script.exe.7582a080.0x0000000002360000-0x0000000002401fff.exe

Status: finished

Submission Time: 2020-07-31 02:14:16 +02:00

Malicious

Ransomware

Phishing

Evader

HTMLPhisher Sodinokibi

Comments

Details

Analysis ID:
254449
API (Web) ID:
404440
Analysis Started:

2020-07-31 02:14:17 +02:00
Analysis Finished:

2020-07-31 02:27:29 +02:00
MD5:
d5b831131e93aa30512ca34b0085980d
SHA1:
0a55c8164e612ff9bf28ba493885ca040e5840ad
SHA256:
be5a6314e4c9911fb51c7471c50e900a8645d31111baee36038f8dc0cc891643
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
172.67.142.212	United States
185.98.131.132	France
35.185.122.102	United States
Click to see the 97 hidden entries
80.240.20.142	Germany
51.77.137.26	France
51.15.85.234	France
104.131.161.191	United States
192.252.146.15	United States
213.186.33.18	France
35.208.109.165	United States
188.226.138.70	European Union
107.191.63.1	United States
192.42.116.41	Netherlands
50.87.169.151	United States
104.152.109.92	United States
185.165.184.24	Romania
104.31.77.205	United States
178.77.86.131	Germany
198.46.93.64	United States
92.53.96.250	Russian Federation
185.161.140.75	Netherlands
217.160.0.208	Germany
104.18.50.89	United States
159.89.213.59	United States
141.98.100.35	Romania
96.127.180.186	United States
104.24.121.17	United States
185.50.197.168	Spain
50.87.137.220	United States
198.54.125.174	United States
23.106.221.179	United States
109.95.157.35	Poland
149.28.106.195	United States
192.99.7.155	Canada
18.202.227.122	United States
104.28.13.75	United States
217.182.126.186	France
89.234.180.47	France
77.111.240.1	Denmark
151.101.66.159	United States
199.16.128.113	Canada
85.214.155.19	Germany
141.138.169.215	Netherlands
159.253.19.44	Estonia
184.168.131.241	United States
94.231.103.165	Denmark
83.138.86.102	Germany
213.186.33.50	France
217.70.186.111	France
81.19.215.5	United Kingdom
52.28.116.69	United States
144.217.72.25	Canada
185.21.42.205	Denmark
87.254.25.84	United Kingdom
178.33.92.20	France
3.94.148.248	United States
35.209.103.2	United States
68.65.120.201	United States
85.214.17.182	Germany
77.240.183.196	Czech Republic
50.116.53.94	United States
78.47.106.17	Germany
213.159.29.75	Turkey
185.232.187.133	Netherlands
107.191.48.119	United States
145.239.0.194	France
95.217.73.113	Germany
50.116.72.208	United States
104.31.82.80	United States
37.9.175.9	Slovakia (SLOVAK Republic)
185.157.56.11	Norway
217.160.0.51	Germany
108.167.161.213	United States
162.144.17.96	United States
75.151.98.76	United States
77.111.95.167	Hungary
46.30.58.168	Germany
134.119.246.152	Germany
69.89.31.185	United States
172.67.207.210	United States
37.152.88.204	Spain
37.34.48.68	Netherlands
176.62.169.242	Belgium
45.79.138.92	United States
70.32.23.18	United States
51.75.16.76	France
104.233.202.79	United States
3.234.181.234	United States
52.9.200.151	United States
193.34.145.202	Germany
77.72.0.142	United Kingdom
91.199.212.52	United Kingdom
35.189.90.49	United States
178.62.210.148	European Union
213.128.76.181	Turkey
134.119.88.129	Germany
184.168.131.233	United States
195.210.46.50	Kazakhstan
104.27.133.249	United States
195.154.29.241	France

Domains

Name	IP	Detection
suonenjoen.fi	95.217.73.113
latteswithleslie.com	198.46.93.64
terraflair.de	134.119.246.152
Click to see the 97 hidden entries
rvside.com	104.31.82.80
ufovidmag.com	75.151.98.76
powershell.su	51.77.137.26
neonodi.be	185.98.131.132
goodherbalhealth.com	50.87.137.220
uci-france.fr	213.186.33.18
bescomedical.de	46.30.58.168
bumbipdeco.site	45.32.211.218
metriplica.academy	37.152.88.204
liveyourheartout.co	50.87.169.151
profibersan.com	213.159.29.75
richardiv.com	35.208.109.165
auto-opel.ro	185.165.184.24
arearugcleaningnyc.com	96.127.180.186
sellthewrightway.com	141.98.100.35
hekecrm.com	172.67.207.210
anleggsregisteret.no	185.157.56.11
mindfuelers.com	35.185.122.102
mangimirossana.it	80.240.20.142
lunoluno.com	176.62.169.242
parisschool.ru	159.253.19.44
kvetymichalovce.sk	37.9.175.9
teutoradio.de	217.160.0.51
mercadodelrio.com	50.116.72.208
drnelsonpediatrics.com	50.116.53.94
kryddersnapsen.dk	94.231.103.165
johnstonmingmanning.com	104.31.77.205
dentourage.com	144.217.72.25
wineandgo.hu	77.111.95.167
so-sage.fr	217.182.126.186
protoplay.ca	70.32.23.18
bd2fly.com	52.28.116.69
harleystreetspineclinic.com	104.24.121.17
glas-kuck.de	145.239.0.194
thenalpa.com	104.131.161.191
littlesaints.academy	151.101.66.159
kookooo.com	92.53.96.250
p-ride.live	104.28.13.75
davedavisphotos.com	35.209.103.2
jayfurnitureco.com	108.167.161.213
daveystownhouse.com	85.214.155.19
concontactodirecto.com	51.75.16.76
wyreforest.net	81.19.215.5
ultimatelifesource.com	87.254.25.84
zuerich-umzug.ch	149.126.4.46
kafkacare.com	3.94.148.248
distrifresh.com	185.161.140.75
amorbellezaysalud.com	198.54.125.174
reygroup.pt	178.33.92.20
innovationgames-brabant.nl	51.15.85.234
optigas.com	45.79.138.92
soundseeing.net	178.77.86.131
ncn.nl	185.232.187.133
patriotcleaning.net	172.67.142.212
cascinarosa33.it	217.70.186.111
alcye.com	68.65.120.201
rs-danmark.dk	185.21.42.205
mrcar.nl	37.34.48.68
hepishopping.com	23.106.221.179
elex.is	77.240.183.196
pilotgreen.com	188.226.138.70
medicalsupportco.com	184.168.131.241
apmollerpension.com	159.89.213.59
thesilkroadny.com	149.28.106.195
dreamvoiceclub.org	162.144.17.96
pajagus.fr	107.191.63.1
egpu.fr	89.234.180.47
biketruck.de	77.111.240.1
skyboundnutrition.co.uk	18.202.227.122
parksideseniorliving.net	104.152.109.92
volta.plus	213.186.33.50
carolynfriedlander.com	107.191.48.119
nalliasmali.net	199.16.128.113
awaitspain.com	185.50.197.168
pinkxgayvideoawards.com	192.99.7.155
tetameble.pl	109.95.157.35
aceroprime.com	192.252.146.15
therapybusinessacademy.com	217.160.0.208
masecologicos.com	192.42.116.41
mjk.digital	83.138.86.102
jacquesgarcianoto.com	69.89.31.185
donau-guides.eu	85.214.17.182
nxtstg.org	78.47.106.17
bruut.online	141.138.169.215
unboxtherapy.site	104.18.50.89
sololibrerie.it	178.62.210.148
crt.sectigo.com	91.199.212.52
www.mjk.digital	83.138.86.102
nbparking-lb1-e8979d80a94bc16b.elb.us-east-1.amazonaws.com	3.234.181.234
www.pinkxgayvideoawards.com	192.99.7.155
stagefxinc.client.bypronto.com	54.72.3.133
leadforensics.wpengine.com	35.189.90.49
sylvia17.da0898.com	104.233.202.79
www.bescomedical.de	46.30.58.168
asf-ris-prod-neurope.northeurope.cloudapp.azure.com	168.63.67.155
circuit-diagramz.com	193.34.145.202
leadforensics.com	35.189.90.49

URLs

Name	Detection
https://optigas.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
https://amorbellezaysalud.com
https://www.zuerich-umzug.ch/wp-content/uploads/2018/08/umzugsfirma-zuerich-umzuege.jpg
Click to see the 97 hidden entries
https://amorbellezaysalud.com/wp-content/uploads/2018/04/estrias-1-300x188.jpg
https://wineandgo.hu/#website
https://mobirise.com
https://wineandgo.hu/feed
https://donauguides.com/bratislava/
http://gmpg.org/xfn/11
https://amorbellezaysalud.com/wp-content/uploads/2020/07/alcool-200x150.jpg
http://www.globaltrust.info0
https://www.pinkxgayvideoawards.com/wp-content/uploads/2018/08/thumb/logo-depot-png-rapide-1__235x90
https://amorbellezaysalud.com/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.2
https://teutoradio.de/wp-includes/wlwmanifest.xml
https://www.pinkxgayvideoawards.com/wp-content/themes/static/css/jcarousel.responsive.css
https://amorbellezaysalud.com/wp-content/uploads/2020/05/naom_5cf652fa7e913.jpg
https://amorbellezaysalud.com/wp-content/uploads/2018/04/estrias-1.jpg
https://www.zuerich-umzug.ch/wp-content/plugins/fusion-builder/assets/css/media/max-640.min.css?ver=
https://amorbellezaysalud.com/consejos-para-perder-peso-en-casa-con-ejercicios-y-jugos/
https://wwww.certigna.fr/autorites/0m
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
https://donauguides.com/xmlrpc.php?rsd
http://cps.letsencrypt.org0
https://www.pinkxgayvideoawards.com/fr/accueil/
https://amorbellezaysalud.com/wp-content/uploads/2020/05/cropped-xcxcxc-180x180.jpg
https://donauguides.com/wp-includes/wlwmanifest.xml
https://arearugcleaningnyc.com/
https://rvside.com/rv-content/themes/focusblog/cs
https://donauguides.com/wp-content/plugins/wp-hide-post/public/js/wp-hide-post-public.js?ver=2.0.10
https://monsieuragency.com
https://optigas.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
https://teutoradio.de/tiersuche
https://terraflair.de/data/tmp/shjn.png
http://www.acabogacia.org0
https://teutoradio.de/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
https://teutoradio.de/radio-stellenboerse
https://amorbellezaysalud.com/6-beneficios-de-la-meditacion-para-la-salud/
https://www.zuerich-umzug.ch/wp-content/themes/Avada/includes/lib/assets/min/js/library/ie11CustomPr
https://optigas.com/wp-json/
https://www.zuerich-umzug.ch/wp-content/plugins/fusion-builder/assets/css/media/min-4c-max-5c.css?ve
https://certs.starfieldtech.com/repository/0
https://www.zuerich-umzug.ch/unverbindliche-reinigungsofferte-anfordern/
https://optigas.com/#website
https://powershell.su/data/assets/rphtfynk.gif
https://strobomag.com/
https://www.jacquesgarcianoto.com
https://rvside.com/rv-content/themes/focusblog/css/ie8.css
https://optigas.com/wp-conte
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
https://hekecrm.com:443/static/assets/pn.pngmage/mikj.jpg
https://amorbellezaysalud.com/wp-content/themes/royale-news/style.css?ver=5.4.2
https://www.zuerich-umzug.ch/em32
https://wineandgo.hu/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation.css?ver=1.5.2
https://www.zuerich-umzug.ch/wp-content/themes/Avada/assets/css/media/max-sh-640.min.css?ver=6.1.2
http://ca.disig.sk/ca/crl/ca_disig.crl0
https://donauguides.com/linz/
https://wineandgo.hu/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation-base.css?ver=1.5.2
https://amorbellezaysalud.com/wp-content/uploads/2020/07/camote-boniato-200x150.jpg
http://crl.ssc.lt/root-c/cacrl.crl0
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
https://donauguides.com/wp-content/plugins/logo-carousel-pro/assets/css/tooltipster.css?ver=3.2.11
https://rename.kz:443/static/game/kdhbgpchcg.gifpgjacquesgarcianoto.comjacquesgarcianoto.com
https://www.pinkxgayvideoawards.com/wp-content/uploads/2017/08/thumb/onerOk__235x90.png
https://bescomedical.de/uploads/game/qkagiwsqpzvq.png
https://www.zuerich-umzug.ch/#webpage
http://www.chambersign.org1
http://crl.dhimyotis.com/certignarootca.crl0
https://www.zuerich-umzug.ch/wp-content/uploads/2018/12/cropped-Umzugsfirma-Bassersdorf-3-270x270.jp
https://teutoradio.de/wp-content/themes/dynamic-news-lite/js/html5shiv.min.js?ver=3.7.3
https://donauguides.com/wp-content/plugins/logo-carousel-pro/assets/css/jquery.bxslider.min.css?ver=
http://ocsp.suscerte.gob.ve0
https://protoplay.ca/wp-json/
https://www.zuerich-umzug.ch/gX
http://cdp.rapidssl.com/RapidSSLRSACA2018.crl0L
https://www.jacquesgarcianoto.com/contact/
https://amorbellezaysalud.com/wp-content/uploads/2019/07/resize-e1563161528135-1.jpg
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
https://amorbellezaysalud.com/wp-content/uploads/2020/02/Capturar-5-1-300x162.png
https://amorbellezaysalud.com/arroz-integral-cuales-son-sus-beneficios-y-como-preparar/
https://optigas.com/wp-content/themes/Avada/assets/css/style.min.css?ver=6.2.3
https://wineandgo.hu/comments/feed
https://amorbellezaysalud.com/wp-includes/css/dashicons.min.css?ver=5.4.2
https://bonermagazine.com/
https://www.zuerich-umzug.ch/umzuge/firmenumzuge/
http://policy.camerfirma.com0
https://amorbellezaysalud.com/wakame-que-es-cuales-son-los-beneficios-y-como-consumir/
http://pki.registradores.org/normativa/index.htm0
http://crl.identrust
https://www.pinkxgayvideoawards.com/wp-content/themes/static/js/jquery.jcarousel.min.js
https://www.pinkxgayvideoawards.com/wp-content/themes/static/img/ipad.jpg
https://www.zuerich-umzug.ch/wp-content/uploads/2018/08/umzugsfirma-zuerich-logo.png
https://www.pinkxgayvideoawards.com/wp-content/uploads/2019/07/thumb/gymlouvre__235x90.png
https://www.pinkxgayvideoawards.com/wp-content/themes/static/img/fb.png
https://optigas.com/comments/feed/
https://themebeez.com
https://www.zuerich-umzug.ch/reinigung/umzugsreinigung/
https://powershell.su/
https://pazarspor.org.tr/1995-1996-sezonu/
http://www.disig.sk/ca/crl/ca_disig.crl0
http://www.suscerte.gob.ve/dpc0

Dropped files

Name	File Type	Hashes
C:\Users\user\Desktop\EFOYFBOLXA\EFOYFBOLXA.docx	data	#
C:\Users\user\Desktop\EFOYFBOLXA\BJZFPPWAPT.xlsx	data	#
C:\Users\user\Desktop\NVWZAPQSQL\NVWZAPQSQL.docx	data	#
Click to see the 97 hidden entries
C:\Users\user\Desktop\NVWZAPQSQL\EFOYFBOLXA.xlsx	data	#
C:\Users\user\Documents\BJZFPPWAPT.jpg	data	#
C:\Users\user\Documents\20200731\m8we29-readme.txt	data	#
C:\Users\user\Documents\20200731\PowerShell_transcript.849224.9ReujPfp.20200731021736.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Desktop\m8we29-readme.txt	data	#
C:\Users\user\Desktop\ZGGKNSUKOP\m8we29-readme.txt	data	#
C:\Users\user\Desktop\ZGGKNSUKOP.jpg	data	#
C:\Users\user\Desktop\PALRGUCVEH.png	data	#
C:\Users\user\Desktop\NYMMPCEIMA\m8we29-readme.txt	data	#
C:\Users\user\Desktop\NVWZAPQSQL\m8we29-readme.txt	data	#
C:\Users\user\Desktop\NVWZAPQSQL\PALRGUCVEH.png	data	#
C:\Users\user\Desktop\NVWZAPQSQL\GRXZDKKVDB.pdf	data	#
C:\Users\user\Documents\BJZFPPWAPT.xlsx	data	#
C:\Users\user\Desktop\NVWZAPQSQL\DUUDTUBZFW.mp3	data	#
C:\Users\user\Desktop\NVWZAPQSQL\BJZFPPWAPT.jpg	data	#
C:\Users\user\Desktop\NVWZAPQSQL.docx	data	#
C:\Users\user\Desktop\KLIZUSIQEN.mp3	PGP\011Secret Sub-key -	#
C:\Users\user\Desktop\JDDHMPCDUJ\m8we29-readme.txt	data	#
C:\Users\user\Desktop\GRXZDKKVDB.pdf	data	#
C:\Users\user\Desktop\EWZCVGNOWT.png	data	#
C:\Users\user\Desktop\EOWRVPQCCS\m8we29-readme.txt	data	#
C:\Users\user\Desktop\EFOYFBOLXA\m8we29-readme.txt	data	#
C:\Users\user\Desktop\EFOYFBOLXA\ZGGKNSUKOP.jpg	data	#
C:\Users\user\Documents\EOWRVPQCCS\m8we29-readme.txt	data	#
C:\Users\user\Documents\NVWZAPQSQL\m8we29-readme.txt	data	#
C:\Users\user\Documents\NVWZAPQSQL\PALRGUCVEH.png	data	#
C:\Users\user\Documents\NVWZAPQSQL\NVWZAPQSQL.docx	data	#
C:\Users\user\Documents\NVWZAPQSQL\GRXZDKKVDB.pdf	data	#
C:\Users\user\Documents\NVWZAPQSQL\EFOYFBOLXA.xlsx	data	#
C:\Users\user\Documents\NVWZAPQSQL\DUUDTUBZFW.mp3	data	#
C:\Users\user\Documents\NVWZAPQSQL\BJZFPPWAPT.jpg	data	#
C:\Users\user\Documents\NVWZAPQSQL.docx	data	#
C:\Users\user\Documents\KLIZUSIQEN.mp3	data	#
C:\Users\user\Documents\JDDHMPCDUJ\m8we29-readme.txt	data	#
C:\Users\user\Documents\GRXZDKKVDB.pdf	data	#
C:\Users\user\Documents\EWZCVGNOWT.png	data	#
C:\Users\user\Desktop\EFOYFBOLXA\EWZCVGNOWT.png	data	#
C:\Users\user\Documents\EFOYFBOLXA\m8we29-readme.txt	data	#
C:\Users\user\Documents\EFOYFBOLXA\ZGGKNSUKOP.jpg	data	#
C:\Users\user\Documents\EFOYFBOLXA\KLIZUSIQEN.mp3	data	#
C:\Users\user\Documents\EFOYFBOLXA\EWZCVGNOWT.png	data	#
C:\Users\user\Documents\EFOYFBOLXA\EFOYFBOLXA.docx	data	#
C:\Users\user\Documents\EFOYFBOLXA\DUUDTUBZFW.pdf	data	#
C:\Users\user\Documents\EFOYFBOLXA\BJZFPPWAPT.xlsx	data	#
C:\Users\user\Documents\EFOYFBOLXA.xlsx	data	#
C:\Users\user\Documents\EFOYFBOLXA.docx	data	#
C:\Users\user\Documents\DUUDTUBZFW.pdf	data	#
C:\Users\user\Documents\DUUDTUBZFW.mp3	data	#
C:\Users\Default\Music\m8we29-readme.txt	data	#
C:\Users\Public\Downloads\m8we29-readme.txt	data	#
C:\Users\Public\Documents\m8we29-readme.txt	data	#
C:\Users\Public\Desktop\m8we29-readme.txt	data	#
C:\Users\Public\AccountPictures\m8we29-readme.txt	data	#
C:\Users\Default\m8we29-readme.txt	data	#
C:\Users\Default\Videos\m8we29-readme.txt	data	#
C:\Users\Default\Saved Games\m8we29-readme.txt	data	#
C:\Users\Default\Pictures\m8we29-readme.txt	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf	data	#
C:\Users\Default\NTUSER.DAT.LOG1	data	#
C:\Users\Public\Libraries\RecordedTV.library-ms	data	#
C:\Users\Default\Links\m8we29-readme.txt	data	#
C:\Users\Default\Favorites\m8we29-readme.txt	data	#
C:\Users\Default\Downloads\m8we29-readme.txt	data	#
C:\Users\Default\Documents\m8we29-readme.txt	data	#
C:\Users\Default\Desktop\m8we29-readme.txt	data	#
C:\Recovery\m8we29-readme.txt	data	#
C:\Program Files\m8we29-readme.txt	data	#
C:\Program Files (x86)\m8we29-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\m8we29-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\110\m8we29-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\110\Shared\m8we29-readme.txt	data	#
C:\Users\user\AppData\Local\Temp\1719x761n0f9y.bmp	PC bitmap, Windows 3.x format, 1280 x 1024 x 32	#
C:\Config.Msi\m8we29-readme.txt	data	#
C:\Users\user\Desktop\EFOYFBOLXA\DUUDTUBZFW.pdf	data	#
C:\Users\user\Desktop\EFOYFBOLXA.xlsx	data	#
C:\Users\user\Desktop\EFOYFBOLXA.docx	data	#
C:\Users\user\Desktop\DUUDTUBZFW.pdf	data	#
C:\Users\user\Desktop\DUUDTUBZFW.mp3	data	#
C:\Users\user\Desktop\BJZFPPWAPT.xlsx	data	#
C:\Users\user\Desktop\BJZFPPWAPT.jpg	data	#
C:\Users\user\Contacts\m8we29-readme.txt	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xie1r3gt.ryl.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g2oakovj.xse.psm1	very short file (no magic)	#
C:\Users\user\Desktop\EFOYFBOLXA\KLIZUSIQEN.mp3	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30D802E0E248FEE17AAF4A62594CC75A	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58139 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30D802E0E248FEE17AAF4A62594CC75A	data	#
C:\Users\user\3D Objects\m8we29-readme.txt	data	#
C:\Users\Public\m8we29-readme.txt	data	#
C:\Users\Public\Videos\m8we29-readme.txt	data	#
C:\Users\Public\Pictures\m8we29-readme.txt	data	#
C:\Users\Public\Music\m8we29-readme.txt	data	#
C:\Users\Public\Libraries\m8we29-readme.txt	data	#

script.exe.7582a080.0x0000000002360000-0x0000000002401fff.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

script.exe.7582a080.0x0000000002360000-0x0000000002401fff.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

script.exe.7582a080.0x0000000002360000-0x0000000002401fff.exe