36.0.0 Rainbow Opal
IR
715145
CloudBasic
17:12:31
03/10/2022
file.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
2d9b13584ab871c81ff24c473468cffa
fc29f8a56d9b3ec01bfe432f83e88585df3aa32d
dd1f7353d20b255088e50490aaa88d53d56156842f2d235792f69be05fc3d56f
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
80
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
false
1C80F1303DD3DDBE3C096705FF52040A
3741403D56389B4EC7CF855E6C76C6DC2C95FF64
42D4B9FA1F3F8EB161A0C58AADA51D2A417CC8B5CCDA334905C62ACC84493F88
C:\Users\user\AppData\Local\Temp\7zS3361.tmp\Install.exe
true
3ADC95B09B9644E908114624326E8D0B
F633820375385B744E331CDC2B9AE5953BA454F7
CEEB6E796693A8A14FB25E74DC9CD413FDBC7CFE9A973AAE194782BBA7E5B508
C:\Users\user\AppData\Local\Temp\7zS3361.tmp\__data__\config.txt
false
9BA70879AF74936EC008D5FA0D5B20E5
494FD5E4A50513181ECF6F7D3ED0D88D0B5953FB
57939DC0842C6BAA5EC304E0B63B4D7D4F7749D700EE10C3F95E7F8AF6DF531C
C:\Users\user\AppData\Local\Temp\7zS3B8F.tmp\Install.exe
true
6F52A47480DAE7C97A64DD5AEBB8E426
204FE492E1CDEACEA89A4F3B2CF41626053BC992
A506223F4CA78C5C90CA3E02D00A1FEF0E74B7050712C2A5E7EBAA160FA6C879
C:\Users\user\AppData\Local\Temp\LhLAIbjVjtdXSeCjh\NRKtMpzzQqeBbPa\fdKxpPd.exe
true
6F52A47480DAE7C97A64DD5AEBB8E426
204FE492E1CDEACEA89A4F3B2CF41626053BC992
A506223F4CA78C5C90CA3E02D00A1FEF0E74B7050712C2A5E7EBAA160FA6C879
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngtmqmma.n4d.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oq22ozvi.ndj.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
false
5786E98AE7308DA07A287F0A3605337D
575521622C1024BDC53DE7B3DC83BF082B7EC13F
81AE0CF674B30B60C80F8DB8FE0ADD03BB2792CD722E542D3404FFCDE2991D8E
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
false
E6D924A26BF12D51F8AEDEDC3938D4EE
057443FD854C78E22C3F9E23B32F7DA14EFB6A44
CD64AC206B8916350C499DA34C4BA263752F543FF40F310D96004A4325EA53AA
C:\Windows\System32\GroupPolicy\gpt.ini
true
A62CE44A33F1C05FC2D340EA0CA118A4
1F03EB4716015528F3DE7F7674532C1345B2717D
9F2CD4ACF23D565BC8498C989FCCCCF59FD207EF8925111DC63E78649735404A
C:\Windows\Tasks\bGZpGlqvDNKjraWjlZ.job
false
0B328445984ABED0634AE8C7E45D53C8
F25A3356B5A843F249E523670A1FFC323A642348
E1C7AC2DB6BD22AFD34A512B49D925757CE29B34B35AD9615C4C122D83978169
C:\Windows\Temp\__PSScriptPolicyTest_aedgb5uc.4sx.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Windows\Temp\__PSScriptPolicyTest_k13f2ewv.k03.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Windows\Temp\fwhiGQHhSfnZUzkc\sjPeeWCTnrqbGVf\avEZCOa.exe
true
6F52A47480DAE7C97A64DD5AEBB8E426
204FE492E1CDEACEA89A4F3B2CF41626053BC992
A506223F4CA78C5C90CA3E02D00A1FEF0E74B7050712C2A5E7EBAA160FA6C879
\Device\ConDrv
false
EF6D648C3DA0518B784D661B0C0B1D3D
C5C5F6E4AD6C3FD8BE4313E1A7C2AF2CAA3184AD
18C16D43EB823C1BC78797991D6BA2898ACA8EB2DE5FD6946BE880F7C6FBBEF5
http://nuget.org/NuGet.exe
false
unknown
http://crl.m
false
unknown
http://pesterbdd.com/images/Pester.png
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
false
unknown
https://github.com/Pester/Pester
false
unknown
https://contoso.com/
false
unknown
https://nuget.org/nuget.exe
false
unknown
https://contoso.com/License
false
unknown
https://contoso.com/Icon
false
unknown
Uses cmd line tools excessively to alter registry or file data
Encrypted powershell cmdline option found
Very long command line found
Suspicious powershell command line found
Sigma detected: Schedule system process
Modifies Group Policy settings
Multi AV Scanner detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules