34.0.0 Boulder Opal
IR
623886
CloudBasic
21:59:32
10/05/2022
xcVh7ZmH4Y
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
d17d180329065df1bf54501a2c8e138b
255c70621a90d6070d2585ef47eaff05c143c54a
6a3b4d2025462d750011db9881bd74700cf7e2e7708398a18dfec422555ba438
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
80
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\Airplane_16.bmp
false
CA6DEA86854AFA7188D36EAC6C9E88C3
7A05B62C2E39DABA0F6548F159A4428F07E476CE
35F6BD6D5E34DFB89E9D55DB626A97F582B1A9DFED0DB6514BE9D2BB36674766
C:\Users\user\AppData\Local\Temp\AsOpenFile.exe
false
ED609F8F09DE8AAA4F8CFF0285E0420A
A7ADE9EB5BD4BAEFAB796C1D6EA92417F1396135
2488796ACE769813C729198CFD9E3C9D0A512168301D387BE569F2557C683821
C:\Users\user\AppData\Local\Temp\Borders.dat
false
3DC4351E49C286A5D2AAA510B0917777
8B24CE404813D701AA53D92AFD892EFA1860FC02
4BD89C5A04D57746BD92264A03274791F95256FE3295A6F42820399F620730AE
C:\Users\user\AppData\Local\Temp\Green_Leaves_21.bmp
false
2F12A714A50993C090C94EC2672490E1
4F9A319C412F1B1B251C027B1C2448BBDBB9CA6F
E759639DCCA8E96864BC82EDBACFD5BB14FE37412A6F3FCE7C82BF1BB944B6E4
C:\Users\user\AppData\Local\Temp\duperinger.ini
false
F34AA87B2A4A9593506E17AE5AD7657F
37DA57F785BC83EFDC442863B8E11F12B850A17F
6DF91395E1AE5EE71A11675B089F0AC4EF6330C9217022B6FEEF07E68FE65128
C:\Users\user\AppData\Local\Temp\nss732B.tmp\System.dll
false
CFF85C549D536F651D4FB8387F1976F2
D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
C:\Users\user\AppData\Local\Temp\printer-symbolic.symbolic.png
false
38D787F55E22FB591135F9250CD259D4
0E135B0E1CA49A6E43DB4CB7596FAEA022E23924
1ED839B015A67CAB9948469975411D982A96314CE82851EA2F9F6BB8D733A002
http://nsis.sf.net/NSIS_ErrorError
false
unknown
http://crl.F
false
unknown
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
C2 URLs / IPs found in malware configuration
Yara detected GuLoader