31.0.0 Emerald
IR
350433
CloudBasic
11:52:18
09/02/2021
yytr.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ba2befa9c70c2b6d779c48a59cece3e5
4c855f80076e357d35c7d60cd52d2c49abefc5ff
9c51cbe4681facc34623aeca27a18dbaa6db1337990a0e003b7c9babeb06c1eb
Win32 Dynamic Link Library (generic) (1002004/3) 97.97%
true
false
false
false
100
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_db99bffafeba5bc19edb8917aba4cdaba066d_82810a17_13ca7fe1\Report.wer
false
E2FC193F6B2310CD332CE34CAF7E6719
D40C33DC9C01C8024F69F12DED1796E8282213C5
02C2A4E404D13B697B4A595430E768613FA0C476619E21A054E32425EC97674F
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B01.tmp.dmp
false
32497688B32DB871E45E320FD292E094
E7D397C6D5809115F0CA2EBAA0457114B2E97F2B
D7F841A7C1D5C7C079DAEB0F13E6EFB33A3BB0D8B2149DED831802B58BC2704F
C:\ProgramData\Microsoft\Windows\WER\Temp\WER70DE.tmp.WERInternalMetadata.xml
false
4A6E651AB8ACA848E592D94D7667F237
0D8D3293BCF0844BB83A8EA3D691AF198CD6A15A
05E0CC5BBA030A02DFB7963B350AE5EBD880BDB451BA19065C5729E89C508B38
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7276.tmp.xml
false
82BEBC988943F9C6F17FDE7CF0F775BC
B8104C54FA7894A8F143990700417876FA477637
2A44738700FCF3DC487E7E7F59007CB543AE4F5CC347B1A82E7FDD93489B12E8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A3DC979-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
23ACA7F5BE56571F0D7D8EA36AEDE83A
FF9EC3A5869228DFEAF9E93AAC8667059E88AB0C
6E29B0D79B64A6FFE4FFE4E8C8054B46752F6F9CE59D607286930D2EDFEC3A5D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25073A9B-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
55CD106A4972264218BF56749F11EF39
BAC8A1DD521A4748FD2568F6553DA1BF4C097662
4761927D391E41ED6AB67CAB3F7EFE49F330A6A238D3581DDF13B7B47F1D94C8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27115B58-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
B3404877AA2FB11C88B18870C338616F
7FC890D5D01D5822E6C1A44581582CBFFF9119B4
D562CD98724E2C51E53725EEDA6E6596022EB916B9983D74082D311CF7CAEB25
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A3DC97B-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
21ED86C6155A9A3BAB51806A7214833E
E3715253D4D10EA823B395DFDF8FDD8E842FEEB1
DF7D77ECB626583A7E4405729C1C588BB95CC01818B27F168F41A7748E3AAA64
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25073A9D-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
B4BA01B0E2A50A5C552C655697AB09F9
D8F1363AE86812AA4FA6E115F4B7818548FF7711
86E2A5CB88A41C00F3D196674AFD2F9C9C00BE9EB42662F96452DE368ED132D2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27115B5A-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
4E056F74330776770AE8976231B283C4
106EBB8C09BA669FAD68C834A6EF4E51EC5053B5
608CAAAC144ED1A52875C589FF494406B9EC947156783F5FD5ED8DA624CF51C8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27115B5C-6AC5-11EB-90EB-ECF4BBEA1588}.dat
false
00694BB1739A2087D0138112C6D9573B
9A8CE8A8FF34A9F7F2354DD5D41AFB135D420CD1
FFCD48A75F573EF35CEA4A6759C9F08ED6FFFFE15BD23530A33A7EA8F1DF9D14
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
false
66D2BBE12571B9365485F510DC138370
14351E34F7ECFAE99486EC68534D90388F5E3A3D
F66F7695D0B883035391B5FE0A6849B42D9FFD2077FB05A7685B1A8A8F1B7225
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
false
AAA7C5B18E431F68403E068B26DA362D
19F03C3E09620672075055987B12D16C38D94206
2B9792D44985B42764D8E8E801835AE9B65573CAE971A9CC5290024411A0337D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
false
DB93FB0A43D500322FD5CBE5CB7C87C8
4227DA19E757B0907E1598A688626886E2751156
3B62E33E0DBEAA7835D001A6E392AF7E682F7F04E50A9F1E779C99DE842183FE
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
false
D6E4ABC8F95B676657F788B3FB2CBC36
3A77D0487FCFB1B077AEFF794593960516DD06EE
3C22CA9D7936827E0458C9C26CBAB26B2B8265309528DA7E41FA17942990CC6F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
false
11510555A8DB89B080E208118F068295
265F3468C6C1D0D0EE767C050BB3038751912437
A759F0A6A6FF99DCBDB2F5ECACBC9E7B08FE3B76EAF220CE98EDF6A3ADEBF76A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
false
0F6C7FE42D80735B94CCE0FFA1062AD5
ABAE8E0AA7C0163A17E26D069928B090D4EA27FA
5846AA607541A37D8594989C9D7E02BDC0FCD2B2BCED301DCC54B0C845DFC483
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
false
CF7CD97C21B6E5AB351243E8B2F387AA
4DC278FFFFFB269514E83BB041083A3B1556C275
8F8755DCD4BA40957266AAEDA5864EAFDDE6A1CC77D78CEEC60AD191CE250AE0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
false
9FFEB35B7C695F9C8F4860818F83C501
EB8F489F28A9DC4CF6AE3723FC836365995E5561
5150D10D50054B8C904D5C3F1ECBCB94ABEC0FE1B0AF256B5161F3C841AA7984
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
false
9EA6D57D8AD19530E6ECEDB027B61067
8DC968FBA4496BA6DADC464375C352B57FB60726
2F03919A8313E6FA514D480BB82A5EAF191DCBAC486530F2C6970DF285877E99
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
false
ADE52A2CDF2199FB444A8361C692F9D1
88569CA8383E5F9EC1E581CBED0E6C9F30A85FB0
7F30A5AD13B1C5BF614B2BFA60338F82C62D545172C23576233388788B232A7D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\7h[1].htm
false
932D41136B3BE3FD959DFAC2DBA155AF
1435668E668C81DD52C4BF6980DE2219800EAAAC
580FB53E9B2C064C5DF469CE9A29814A332C22F6B116489552A3B83C98AA8096
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\S[1].htm
false
8AE37E7E0148B06F4FB85AB05484E609
08B81093F1C189E609BE7CA767EFD6FCA0102389
CBDB9F54CCDB45C4CA263F6AD740385091D42B17BF7D68466A1B387120E81149
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-1.9.1.min[1].js
false
397754BA49E9E0CF4E7C190DA78DDA05
AE49E56999D82802727455F0BA83B63ACD90A22B
C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mwfmdl2-v3.54[1].woff
false
D0263DC03BE4C393A90BDA733C57D6DB
8A032B6DEAB53A33234C735133B48518F8643B92
22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\17-f90ef1[1].js
false
04ECF0CF6CBC75F16F34D42554CB4C9D
16DFBFEFBD6BB75FD61E7D678693C7C3998677E9
06B2E0143CA1583C507056D1BC66A4024530340BA5582682180D3E2DCE56D163
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mwf-west-european-default.min[1].css
false
12DD1E4D0485A80184B36D158018DE81
EB2594062E90E3DCD5127679F9C369D3BF39D61C
A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\override[1].css
false
A570448F8E33150F5737B9A57B6D889A
860949A95B7598B394AA255FE06F530C3DA24E4E
0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE1Mu3b[1].png
false
9F14C20150A003D7CE4DE57C298F0FBA
DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\VjoLNr[1].htm
false
75969FF5E0A524DD6B4B222274FCD1D3
0E82CCAA2AFF23BA97EBA1B08765D0FCE3AB7C7B
6346B58F19CD12A7ECAE9AE661EF4EAB64FB9D8D66E9D8210353C3C04A711539
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico
false
F74755B4757448D71FDCB4650A701816
0BCBE73D6A198F6E5EBAFA035B734A12809CEFA6
E78286D0F5DFA2C85615D11845D1B29B0BFEC227BC077E74CB1FF98CE8DF4C5A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\wcp-consent[1].js
false
38B769522DD0E4C2998C9034A54E174E
D95EF070878D50342B045DCF9ABD3FF4CCA0AAF3
208EDBED32B2ADAC9446DF83CAA4A093A261492BA6B8B3BCFE6A75EFB8B70294
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\54-41a2a0[1].css
false
55A2B9AD102C59D9946DF38A108FBF84
65CE0F627FF9508C4DDDEBCBF7332B3D5DE1DB17
CCB734F5ED4702B8E95450889F1A9B5A5FB86B697C2B2B390C608B466D8FADFB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MWFMDL2[1].ttf
false
5410C5517F1BBEB51E2D0F43BC6B4309
4ADF2D3A889A8F9D71FAC262297302086A4A03F4
2F4E38662C0FF2FAB3EB09DCB457CD0778501BFFEE4026F6B0D9364ABB05DB46
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MWFMDL2[1].woff
false
5ED659CF5FC777935283BBC8AE7CC19A
A0490A2C4ADDD69A146A3B86C56722F89904B2F6
31B8037945123706CB78D80D4D762695DF8C0755E9F7412E9961953B375708AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie
false
99BDE3452748E34D6C50275110A6A8D4
E79CB2A8DB7D8490523529D3861F95BA73A20C23
D07311ACF641866E7E84823D2962F593BB655792301DC61AD6F0C6869D9C5937
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
false
7A57D8959BFD0B97B364F902ACD60F90
7033B83A6B8A6C05158BC2AD220D70F3E6F74C8F
47B441C2714A78F9CFDCB7E85A4DE77042B19A8C4FA561F435471B474B57A4C2
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
false
5F0686EAB07B96DB46D73AE2F197B684
A363868CCBA7CE93E82670B31F29B67898C43385
7E66330E60DB9E14D2E174A05C68CFE7B06D050E73D737C2426873E900B46C0A
C:\Users\user\AppData\Local\Temp\6422.bin
false
38C9A9723A711847F5ED4999A099C4BB
A94A99EB4C221C9457D4EAA77319EEA2147E8E5A
2861066C97CCE69595A9F2E48FA01407B8BE87BB87D51EC05631566BF34D43A2
C:\Users\user\AppData\Local\Temp\8CE6.bin
false
5649D5AAA399E148CB54DDDD9C7251F5
C35BDD35B3774DD88EBE1AB8973E4890E7D1D081
E16D1A2B0023A90C3ECF57ED9B1F35E6F4C931CE4AB4943629CA0B2F6D3EA99F
C:\Users\user\AppData\Local\Temp\B885.bin
false
A6E0FF0939762F9425B3B2AA13904520
951DDFC89E0D8DC5D81493DB10562ABE69A75BD3
ADCF43FD062A2F9F49E65DB1FF206A1135BD95228E0FD6B16CCC4BAA7B8E28EF
C:\Users\user\AppData\Local\Temp\BB09.bin
false
0DF166687069627C0F99A848CDD615DE
A1BF5DFA2024FD6D84E82DE7DD22703AE45C2E2B
2877F8F0E1DE426F5693B4A03E594BC1F93CCE7CDFFD977E08C21E1D544EF264
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
false
3FD8D40F694710A82DA6A9F2D8BA3247
ED48089EB308B9EC967A118DDFB23B489C950460
04310E1FBDCF48E16107D280507C0F8A06A70DAF529D94A8902A665AF8DBD0FB
C:\Users\user\AppData\Local\Temp\RESCC08.tmp
false
59F34B2DA9FB37903A2961BE36B819BC
40134A221CADE53CFD44D65D9DB2AD3C9B12B8ED
1BBD7213DEC4AE4B52C4AE6387C89C9719674E729938AAAF8C6572FA44B10D63
C:\Users\user\AppData\Local\Temp\RESDFCF.tmp
false
CC4F49185EB51E7A58A20872ED68CAD7
3C34159843C5F0CAB14F5B07A1F87EB63ECA3400
2891993E6ACA947CA9BC99FE6925A1DB8590E02B12FAB0BA19B0F515B3667B67
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15kq1a0i.mt1.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1cwaabyi.1x4.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\maejgtwh\CSC5E7D34BFE3B047248BD36616B57FD91.TMP
false
C70FF5E258F64B4DFBCBC127804DC4D4
71CEA059EAD4A6617C014BD30CD19F91A215E1F4
9EEEB54F0E133FB035F7F2C61DF4C6DFBA62E7C4DD2A25004A30AA0BC32FF03E
C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.0.cs
true
D926107FD8AB7346C82353F3FEDD1DB3
C0CD1EC04F1D5F06E1FF931F4E6FED1DB849E408
2DF76E5F440E16B4CA6C646072B32698FD39E630E205244C00E7764485AD1305
C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.cmdline
false
5EFAA10888084F6C2ABAEFB1AB5A5A82
572A191288CEC3F1278F37F7E856E0F9FE86D956
65D14F9647792EB535672507A8C5D6E990193C9285CF5B388B6DF77CECBECF79
C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.dll
false
AB1500D1BA138635FFE816AC5D588456
DECF39D950FB1AC6C5385659923E0E763EE24757
CFBC1E37883C9D9F6F8E8F3EE4979B1EAD92BE01FBAA764B8B6A144A46CD8A52
C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.out
false
83B3C9D9190CE2C57B83EEE13A9719DF
ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E
B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA
C:\Users\user\AppData\Local\Temp\qxfma03s\CSC9A61D8937933426B894F97C05C536C75.TMP
false
FD26A15913D09B00DBA441FC74CE38FA
DD4D46B3EB090CC5901F0A0482B5A398814C5F58
413C6B0617D7D50CA0DAFBCEFC79E573D6B2EFAA0F28E23DCABFD45BB9FE5E86
C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.0.cs
false
39E11F07A1F54792A10D3EB5204C7692
31EF54B2B7F74D6B0768DDA602C428ADFED96CD4
4C4BCD84956847402F4C833B4ABC060C08BBF021FAD35E7065FEAF23241B9D73
C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.cmdline
true
D4F2252C5B55D4C7484B89D7E8F6140F
B9AE9BBA02129140A8B521AB820C1DFE50BC3DBE
105FC84B941B0A84887B2EA104A2C694BD1885FBF4B9020BE38F75E54F473C62
C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.dll
false
34911E3E26111C03AC0CFB939E4C20A7
2C57142695A7A71BEC947B91DF12714A4762FEF2
6D2ED4EC7D08C66A5D303B8FB388A1B199485271EEB1B2808E41E4C4493C5386
C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.out
false
83B3C9D9190CE2C57B83EEE13A9719DF
ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E
B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA
C:\Users\user\AppData\Local\Temp\~DF278173DF210C3232.TMP
false
7C68C8F924B7128183BD41304E9E092F
6EBBCBD9BC73E977B9DF839EC668D2E043EE02F3
54DC46520F8C43A8D66886C23E26FF1E2E52064B628E0C35C49696C07B99D5AE
C:\Users\user\AppData\Local\Temp\~DF2BE453F2FFB3DF0D.TMP
false
A45474FC2DB4ACB03ECD1AC17CECFE4A
BE046646E3FEF40D7FB6657688DBEFF08F23562A
7186D7BB52168D2E1CBFF04AE6006E4A233E33B1F5D4B32BECC5D6EF44655EB5
C:\Users\user\AppData\Local\Temp\~DF2D3E39DD72D69D45.TMP
false
92F0E19A9E88C5C106B2213D9772736D
EC518DEDD885C99381E87299518D8CFAA3402C80
7E719549935549B998C3F7FB8E501EAD8365D59361B767D64EBA4D1D20452CEA
C:\Users\user\AppData\Local\Temp\~DF5BDE8D116B855265.TMP
false
7273CDEC220124EC54BA3B43E645343F
2EBDD6C31990659A40237BE37061DAC768D62507
F718667DE87B4937CCA9E286F30276E55E560A42C6FAA5D7F335748C6CFF1C5E
C:\Users\user\AppData\Local\Temp\~DF9C0FE75732B658AC.TMP
false
339FE35EB6099F02CC751EE733C7E62B
37D2E1C4AF3C46F33BFDB4250536C00151A834CB
7E13D804BBFCB1B0A3AEC0CFFE7A2466F6D31FB43311E7DCC1F5F27BF9200962
C:\Users\user\AppData\Local\Temp\~DFA80715CFB9C59485.TMP
false
6EA02E8D246F27E2EAE7D044660CD373
93E2549D1E599974C23B57343D0F2ED9CF254C19
22E5EC2A35FFF6DFCE877F6F5AACC99AC33D64B61D520732837278747BCD2FAB
C:\Users\user\AppData\Local\Temp\~DFE15395D1BA8278C0.TMP
false
D897C5DB937E1E3750180435B6A4C6F3
AFD6BEE4166E141E347F4D502F5855E39998273B
91BCA343EBB33A9EDBF765577C74DBDC566621B809A00B5F38470F2EB04648FD
C:\Users\user\AppData\Roaming\Microsoft\{89416E59-54DD-A3A8-A6CD-C8873A517CAB}
false
CA8EAC5499433C1EDED71D3253EB1DFD
37FA79640023F3B752582BB75D2F7EF682C11985
BE09E4B1F903AF1906B162874E7CC0C107E1865D960EC2060645B562789F5BD2
C:\Users\user\AppData\Roaming\Microsoft\{8B1244C5-6E46-F55A-D0EF-82F90493D63D}\cookie.cr\Cookies.cr
false
A7FE10DA330AD03BF22DC9AC76BBB3E4
1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
C:\Users\user\AppData\Roaming\Microsoft\{8B1244C5-6E46-F55A-D0EF-82F90493D63D}\cookie.ie\deprecated.cookie.ie
false
99BDE3452748E34D6C50275110A6A8D4
E79CB2A8DB7D8490523529D3861F95BA73A20C23
D07311ACF641866E7E84823D2962F593BB655792301DC61AD6F0C6869D9C5937
C:\Users\user\Documents\20210209\PowerShell_transcript.618321.ulkUtsN9.20210209115429.txt
false
15290DF6198BF19763A729A86E729BD4
29E2BC5391ABBCF5A53EAF358D8FEC7791EE7D53
3E1908F6675CF2D6C24A985BA95FA2FCAB1DD5B21BB46F01BDE745A16ABBC45E
104.16.249.249
80.208.230.180
45.67.231.135
pronpepsipirpyamvioerd.com
false
80.208.230.180
mozilla.cloudflare-dns.com
false
104.16.249.249
eorctconthoelrrpentshfex.com
true
45.67.231.135
resolver1.opendns.com
false
208.67.222.222
1.0.0.127.in-addr.arpa
true
unknown
assets.onestore.ms
true
unknown
8.8.8.8.in-addr.arpa
true
unknown
ajax.aspnetcdn.com
false
unknown
Allocates memory in foreign processes
Changes memory attributes in foreign processes to executable or writable
Compiles code for process injection (via .Net compiler)
Contains functionality to detect sleep reduction / modifications
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Hooks registry keys query functions (used to hide registry keys)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the export address table of user mode modules (user mode EAT hooks)
Modifies the import address table of user mode modules (user mode IAT hooks)
Modifies the prolog of user mode functions (user mode inline hooks)
Sigma detected: MSHTA Spawning Windows Shell
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes or reads registry keys via WMI
Writes registry values via WMI
Writes to foreign memory regions
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Dot net compiler compiles file from suspicious location
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Ursnif