154.vbs

Status: finished

Submission Time: 2020-09-17 19:22:22 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
287107
API (Web) ID:
469366
Analysis Started:

2020-09-17 19:22:23 +02:00
Analysis Finished:

2020-09-17 19:36:04 +02:00
MD5:
3acdc4ce2667c82ec38259a292da9c9a
SHA1:
ccf456b6823ca7374e9dedaf6fe574de860bcbe4
SHA256:
c637b67ae008019f3fbe71cb7c5891a8e73d08f4d0cdd927bb43bc499edfb410
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/79

malicious

Score: 5/48

malicious

IPs

IP	Country	Detection
8.208.101.13	Singapore

Domains

Name	IP	Detection
api10.laptok.at	8.208.101.13

URLs

Name	Detection
http://api10.laptok.at/api1/zoZmtAMMuNAwqqVt5/4hckmAE_2BgZ/ItFInrWpulo/GaZmWNgxU0qj7b/k_2BRbnQjcg1AAvl1QUEn/TLHsOPE1gZXaRuRg/dhjHQITK26h_2B3/hex0iAghWjmny_2BLu/_2Bfiel4O/NzMcqSZ0wg2pahisClSx/_2F8nlo0pNhQxfXqTSR/b16r_2F6p5kQr9zg2eOslk/g2XymlCyNdO8L/ZNLxcI4Y/nBdH2j5HhDHrZ_2FB2WqeSx/VlFbvy_2F_/2B6_2BQSV8ccfS6j_/2BH8Ek1yvCs_/0A_0DkiFUhT/VsIpy2A6DY6eYV/FiQvZYnb_2FJxy1oBxXsb/d7sx1UpgVqADQPCV/UKYHv_2FGSXGb/kn
http://api10.laptok.at/api1/2_2FipkhkAv63cFsoR8Y/97uT0q3RL040aZKGP8H/J63beTphHVvsG6qkGHf1sK/wfY_2FdY
http://api10.laptok.at/api1/0xZlfmW6cV9Vk/fFwZ7Kz9/wHutdaz7feZ6a2O45wvtH8o/spqIYIF8qV/QbRR0Z7x14QsFq
Click to see the 23 hidden entries
http://api10.laptok.at/api1/RC1zB15OsARXE/ls8klnva/52RGO_2BorxAsbjbNAmgJiL/uMphy8DyI_/2BUJaGUCstrBoV
http://api10.laptok.at/api1/yuZJfK0Ie/v_2FIITzhv9QYCD3fucs/qLa_2FhUQsy1fMaQBX2/HXVJHH_2FNWbrvKBLGJBW
http://api10.laptok.at/api1/ml2ttRqfnVN5/y2FeSqLZj3K/5NZ9uKq53Tu4_2/F3O71PR_2BMPsoct1YE6T/9evvFzxKxluN0Onz/vw_2BVWTg7PHeD_/2FvRLSU7jYpBfbyMPh/HcnOY_2FM/xirEaW2sUO1IxjtXNv1h/WcPLA5If_2BsYvfLX_2/FDY_2BJyb_2B6JQm0DPwEP/cWwuO_2BJkqzo/1aROWNxI/KpeNwWFu1vn4QosxlpkspF1/3bab_2BZGU/htn4lwIKyXEGN0_2F/fBI7HRXC16NP/oTvXqtzXByM/3lGqn_0A_0DDF0/ppjLwZ4JzfU4y6Z8jtFpC/hjZe1oL_2B9p_2Br/K_2FQ1emnL5FWIU/ReETcTXL3U9WoTQ/bK0B
http://api10.laptok.at/api1/OdpCYmmly/lBoWSnGPsA5Nxb_2FmMm/MiC8U05Z0FfgZ6xtJEQ/eJkc6bf_2Fn8bYr_2Fxn3Z/4qdEVZjt8IqdI/XewBvNOD/lfTMj_2BHsxkBunVRBVrvEp/MyO70kEQn3/JRXt9H_2BkBSAp0F1/dbwogfDqzt4V/9zFPAi3xblv/iqVCjsvNuaJOMh/G9OabxleGQ61l4L_2Bemk/pXlkTVhs_2FMR5Zs/7FqSVvJLFOoIOVs/wUi3blIYsrSZKj2t1Q/pl1C_2BD8/5kOfdOnFP3x_0A_0DIZh/nXmAVBwSXzVqqz292pG/wyB9FgrrSu34LrY5_2FHW3/PpIZiDltEV_2F/sqffQZ7T2hte/Cum
http://api10.laptok.at/api1/0xZlfmW6cV9Vk/fFwZ7Kz9/wHutdaz7feZ6a2O45wvtH8o/spqIYIF8qV/QbRR0Z7x14QsFqKx7/oLTPzxJJdDtY/_2BGXdVKQb1/wjlMLDn77Bmedx/VZhPgfAnxBSOnDg07VSa2/FfUmCs6vziRfOnK7/Ks5N924_2FRmEZu/2ql2xapKoX2EpbZw_2/B07evxreM/4IJW8LwKRd1Z79Yvky0e/6kNhDSX93DCbvaKEapm/0_2BWcGyg8AYvnliTZSleY/DKUaWREUEN_2B/K_0A_0DH/oijORM0UO_2B2KJOwPO4lsc/gJWphmKOTK/QL2ngugBbNrDBi8pA/nVQ9mrHR/DI0R8BsyOE/_2B
http://api10.laptok.at/api1/JnAek_2B1kN/NHwC_2FsnbPhDs/BYpFY11CO8DA0rcW_2FSU/usKLEAU6NfZeLIQr/PAwnDOPuqJI3whZ/3V3uldaEpPKPV9FwfG/MeNVRFTDp/w5LwQ7N44G8Id194baWR/v3c_2Bu3eC_2BF3nu_2/BDFcUhNGhFbIofikKjN48b/vW31oursH6DYJ/qEzljcq_/2BzJl3FYqhEdjUtD9pG2ri8/5c7woQLVRf/fiKt_2ByMTC4PAWAA/_2FE3V5ijUDm/FPZOFxEYzOe/jx5wFySOek8_0A/_0D5I3IIRoA9joYgSJNfy/ASgTyxRbg1TpKDs6/s6dnN8J_/2FYwsas
http://api10.laptok.at/api1/RC1zB15OsARXE/ls8klnva/52RGO_2BorxAsbjbNAmgJiL/uMphy8DyI_/2BUJaGUCstrBoVheZ/BZ6vV2HV7_2F/lySifzpCqOy/G65726xIMt_2BI/CYBi_2FQZ1mlgt4MxIf4s/qOxG9Qryt0yKa5AM/RiL2BWweZdudbeC/C6FbRvHJo6f4BRdFJo/4JvzDUXxM/VCu_2FX15SQxcOsJt8pE/bx1bG3U3Jg55EmxR9Fo/cDpHSgawLtgWG6OVBlkFu6/guuD0S3xkXkys/6V4_0A_0/DcfcVoYKaVTl2pO6KxRw_2B/_2ByPHuqa9/w2jF_2FPIc590DAiy/Q8VyNrDHhtlb/depwCf1VfIyk/c
http://api10.laptok.at/api1/8HFZCaYIQSfOQMAc/li4CcrRPnEMxs_2/BBUQJJnuEgvFS_2BBr/K7hVeiMRF/0q29YQOtpap5ol5rdLdV/D3sxyEJFPY5vepGB1rm/Ufm144sUva8iKZPuSztHFa/lSqhFKL4mAJK1/fOamWF_2/BqBNF1qSUSMQMyBDXq6ngHy/8tbTzD13Qg/9w1uJPK69yjSdN1Ad/iVyBsmE74BxJ/_2Fda_2F06Z/GYjzTpz2OOuLcL/ungOdorTuM0d_2BkhcJvt/ua8rg5xKzErF7TL5/_0A_0D4K2EGp7KB/Mjo_2Feuz9edAv2J_2/B_2BcB8pu/rDajGd7_2FA6FjiDXMOs/GgfMWNJ3hijiVmC/m7P5P
http://api10.laptok.at/api1/Syz3IE7AIN7liwTn9o3Z5j/ECr4xMOf0OttY/hl5eHgOb/QXedvNmFxrl9GHO0vCfwJ5I/9imGPsUVUl/XHevHIoy3ifRr0T6W/qJ_2FrteFqCI/6KwoO0m5PvT/5VcK4ohdt8meIl/lo7a9W3yDkvGq0gIdwYFp/oYT9oUYKfY1rZYiW/bZZbJZJJ5_2FXlR/k6yVMwD_2FYgiuT_2F/qbKsc91K4/KUMN8H6FKrTTuYbxbhQC/nGxF6zRR7fQQncDrLGB/ocToK6ZAyJDT_0A_0DIh3R/Y2JR_2FME8QPW/wA_2Bqbs/A5IYH_2Fo7Bu9fS3b6LW_2F/8ocm2Wk
http://api10.laptok.at/api1/6R8OEWxSMbcot3IBWD/54YUZkggJ/e9LB27gyaa_2BukKd6B0/iG2EV2IwL_2B_2BP1up/BRrc2mKi3d_2BjCfbmyaDV/HKtefYv4vC91t/1B38iXhy/8YDEikWA_2BBh36WON_2FCT/JbudynJCwh/OZeoCQjhSbr_2B3P7/H_2FxOL3Pk6u/R8YDmzxLUe_/2BR1ed2zkp9w91/vwehzYeD9CE_2F_2FZCuo/rXRP5mXV3YuAI8Np/wLtgRChYPOby6Jz/JvAwhFwClYIqlnt7Lh/AzqNHeqK_/0A_0Dz1C6P2D3NCAQS96/soGwrIFAYGKtIa4PUxl/gOcmaE6q44CaQAcYJlOztW/voFIrFlbC/xQd
http://api10.laptok.at/api1/2_2FipkhkAv63cFsoR8Y/97uT0q3RL040aZKGP8H/J63beTphHVvsG6qkGHf1sK/wfY_2FdYR4tB7/JieUI8pa/evqts7KLcA9nCCpxGIbRELE/oRd7XAh_2F/it13OZebsWTJ6jgI3/0RY_2Bh82fxx/ZJQN0PODx2F/a9M3VmNaWOS5fz/ujPCsgrE_2BevDBZSONFT/1JH_2BzQo_2FL5nh/qx3jE5wIga21ZtE/sueZmTvT523Em_2Bac/AoM6N2_2B/76YM_2F09IU0kLyXoJ_2/Fy8JMW_0A_0DULMq_2B/Ag1ogKaCdZmbJOwWqL6U6Q/CU7we1_2F4iP_/2Fww2PAN/l8WiX4z3bBY8AuukwKfIbIg/v
http://api10.laptok.at/api1/i07M0NkA_2B_2BcWf/P_2FRuTtHubJ/TXIMW44DaAM/MSH3Ef1IfmtHT7/VFpQkK99bBWxxI8L3ewC_/2FZr34iK6fxXjrLR/IuZBdFmi_2BaWsW/VTRbCI94_2FG4fj2_2/BBlMo6_2B/lUw7vpCRVCXHY82YyUIg/L2mrFPuHoHCNzPJpi2O/Or3L3_2ByrSs3V2aXcQ1Mr/fy_2BXUn2IBpG/lR9PX8eM/bJVuHgQ1Tgc3USVOsNPxcBV/kPhJBDOgb_/2BowznRI492th2f_2/BagNf8JFJtH_/0A_0DpbnOa2/IP8lnAAuHoCtBH/AHrgPzTNgLcQfz2_2BfOg/OvnlEm1p9MnoSNgy/ZdLVccjONxv/g1
http://api10.laptok.at/api1/Gog9o0etDJKBWZgBgM8H7/xQjdolwb1rK4lDDT/eAYB1ZF_2FiQd_2/FaIMprckXozdTCVf3Q/jTdJCam2x/brVhIVzPm36_2BwxIDZc/M15DwWNqdHj_2FDhLla/QiR6_2F_2FmTgEsJiRh3Vy/AJ8rTGLmdE85_/2Bu74312/0NQTC831Sh_2FWFeJNlvIde/urCHHVbvoE/cFxbraI_2BHetDYHK/nMsrXUpM1UKv/z6sgriePsp0/fbGJjPyKwgomyq/ivb_2BiCKRSo5IwZj1nT1/ZSD_0A_0Db3s0TSi/Qg_2FMRJZ9U6Hd3/Bd_2F8MPsJuhEXUZDN/Jtiqx_2F0/mjhBOzlaZF4n_2FZHl7s/_2Bffk2j/c
http://api10.laptok.at/api1/pENSOa1zr8L5yvom3f6K/mzOTVc1oQE4R6QHhxIt/ewIWEPa2gC4xDXDJ_2F_2B/j1_2Fo_2B44Uk/PxQo_2F1/QS2Hjf_2FU646KmMhshqjDd/QTP1gruhiR/1whvUcEwIzJgAJ4Ph/1HSUFLSRx8Kf/Acc1b_2BwD2/BNOHdicgSuwyZI/1mXLjVOvMhEOGRQn1UNqO/IWuIDBEEVBzhyfWC/bzanWGCpoM1UrSJ/rj3mhc4SdyzJcqzTxX/8_2Fsq4XY/Wwjly3pgtWmIgzXZlnVv/_0A_0DcZt9QsLC7RlC1/DX_2Bs49r_2B2HTjwXoktc/_2B4QPfmYBJBI/Mi3PaLCU/UgTfi_2FU8X/Vbjyhd1V/Y
http://api10.laptok.at/api1/d3f1UsX1l2fjz/K3BjC5wj/j4m87_2BYHDmTEI2A2dg0GG/ph3xeLgzqN/7_2FCvNokZ7WbRXZ3/vKhAzWyfCQLt/0OqK_2BRnH0/QTQlL0WEmj5bA6/Et9W0os6OoR_2FMNacRkb/KbKToEBc4WUWolqs/E44e4_2F7XmstQ2/lMA_2FEw0RF41B0Nv0/kYoi0owMr/1b6N4XWv9wd5MojDSOQG/pzDpJ106KpTgQWJEXFQ/0jdOVbIo4Li5Cnqn0sMVTT/wxyLLDrSrEcli/WeK_0A_0/DNMyRaVGATDwNryVcPqfyyF/JUoZGJYfR5/mhm007bj0R6dJ2pWe/OW2DS8IonnIh_2BOO/Y6i1
http://api10.laptok.at/api1/yuZJfK0Ie/v_2FIITzhv9QYCD3fucs/qLa_2FhUQsy1fMaQBX2/HXVJHH_2FNWbrvKBLGJBWO/EMk4EmX0wL_2B/5xfiR_2B/VgM1Jwkhrgv7i3d9G6xDTx6/66HVPF3rGF/XJRkjPCWwE1kwW03O/JkcIl_2BaRWJ/z1wvnTd_2Fz/tBgxgS3hIiHoHY/KVnBXQUevYvapFFJHBhxZ/Xlcs9HA2A9i2bCtM/SIcK7BjOxjDT6VL/OcNkfa9fKsJqGceMor/xCtcEgZXD/jJ9PzNn3U_0A_0D2TtRB/sF0xUdPe2sbQNSNV08S/KH1_2FUYb4UeYhhyVNCTrr/YCKd13PEC5V0T/2cGDyw_2FO/H2i
http://www.twitter.com/
http://www.youtube.com/
http://www.wikipedia.com/
http://www.amazon.com/
http://www.live.com/
http://www.reddit.com/
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\bundle.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\fuss.egg	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
Click to see the 63 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\http_404[2]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\errorPageStrings[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Temp\Gatlinburg.png	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\ErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X2GCHJOK\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Temp\Jura.cpio	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\morphophonemic.exe	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\shrinkage.el	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\~DF077DF68F17F4A3C0.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF146CBBFA6170A901.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF49FBB940CF9CA8D8.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4ECEBFF0BF1A002D.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF5A7D5F912D11D159.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF879113CE0DAD1F13.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFA67ADCDE3C8398A9.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFC2444391E2087D35.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4AD0B2C2-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3C90EB31-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{2E55E87C-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{13FA4A41-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4AD0B2C0-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3C90EB2F-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2E55E87A-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{13FA4A3F-F956-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\86B850Z5\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KD8PQN1H\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OHV7M0FR\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

154.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

154.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

154.vbs