31.0.0 Emerald
IR
393947
CloudBasic
22:58:20
20/04/2021
covid.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
99e3b458dee79b33209d39d19692ae08
63b68db39d6e39be7564b2fb28f1a3070b127444
87bb35a04c91b5005806b4893ad4dc594c8b73d228150597cde89b39f79af9b0
Win32 Executable (generic) Net Framework (10011505/4) 49.98%
true
false
false
false
68
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
61A03D15CF62612F50B74867090DBE79
15228F34067B4B107E917BEBAF17CC7C3C1280A8
F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
3DCFE99F8D6BBF8BAE4F47092C0C15A0
1C1CBE4F2F25DA8ADC960617F127CA4221786A24
A8413472CF220270F3D50ECD3753AFA5096896C6457668C055E120944DE188B4
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\covid.exe.log
true
3B495BE0A7E2A57ACC717A4A3DBBD1E8
D91F0A7B70C6C55AADEBD64CBBA5831481D3D5ED
D499F90E7622879DCA8ADEC7068D9D8926F33FD6FE9CDA465A7189CA4F4E9A83
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
false
8D5E194411E038C060288366D6766D3D
DC1A8229ED0B909042065EA69253E86E86D71C88
44EEE632DEDFB83A545D8C382887DF3EE7EF551F73DD55FEDCDD8C93D390E31F
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
false
1EEC9310290AB90DC59FA655592CB564
4EE4B16DEFC3D73F4B1712A8A64BEF9D83076A93
7529B20EB35160F759D52075E8D304EDB39AA55AF9CBB2CF8EECDDA5D93529CC
C:\Users\user\AppData\Local\Temp\4103631a-1d7c-4a39-96f5-57019040d0ec\AdvancedRun.exe
false
17FC12902F4769AF3A9271EB4E2DACCE
9A4A1581CC3971579574F837E110F3BD6D529DAB
29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
C:\Users\user\AppData\Local\Temp\4103631a-1d7c-4a39-96f5-57019040d0ec\test.bat
false
B2A5EF7D334BDF866113C6F4F9036AAE
F9027F2827B35840487EFD04E818121B5A8541E0
27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
C:\Users\user\AppData\Local\Temp\803d86f9-e660-44ff-a9e1-ff85b73ae661\41c37f5f-e2a1-423e-b793-6cf7f8d71535.exe
false
17FC12902F4769AF3A9271EB4E2DACCE
9A4A1581CC3971579574F837E110F3BD6D529DAB
29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qfokoedf.q1p.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_smbn3d1y.f3r.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tym2jct4.dby.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xz5qrnxd.rfa.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\Documents\20210420\PowerShell_transcript.715575.YAHSjSYP.20210420225944.txt
false
B4B02164A6FA467E0AE696445D0B6B26
513BEE9D426B22C7CADAB0C99DFCC402B808D470
3A0D47EEE921355FB29411527205FA13A7A7B7C40D4849007FB54EE75AAA9EF8
C:\Users\user\Documents\20210420\PowerShell_transcript.715575.kuWr1X7Z.20210420225944.txt
false
21CE8E1B82258946100644140B7013C5
619FF53A089FA62422ABC029F72C14667F6D749F
C38AF2408E89FDF430986EC182AFEA49CD22E63B23649D142256895FC1EA7188
C:\Users\user\MhpbFtoGWNhTPjKfwzuGgRGxjpGzfVWGJwHUxEjlTdnPIXFwm
false
1F6602BC19F05B583F8EC310007B038B
F7DC5C858BEBD19F80EF0969308758283D4B5B56
85709EC49736BD005624D4B542222DAAE924D277AD468B21FF2775674CEEE5CA
192.168.2.1
172.67.220.147
mmwrlridbhmibnr.ml
false
172.67.220.147
Adds a directory exclusion to Windows Defender
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file