31.0.0 Red Diamond
IR
329550
CloudBasic
18:34:42
11/12/2020
0HsPbXmcFf1k.vbs
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
b75cacca388f6233844e2720bc52a9cd
de080d98e0f092175d71f15d78ca92e1665edb53
a5b2a02293e8875977dc822c8b1ca4101c2e378463018a5b6a572be559e3abb4
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F3DA31C8-3C22-11EB-90E4-ECF4BB862DED}.dat
false
0AFDAF65EA81AF0A827F00D650C5DBA2
C4A303EB59B9FCF71C192F93BC630154960E217B
AE3B534BAAB4BB90C12F87D614AFBE8CC95ED36F7D574506C5609A0B2BC07FEE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3DA31CA-3C22-11EB-90E4-ECF4BB862DED}.dat
false
A9DDE7976C9B0CA558798CD4F9E50639
AB934CECEA3D3C69F741043C78D142F98C95500B
59B23A55F1C8BD13827B25A8A5837E8EBA03C3EE0C77364803F29DFE9FA0DF5B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
false
56F5EB7A3AF12B4FA3F725427F6F46A6
14B8E5E62A7695A979D36EB91F6E4A0363EB5A8C
9A3FB4676E82595127D8CF426CBAE3332B5C214B26B0E359290DC7677EE37024
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
false
9161EFFEB55E7A3F431D54C8B4AAD96D
DC09C923029555A4E3C2124193BD22C922481C60
555A05679C10EFFA726251D7B5562DDCB9A61CD7A41E891C6E03D57E2589C8DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
false
BCEF70F9C3999124732DF696B8D3D967
3D39D9FDE599DD2FF259159E115D491BAB676887
5C5E46BD7E4E8BCB453663FB42AA3EF11081DA31F8B50F7566D61F6D026CAEE5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
false
452884E31871DB6DEFD6090B91A2338B
1F7AF7CF08F4DBFADBF306C24B3E5F2512028C49
E4EF2808A22708B5748950A70AE711171EA75E8B8170852DBB62A9CD479649DE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
false
E21FE5C20A90040624DA8A9801354ABB
046FBFF1EB170378BBFCD7E632D17E2F923A70E3
0A9FE499A7387641DDBBB7337BB679D38231C29350AA6F16309B69EF2DE98F95
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
false
90B850EECA5829223A60C20A3684A1CB
16807A05E6C378056EE42CEEBC90A5A3204ED67D
03365F5705AAC55A9EDF0EFED207875D6FD357F8DDC8A73679CD7678019F1908
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
false
E7D98B8AFFAE73E9DA554F68C62958A5
4EC7980569A59DAC3DB1DC818548FD8DA56B44B8
BC25DDA0EA3416BF10F9EF6F2B50177A09E2D562DA34D2F00392147B8AAAFFE0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
false
A4093653D4D96A4EFB49E68541B6F72B
4524BBCE55C1B0D81F597112A11F5C2321F5E66A
3B4EE4B5A2A2D1F4694F9E5847006DB42DB322896E280759A8F2056EE5FC1BB0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
false
2E1F965D9C9DA6F550AE61A7E3B5C7B0
EF66B845260C447E09584E6EE192C59CF6732CBF
4757191E2C90FE2C50B944E77E6636B25D7E66D4C3FF0A047C0219CE2C20776E
C:\Users\user\AppData\Local\Temp\Cretaceous.less
false
38BDF376DC8FF06D763ABFB85F16E744
B4418B82A595DBCF6D6C713ED14D7F191D1653D9
FD37C8E5F1BCD00A6A4F72CEC293F75684D4E2F894560C5589FEF0E9D656FC0B
C:\Users\user\AppData\Local\Temp\Florentine.zip
true
41E4EF92CD8B45BB5B2BBD4BCAE98600
1F5E90A9859F55B1481FE2CEC5B49436E7A612E4
5E4EEBD9A3DF23A450F744DC9B409DC4E4D082913215395053A0B64548DD6152
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
false
E92D610270954139E1F3C323DA3196FD
D93870FA6338B39F80F7EE20F8C2E6F04A71D597
8D8FA2C1C8D83F8708A6343A501F88E9C0E2E5C440615C6BBE94009B9FC51DDF
C:\Users\user\AppData\Local\Temp\adobe.url
false
99D9EE4F5137B94435D9BF49726E3D7B
4AE65CB58C311B5D5D963334F1C30B0BD84AFC03
F5BC6CF90B739E9C70B6EA13F5445B270D8F5906E199270E22A2F685D989211E
C:\Users\user\AppData\Local\Temp\attrition.rst
false
CC6F3311E5E879D311B5A5E112CDD672
89BC5E8A21265FC0630F22F054E6CC5A19E1BBF2
6468EB6A24CA6A63F57A833409BD5D1596DFCC9D63FD7A9B5A145A61209891E4
C:\Users\user\AppData\Local\Temp\excitation.nsv
false
08584E25EA1162A8467D6BFEF331815C
E31BD215D6804973362CE94F83BB6C47C1A3ED73
9EF49F09170200FD8F62F1FCF0E91D94D20A191B1FF9552F872D2D53BCB0B6BA
C:\Users\user\AppData\Local\Temp\magnesia.xcodeproj
true
AB221BA951C5ACCC471713110F36D8EA
3A897A9205AF7D3DF4280D988D146523B248B1B4
CEA0B6B83210A878E1BCC0C792658CA341911E8C43FDE86524501D265C8BAE16
C:\Users\user\AppData\Local\Temp\~DF886CDEE6E19D09C0.TMP
false
53123C5E11307C1CE99FFB5D2FA41FFE
4AB3F4513A0E7A14A2ED6B138F9F87A70E2FD9B8
56B8322E81818F04D8C3DFEACB5568E9E8F796C9C83C7860D0FEEE79473F500A
C:\Users\user\AppData\Local\Temp\~DFE07CE41C772562F5.TMP
false
4DA453BEBF66ACB5201E785E4DA53334
5FC4408BD05F07007411844173D933B13A6ACEC2
D8FAA8228F99D4A9B8A50E0B6573857D6C20D52B50222ED318F2417826BF3EAF
47.241.19.44
api10.laptok.at
true
47.241.19.44
Creates processes via WMI
Deletes itself after installation
Machine Learning detection for dropped file
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Benign windows process drops PE files
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
VBScript performs obfuscated calls to suspicious functions
Yara detected Ursnif