35.0.0 Citrine
IR
651254
CloudBasic
17:50:05
23/06/2022
VBY5zBdZox
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
acc0fb4cb35df2d49fc609f2e299ed5e
fff261da7332d1bef4253539c3217dcedce99a17
907b6500dba0a048d51a3381fafed7e8b6eb256381f53c6471ebb6d305fddfd4
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VBY5zBdZox.exe.log
true
E35A7613F21B0D1588DE4D14CF853427
18AE391E9AB0C970849150EE4D7111473EEE2BD3
2EB260A8675B41093A7696456E8386F5D212A131BB298D9CC1C58D05E3DA8D49
193.106.191.246
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
false
unknown
https://duckduckgo.com/chrome_newtab
false
unknown
http://service.r
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
false
unknown
https://duckduckgo.com/ac/?q=
false
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
false
unknown
http://tempuri.org/
false
unknown
http://tempuri.org/Entity/Id2Response
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
false
unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
false
unknown
https://support.google.com/chrome/?p=plugin_real
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
false
unknown
http://www.interoperabilitybridges.com/wmp-extension-for-chrome
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
false
unknown
https://support.google.com/chrome/?p=plugin_pdf
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://forms.real.com/real/realone/download.html?type=rpsp_us
false
unknown
http://support.a
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
false
unknown
https://api.ip.sb/ip
false
unknown
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
false
unknown
https://support.google.com/chrome/?p=plugin_quicktime
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/sc
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
false
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
false
unknown
http://tempuri.org/Entity/Id1Response
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
false
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
false
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing
false
unknown
https://support.google.com/chrome/?p=plugin_shockwave
false
unknown
http://forms.rea
false
unknown
http://www.interoperabilitybridges.com/wmp-extension-for-chromea
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/trust
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
false
unknown
https://support.google.com/chrome/?p=plugin_wmp
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
false
unknown
https://support.google.com/chrome/answer/6258784
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
false
unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
false
unknown
http://schemas.xmlsoap.org/soap/envelope/
false
unknown
https://support.google.com/chrome/?p=plugin_flash
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
false
unknown
https://support.google.com/chrome/?p=plugin_java
false
unknown
http://go.micros
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
false
unknown
http://schemas.xmlsoap.org/ws/2004/06/addressingex
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
false
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
false
unknown
https://support.google.com/chrome/?p=plugin_divx
false
unknown
http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
false
unknown
http://www.w3.o
false
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
false
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
false
unknown
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
false
unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
false
unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
false
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
false
unknown
Yara detected RedLine Stealer
Tries to steal Crypto Currency Wallets
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Detected unpacking (changes PE section rights)
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Snort IDS alert for network traffic