruction Fuzzy Hash: 5A21D4B5D002489FDB10CF99D984ADEBBF5EB49324F14841AE915B3310D3749954DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0164B950, Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164B9D7

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2fd62236dad9f20da773c17c033669f5b7aa387f57bb8f7f2f9fae2a150bcab4
Instruction ID: cb08e4a97be16c2a6c4d4e94cf85d51e26679ec468ef94c0a6b3ed03b4f8e4ef
Opcode Fuzzy Hash: 2fd62236dad9f20da773c17c033669f5b7aa387f57bb8f7f2f9fae2a150bcab4
Instruction Fuzzy Hash: F621C2B5D002489FDB10CFAAD984ADEBFF8FB48324F14841AE915A3350D374A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01649893, Relevance: 1.6, APIs: 1, Instructions: 59
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016496F1,00000800,00000000,00000000), ref: 01649902

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 16cd0879f99a9f70940ced9bd10cc0d88a6982289076c7b1b539f770655de9b5
Instruction ID: 5c541c6f02dcc37fcd0d989898f7f9b3b85ad4c0172d3e3bec9b5174554f1da0
Opcode Fuzzy Hash: 16cd0879f99a9f70940ced9bd10cc0d88a6982289076c7b1b539f770655de9b5
Instruction Fuzzy Hash: 2E2115B6D002498FDB10CFA9D844ADEBBF4AB48364F14882ED515A7300C7749545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01648EC8, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016496F1,00000800,00000000,00000000), ref: 01649902

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 878ec457137291a4397181119e7bc981167471012bd704466ae6f7af8b57e7c5
Instruction ID: db61920357f59133095625db80fcbe54f799cc8690441c4fd0c5f1598872205d
Opcode Fuzzy Hash: 878ec457137291a4397181119e7bc981167471012bd704466ae6f7af8b57e7c5
Instruction Fuzzy Hash: BD11D3B6D002499FDB10CF9AD844AEFBBF8EB49324F14882AD519A7700D375A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01649610, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 01649676

Memory Dump Source

Source File: 00000007.00000002.257424278.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1640000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: c4eec496e5e8310e2abf519c66dc666ddb404545a2efcbc1a103a235b10e1b76
Instruction ID: 2c339da64bf4c297bc7d8bfeb72d8be70ed12d7d37b60a08d662bcb01f83daec
Opcode Fuzzy Hash: c4eec496e5e8310e2abf519c66dc666ddb404545a2efcbc1a103a235b10e1b76
Instruction Fuzzy Hash: 1D11CDB6C006598FDB10CF9AD844ADEBBF4AB89324F14892AD429B7600D379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0156D4C4, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257302182.000000000156D000.00000040.00000001.sdmp, Offset: 0156D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_156d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccedaab2d2804f7ac5ce34cec2104da9ac14667184cddee9f75c36a48954bcb3
Instruction ID: 24428e490aad55ef5f9e5179d8c866db030e2f7697586ea5a3c381eb19b00fd1
Opcode Fuzzy Hash: ccedaab2d2804f7ac5ce34cec2104da9ac14667184cddee9f75c36a48954bcb3
Instruction Fuzzy Hash: 1021F171600240DFDB05DF94D9C0B6ABFB9FB98328F248D69E8850F606C336D856CAE1

Uniqueness

Uniqueness Score: -1.00%

Function 0157D1D4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257318893.000000000157D000.00000040.00000001.sdmp, Offset: 0157D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_157d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3caa4f6b66faf44f457b6a5b38098aaea4fe309448e359967dfc9dcf72bd11dc
Instruction ID: 7ec88168f1139998aec04d292c7f51cc6f7fc5a2c472fed3da243731a2bf3c92
Opcode Fuzzy Hash: 3caa4f6b66faf44f457b6a5b38098aaea4fe309448e359967dfc9dcf72bd11dc
Instruction Fuzzy Hash: BA21F571504240EFDB05DF94E5C1B2ABBB5FF84324F24C969D8494F246C336D856CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0157D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257318893.000000000157D000.00000040.00000001.sdmp, Offset: 0157D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_157d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b93598aa84d313d101ea1800004a7c9f394058e2d52796144960feb9b362e7dc
Instruction ID: f0d1cfc070b7aca75af61d83cbfa03cb6b295e3cd15f7cf7bd132b2c5d7f359f
Opcode Fuzzy Hash: b93598aa84d313d101ea1800004a7c9f394058e2d52796144960feb9b362e7dc
Instruction Fuzzy Hash: 16210075504240DFCB16CFA4E9C5B2ABBB5FF88364F24C969D8094F246D33AD816CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0157D006, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257318893.000000000157D000.00000040.00000001.sdmp, Offset: 0157D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_157d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ecd3640f9dd7f025fccf5be5162cc82550d46c22920e015431b84db7f9d32f5
Instruction ID: bf0971a5f2ee88e0b7be28ca87ac1f3ec8e2a6b511aae88454c0706e3e577707
Opcode Fuzzy Hash: 4ecd3640f9dd7f025fccf5be5162cc82550d46c22920e015431b84db7f9d32f5
Instruction Fuzzy Hash: E5216A755093808FCB03CF24D990B15BF71AF46214F28C5EAD8498F6A7D33A981ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0156D4BF, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257302182.000000000156D000.00000040.00000001.sdmp, Offset: 0156D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_156d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c7dd6b9201007781b88665aede95e17c7777dad59c38b1153ba7676d8db9d8
Instruction ID: 72ae0a7808743b86c18b28364626bd7e3bdab3d6196fe4c231038ad57d191d58
Opcode Fuzzy Hash: 75c7dd6b9201007781b88665aede95e17c7777dad59c38b1153ba7676d8db9d8
Instruction Fuzzy Hash: 0811B176504280DFCB12CF54D5C4B1ABF71FB94324F28C6A9D8450F656C33AD45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0157D1CF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257318893.000000000157D000.00000040.00000001.sdmp, Offset: 0157D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_157d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c056a6ee624d63360488b620c54c5e8945762453296ea1dc3b173469bbb61b0d
Instruction ID: 9f79ba93f4292b3183803f7e9d9f844b2fa9b6f6f744a984dd1a3aa2811a5005
Opcode Fuzzy Hash: c056a6ee624d63360488b620c54c5e8945762453296ea1dc3b173469bbb61b0d
Instruction Fuzzy Hash: 7E117975504280DFDB12CF54D5C4B19BBB1FF84224F28C6A9D8494B656C33AD45ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0156D745, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257302182.000000000156D000.00000040.00000001.sdmp, Offset: 0156D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_156d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0422d5dc169de52c3c2731c0aa768059a361a333ea08707872f41ab87dec6e8
Instruction ID: ba09193b7a3ef82f1697bed5a84d52d4fc2efefd5e3b8a339375726ef6d6df0e
Opcode Fuzzy Hash: f0422d5dc169de52c3c2731c0aa768059a361a333ea08707872f41ab87dec6e8
Instruction Fuzzy Hash: B701D4325042C09AE7114EA6D984B6ABFECEF41264F188D2AE9441F242D77D9840CAF2

Uniqueness

Uniqueness Score: -1.00%

Function 0156D744, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.257302182.000000000156D000.00000040.00000001.sdmp, Offset: 0156D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_156d000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a840686d8665547084b1559749ec84c91c1796280db44cb5d0a267578fe3e082
Instruction ID: 7a89420370234ad40f814844aab9dafeb630dc7fc1e4c4805c966be28f473118
Opcode Fuzzy Hash: a840686d8665547084b1559749ec84c91c1796280db44cb5d0a267578fe3e082
Instruction Fuzzy Hash: D2F0C272404284AAEB108E5ADC84B66FFACEB41374F18C85AED485F287D3799844CBB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 1384 Parent PID: 3340 NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exeCOMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	162
Total number of Limit Nodes:	9

Executed Functions

Function 00FDF140, Relevance: 1.8, APIs: 1, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00FDF3AA

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: d2037391bf9a1baed95536060bcd8de33030d080501e0f6f82f36918c53e6b71
Instruction ID: 56c8f89d4f635c3223f84c96deee96459d19be523d8b746c4580ffc458399584
Opcode Fuzzy Hash: d2037391bf9a1baed95536060bcd8de33030d080501e0f6f82f36918c53e6b71
Instruction Fuzzy Hash: 22917A718093899FCB06CFA5C8909CDBFB5FF0A314F1A81ABE444EB262D3349959CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00FD8988, Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00FD8BCE

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d97c13301fea407b435ac940225d6c75e44b8f4fe989beb6257c0844c7eea648
Instruction ID: 135640c9e9ce87f546d2349e0b52a0c6874815f85caddf4f4c00ef9f10b2bb51
Opcode Fuzzy Hash: d97c13301fea407b435ac940225d6c75e44b8f4fe989beb6257c0844c7eea648
Instruction Fuzzy Hash: B0712770A00B059FD724DF6AD45175ABBF6FF88354F04892ED48ADBB40DB35E8068B91

Uniqueness

Uniqueness Score: -1.00%

Function 00FDF28C, Relevance: 1.6, APIs: 1, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00FDF3AA

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 825d71b8af6eecda396bfcd82294cc97ac84dd0b813e656dc1d270dd72b40131
Instruction ID: 3bcfd6094e70c1a46318f7fe657bba5085a9f90af12bfde4eb1c82d258709d75
Opcode Fuzzy Hash: 825d71b8af6eecda396bfcd82294cc97ac84dd0b813e656dc1d270dd72b40131
Instruction Fuzzy Hash: 4651C0B1D00349DFDB14CF99C884ADEBBB6BF48314F25812AE819AB310D7749989CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00FDD4FC, Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00FDF3AA

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: beb4cd723d4fc18d98f6e946e4d6e4e218519d5d890534dfd951fde6d3904397
Instruction ID: 3f87611fd3cf2cad7a28d4190b18f076ab9369353ea78355ee7fa1f7c6d191c2
Opcode Fuzzy Hash: beb4cd723d4fc18d98f6e946e4d6e4e218519d5d890534dfd951fde6d3904397
Instruction Fuzzy Hash: 3151CFB1D103499FDB14CF99C884ADEBBB6BF48314F65862AE819AB310D7749885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05F5D68C, Relevance: 1.6, APIs: 1, Instructions: 88
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,05F5CBBF), ref: 05F5D65D

Memory Dump Source

Source File: 00000008.00000002.487113889.0000000005F50000.00000040.00000001.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5f50000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: b1b3a7b1d101cf8095237f343768179cb2acd4c6b209caeae552bfd6a53e2e87
Instruction ID: dd191d2381f394b9c29e804cb69abf3476cb37ffa22fc2b2dae48166c5537241
Opcode Fuzzy Hash: b1b3a7b1d101cf8095237f343768179cb2acd4c6b209caeae552bfd6a53e2e87
Instruction Fuzzy Hash: 1A318974A052488FCB04CFA9D884AEDBBF5BF49324F008599D905E7361C738AA45CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00FD8F88, Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00FDAF5E,?,?,?,?,?), ref: 00FDB01F

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f9ca6fc6ddafeea112fa9ecd2fdee673b9d30f7f805fea6fec04af9b758db044
Instruction ID: d2c8e2ed4625935bf5d9c87b1fba6a24d41cbd9efa8acd11ca261c0f656397d0
Opcode Fuzzy Hash: f9ca6fc6ddafeea112fa9ecd2fdee673b9d30f7f805fea6fec04af9b758db044
Instruction Fuzzy Hash: DA21E3B5D002489FDB10CF99D888AEEBFF9EB48324F14845AE914B3311D374A954DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00FDAF91, Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00FDAF5E,?,?,?,?,?), ref: 00FDB01F

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: bf8c5c0975812cd0f8af6435b9a341be6688eb0b4584c0e67f15e663b034152e
Instruction ID: 9bab23959afe2a3070e533ebd3c7fbd4a49692b5fb6fda7d9490b6791933b193
Opcode Fuzzy Hash: bf8c5c0975812cd0f8af6435b9a341be6688eb0b4584c0e67f15e663b034152e
Instruction Fuzzy Hash: B521E0B5D00249DFDB10CFA9D584AEEBBF9FB48324F14842AE914A3350D378A954CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00FD8C00, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00FD9049,00000800,00000000,00000000), ref: 00FD925A

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 90aa110550f185a8d94504b842cdfcb803b0f9249a0779b6f60c575d0f255630
Instruction ID: febaf4b99cc7013b50010bd969105c47b7145e467105a549d1c7fedf08502830
Opcode Fuzzy Hash: 90aa110550f185a8d94504b842cdfcb803b0f9249a0779b6f60c575d0f255630
Instruction Fuzzy Hash: 051133B6D002499FDB10DFDAC444BDEBBF4AB48324F14842AE419B7300C3B4A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00FD91E9, Relevance: 1.6, APIs: 1, Instructions: 53
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00FD9049,00000800,00000000,00000000), ref: 00FD925A

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bc32af8c66c7c598581eff3ec480c16ad1a1e5a5866c82ef9eb362c8e0035708
Instruction ID: 4001e0108e2cf11ef260d295844d673e579d307299cb80577fe293668d5ced21
Opcode Fuzzy Hash: bc32af8c66c7c598581eff3ec480c16ad1a1e5a5866c82ef9eb362c8e0035708
Instruction Fuzzy Hash: 3311C2B6D002499FDB10CF9AD444ADEBBB5EB49324F14852AD419B7300C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05F52860, Relevance: 1.6, APIs: 1, Instructions: 52
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 05F528C5

Memory Dump Source

Source File: 00000008.00000002.487113889.0000000005F50000.00000040.00000001.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5f50000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: eff10c9396a5031c3820e55aac6ae52b5fb56e4dc21a049cddecf201d0dbb265
Instruction ID: b666c1ead4f8cd008529c9840a03233feaa523e40b17e4472fa03bfa1aba08ef
Opcode Fuzzy Hash: eff10c9396a5031c3820e55aac6ae52b5fb56e4dc21a049cddecf201d0dbb265
Instruction Fuzzy Hash: 8C1116B58007499FDB10CF99C889BEEBFF8EB48324F14841AE914B3610C378A594CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05F52868, Relevance: 1.5, APIs: 1, Instructions: 48
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 05F528C5

Memory Dump Source

Source File: 00000008.00000002.487113889.0000000005F50000.00000040.00000001.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5f50000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b7a66c186247826d1695a7d9cf3e342dbb3a142fb6d45f5ed04d1cbe29138c5b
Instruction ID: 45cb7dbcf2c35045e0a357e39de415961039d45e17e3fcb93983c6ed8018d2ac
Opcode Fuzzy Hash: b7a66c186247826d1695a7d9cf3e342dbb3a142fb6d45f5ed04d1cbe29138c5b
Instruction Fuzzy Hash: 6F11F5B58003499FDB10CF99C845BEEBBF8EB49324F14842AE954A3640D378A594CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FD8B68, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00FD8BCE

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 5f44f2b75fb85b8c7e08c54b2167d2f72b6be143dac25cdac1ff434491f689e3
Instruction ID: e05f5e0806518dc91cea90f540f072b09bf611f15c96c08d61722fd6d6c40b13
Opcode Fuzzy Hash: 5f44f2b75fb85b8c7e08c54b2167d2f72b6be143dac25cdac1ff434491f689e3
Instruction Fuzzy Hash: 33110FB5C006498FCB10CF9AC444BDEFBF4AB88324F14842AD459A7300C779A546CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FDF4D9, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowLongW.USER32(?,?,?,?,?,?,?,?,00FDF4C8,?,?,?,?), ref: 00FDF53D

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 8e0ca9ce72cea19eaa5f8e8c44a74e3537711deede2aebb48142c447e2dbbbe0
Instruction ID: 33934f6c0f033aa6af33f02bc97f45693815a79d99188c771c7dbb77a8dc6f20
Opcode Fuzzy Hash: 8e0ca9ce72cea19eaa5f8e8c44a74e3537711deede2aebb48142c447e2dbbbe0
Instruction Fuzzy Hash: DA1103B58003499FDB10DF99D484BEEBFF8EB49324F24846AD959A3300C375A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FDD534, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowLongW.USER32(?,?,?,?,?,?,?,?,00FDF4C8,?,?,?,?), ref: 00FDF53D

Memory Dump Source

Source File: 00000008.00000002.481410498.0000000000FD0000.00000040.00000001.sdmp, Offset: 00FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_fd0000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 45cd1d6ab4b4ee9cd7861b9bbcb6f98dca659bfc36aef420ac454180d40cca09
Instruction ID: 1d81b6fa1457dc7a8791ba7f69431be549da0f0960e0515b0df5adb4451f86e8
Opcode Fuzzy Hash: 45cd1d6ab4b4ee9cd7861b9bbcb6f98dca659bfc36aef420ac454180d40cca09
Instruction Fuzzy Hash: AD1118B58003489FDB10DF99D485BDEBBF8EB49324F14841AD915B7300C375A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05F5BC28, Relevance: 1.5, APIs: 1, Instructions: 46
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,05F5CBBF), ref: 05F5D65D

Memory Dump Source

Source File: 00000008.00000002.487113889.0000000005F50000.00000040.00000001.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5f50000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 970cf2fc6eab43769cc336a5a5d498b5281e0ffade43530ffc7cba3dcc21adc5
Instruction ID: d688c5277e5412bb90d1c56facdc66d32e84dff290ce76e971681f64a727aa9c
Opcode Fuzzy Hash: 970cf2fc6eab43769cc336a5a5d498b5281e0ffade43530ffc7cba3dcc21adc5
Instruction Fuzzy Hash: 2A11F2B5C046498FDB10DF9AD844BDEBBF8EB48324F10846AD919B3300D378A645CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05F5D5FA, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,05F5CBBF), ref: 05F5D65D

Memory Dump Source

Source File: 00000008.00000002.487113889.0000000005F50000.00000040.00000001.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5f50000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 0df5c62d16056d7822cd0cf297fb6abed6aae5f2793dad9873c252708c80ea93
Instruction ID: 1eb3b91d3452dbdb9da483d521f99a444adf4a1bf693b32df2e341dbde5c4854
Opcode Fuzzy Hash: 0df5c62d16056d7822cd0cf297fb6abed6aae5f2793dad9873c252708c80ea93
Instruction Fuzzy Hash: 3F11EDB5C006498FCB10DF9AD884BDEBBF4AB48324F14852AD829B3300C378A645CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 060613BC, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61fcac10e305d5f7806d07c4c47948f1b346f3c15b50010e8bbceca83eb189db
Instruction ID: 2d30ab33031eabe6e800328ecd45ec07b1bdbb6b74056168762ee11f387ff963
Opcode Fuzzy Hash: 61fcac10e305d5f7806d07c4c47948f1b346f3c15b50010e8bbceca83eb189db
Instruction Fuzzy Hash: F041E4B1D00208DBDB60CFDAD985ADEBFB5BF48314F24852AE409BB210D7756A45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 060613C8, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86b8651fc8672376c321792b6e85d0bd4c12332466605df5a93b8b817b3faf23
Instruction ID: 746643ff0fb59a9bebed03b2590c38e32189221857a1538438794cd13bc9f046
Opcode Fuzzy Hash: 86b8651fc8672376c321792b6e85d0bd4c12332466605df5a93b8b817b3faf23
Instruction Fuzzy Hash: CE41C2B1D00248DBDB60CFDAC584ADEBFB5BF49314F24852AE409BB210D7756A45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 060612B0, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c9424bc9a22bf21086cf4dac816bf93116ab2d35bc9814f2fe6d755913375a
Instruction ID: 3d560c9ca12161075984152704d0062a16029a2a088ba13f55729444c934bc6c
Opcode Fuzzy Hash: a3c9424bc9a22bf21086cf4dac816bf93116ab2d35bc9814f2fe6d755913375a
Instruction Fuzzy Hash: B02106B5B002048FC710DF79D915AEFBBE6EF84208B048979E506EB750EB71D9068F91

Uniqueness

Uniqueness Score: -1.00%

Function 06061030, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1bfebdbc0857f7e01510387025a631fe22dfc9dbdce2fbc5104acd8fa56f4be
Instruction ID: a8ce4c0eec865856a15a45c6113cfabe7cda27c8c0592d4ac26191199618e1c2
Opcode Fuzzy Hash: e1bfebdbc0857f7e01510387025a631fe22dfc9dbdce2fbc5104acd8fa56f4be
Instruction Fuzzy Hash: E731F371A043448FCB51DF79D955AEEBBF2AF85204B0489A9E046EB351DB719D00CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06061050, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f765bbb484fa3d8e61f780cf06aa5fbc312f7b4ac2360b278ed6b0271b4b0fa
Instruction ID: 442b97e5240690683b5242b582505314d2baa7712fe29478eff70d702e8a22ce
Opcode Fuzzy Hash: 2f765bbb484fa3d8e61f780cf06aa5fbc312f7b4ac2360b278ed6b0271b4b0fa
Instruction Fuzzy Hash: 7331B170A002548FCB54DF79D915AEEBBF2AF88204B008969E10AEB350DB71D904CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD4A0, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.480116608.0000000000CCD000.00000040.00000001.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ccd000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b0042d0795280eda41d822466e8482b92dfdb14296c93c957c01218195633b9
Instruction ID: fce44a2ae59bdda94293ec88615527bdce3cd5b3b769928b72c52276a8babf27
Opcode Fuzzy Hash: 1b0042d0795280eda41d822466e8482b92dfdb14296c93c957c01218195633b9
Instruction Fuzzy Hash: 3C2103B1504240DFDB05CF54D9C0F2ABF65FB98328F24857DE90A0B246C336E955DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CDD01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.480482548.0000000000CDD000.00000040.00000001.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_cdd000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c76039319db36dd5f7984e6778dca88b1a700a5bbece71cc6a0f71bff7cbdb
Instruction ID: d89107e92541cd60fb85875c2e116df6b30e796d7aebc517dc576534d7c3c55b
Opcode Fuzzy Hash: e1c76039319db36dd5f7984e6778dca88b1a700a5bbece71cc6a0f71bff7cbdb
Instruction Fuzzy Hash: F721F575904240DFCB14DF64D9C4B26BB65FBC8314F24C96AD90A4B346C336E856CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00CDD2E4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.480482548.0000000000CDD000.00000040.00000001.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_cdd000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3efc608d8cebb835c9603259d6f1d847e0662c8ae87daaa1177d7c8c6b265fe4
Instruction ID: f137c96f157dc7259b190432880d9d1548a5b6f2d35a06780432cdbbe626b0f2
Opcode Fuzzy Hash: 3efc608d8cebb835c9603259d6f1d847e0662c8ae87daaa1177d7c8c6b265fe4
Instruction Fuzzy Hash: AF2126B1904340EFCB01DF54D9C0B2ABB75FB84324F24C97AD90A4B356C336D846CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CDD005, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.480482548.0000000000CDD000.00000040.00000001.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_cdd000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ce2c782e6653ac7a0075feca08914ba8a2a9ea72f07db187fe01b0dc2bc0057
Instruction ID: ec0c4d9b5d6c1e423f5a1124541ac9dcc61b8b04a11d9935fda3d1fc5eec35ec
Opcode Fuzzy Hash: 0ce2c782e6653ac7a0075feca08914ba8a2a9ea72f07db187fe01b0dc2bc0057
Instruction Fuzzy Hash: CC2180755093C08FCB12CF24D990715BF71EB86314F28C5EBD9498B697C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD49B, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.480116608.0000000000CCD000.00000040.00000001.sdmp, Offset: 00CCD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ccd000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c7dd6b9201007781b88665aede95e17c7777dad59c38b1153ba7676d8db9d8
Instruction ID: d38178cff7942634de4928cbfd4408372fddc830e5dce44120db85a89cea7581
Opcode Fuzzy Hash: 75c7dd6b9201007781b88665aede95e17c7777dad59c38b1153ba7676d8db9d8
Instruction Fuzzy Hash: B611B1B6504280DFCB12CF14D5C4B16BF71FB84324F2486ADD9050B656C336D95ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CDD2DF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.480482548.0000000000CDD000.00000040.00000001.sdmp, Offset: 00CDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_cdd000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e326f80d702fa4eb37364846c3ef396a818da159fb4df6eedd1691dce976162
Instruction ID: 57d9a1c4e14845868ffcf23a6fc52b6b242189b9943694a06ebaa88deaa7263b
Opcode Fuzzy Hash: 9e326f80d702fa4eb37364846c3ef396a818da159fb4df6eedd1691dce976162
Instruction Fuzzy Hash: 6C119D76904280DFCB11CF10D5C4B19FB71FB84324F28C6AAD9494B756C33AD95ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 06061258, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab16a672fdf074373246d69f74e418a39132f038b443636d0eaa7c702baa04f
Instruction ID: 82be39bd3cb53c0407ff7d80cf74d85e71e97406c45609c20c3881b746eecde9
Opcode Fuzzy Hash: eab16a672fdf074373246d69f74e418a39132f038b443636d0eaa7c702baa04f
Instruction Fuzzy Hash: E9E0923A900209BFC700EFA4E982ADDBBB6EB54351F1885A8E804D3754DB35AF11DB55

Uniqueness

Uniqueness Score: -1.00%

Function 06061268, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.487273790.0000000006060000.00000040.00000001.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6060000_NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c09cfcbbca901be28355e6009ad2e620b595dd3363511083912359480c98937
Instruction ID: 27dc744b942d4468ee16d679067cdf16a6cf967422601f2e0b37ebc29e911b3e
Opcode Fuzzy Hash: 8c09cfcbbca901be28355e6009ad2e620b595dd3363511083912359480c98937
Instruction Fuzzy Hash: C3E04F31A0120DEF8700EFB4E54689D77B5EB4421471085A9D80897754DB316E01DB56

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000000.208070213.0000000000132000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.229145555.0000000003987000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000000.00000002.227809380.0000000002812000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000005.00000000.224381103.0000000000292000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.480930274.000000000135A000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.474719464.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.484393883.0000000003101000.00000004.00000001.sdmp	Binary or memory string: m,\\StringFileInfo\\000004B0\\OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000006.00000002.485471590.0000000004109000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000007.00000002.262078548.0000000007660000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000007.00000002.256915374.0000000000F32000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000007.00000002.258073714.0000000003542000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000007.00000002.257540823.0000000001748000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.483532923.0000000002AA1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000002.483532923.0000000002AA1000.00000004.00000001.sdmp	Binary or memory string: m,\\StringFileInfo\\000004B0\\OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000008.00000000.256246750.0000000000592000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000C.00000002.283757688.0000000003667000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000C.00000002.275310346.00000000001D2000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000C.00000002.276366057.00000000024F2000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000D.00000000.273704135.0000000000252000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.474728537.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.474896020.0000000000662000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.482978145.0000000002B21000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000000E.00000002.482978145.0000000002B21000.00000004.00000001.sdmp	Binary or memory string: m,\\StringFileInfo\\000004B0\\OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000010.00000000.283646021.0000000000522000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000010.00000002.298294789.0000000002872000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000010.00000002.302959603.00000000084D0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.483564914.0000000003DE9000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.482622958.0000000002DE1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.482622958.0000000002DE1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 00000019.00000002.482622958.0000000002DE1000.00000004.00000001.sdmp	Binary or memory string: m,\\StringFileInfo\\000004B0\\OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000000.301186031.0000000000632000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.325190490.0000000006C50000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001A.00000002.321351544.0000000002A52000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.485066840.0000000003CD9000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.474773876.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameGet Cliboard Address.exeJ vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.478415216.0000000000F6A000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.483877557.0000000002CD1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe, 0000001E.00000002.483877557.0000000002CD1000.00000004.00000001.sdmp	Binary or memory string: m,\\StringFileInfo\\000004B0\\OriginalFilename vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Binary or memory string: OriginalFilenameInt32ArrayTypeIn.exeL vs NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Source: unknown	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe'
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: unknown	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' ..
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: unknown	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe' ..
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: unknown	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe 'C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe'
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe
Source: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe	Process created: C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe C:\Users\user\Desktop\NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe

Description:	Adversaries may use startup items automatically executed at boot initialization to establish persistence. Startup items execute during the final phase of the boot process and contain shell scripts or other executable files along with configuration information used by the system to determine the execution order for all startup items.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process monitoring
Platforms:	macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.scr

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: NEW COVID-19 Response & Survivors {YOUTUBE INSTRUCTION}.exe PID: 908 Parent PID: 5252

Function 00A69430, Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Function 00A6E1E0, Relevance: 1.6, APIs: 1, Instructions: 130
COMMON

Function 00A6FD8C, Relevance: 1.6, APIs: 1, Instructions: 117
COMMON

Function 00A6E1FC, Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Function 00A65365, Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Function 00A63E20, Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00A6B948, Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Function 00A6AB3C, Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 00A68EC8, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 00A69892, Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 00A69610, Relevance: 1.5, APIs: 1, Instructions: 47
COMMON