36.0.0 Rainbow Opal
IR
753419
CloudBasic
19:47:10
24/11/2022
file.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
3b97fd1136b9ed348734e5ea77aaa75a
fa3e9db1c2f462cf41d43487f0f73be6615876ba
dbcb891f6ed1d7aca11dd0263d68b3ce082d2e7eca152a098981307da9a6cc24
Win32 Executable (generic) a (10002005/4) 98.88%
true
false
false
false
88
0
100
5
0
5
false
C:\Program Files (x86)\PrintFolders\Guide.chm (copy)
false
204A5BF160646F9A55ED70AB6E1A07A6
5404AB219FA01C270ADC36303D447109503C4A4D
CACDD2C8BFA4BAE33A16A10ED609F4841AC5C4C2FE481ED0FD8CB04BC8016BBD
C:\Program Files (x86)\PrintFolders\History.txt (copy)
false
C8B211D81EB7D4F9EBB071A117444D51
43BF57BB0931EBED953FE17F937C1C7FF58A027C
AFD6FEA6A792B722E45A6587F70334F30051798017F4A278508C7ED3FEEA80CC
C:\Program Files (x86)\PrintFolders\License.txt (copy)
false
A5E8094B0CBADE929AEE07F5DA5E9429
60BB56A380CD9126AC067AE39B262E28A22532CD
F3AC2009C96EB3A42AFAEC7FA67D3A14E5E9E30819B543D572C9BEA790CFCAD1
C:\Program Files (x86)\PrintFolders\PrintFolders.exe
true
988A479E180E7899959663226C9AAC1B
17D641877924F5C55E3E4D310CA7DFE45C175F7D
5B026DFAEA2B8A837CDBC90FD42E5951E6AB4B75A7E1937EFCE2265611E11276
C:\Program Files (x86)\PrintFolders\Russian.dll (copy)
true
4FB606EDBDE8EFB6D34E6E1BC5F677F1
F8F094064D107384E619DED1139932AA38476272
A960C9DCD1D5C7B79F4FDD38D6F25299F4F7925555E381EA4AB6217681482F62
C:\Program Files (x86)\PrintFolders\is-36EDD.tmp
false
204A5BF160646F9A55ED70AB6E1A07A6
5404AB219FA01C270ADC36303D447109503C4A4D
CACDD2C8BFA4BAE33A16A10ED609F4841AC5C4C2FE481ED0FD8CB04BC8016BBD
C:\Program Files (x86)\PrintFolders\is-9NS73.tmp
false
24DBF089638D212A0988EE71792025E8
6E62F67E5476060B2171526A8458A80525F21F94
B4264A3B330A97C5BC9D419ABF9515966D3397017DF074A5BA08A7BF72A61687
C:\Program Files (x86)\PrintFolders\is-EPDSE.tmp
false
A5E8094B0CBADE929AEE07F5DA5E9429
60BB56A380CD9126AC067AE39B262E28A22532CD
F3AC2009C96EB3A42AFAEC7FA67D3A14E5E9E30819B543D572C9BEA790CFCAD1
C:\Program Files (x86)\PrintFolders\is-GLBR6.tmp
true
CF680B53729F6E3059183D51F91D337D
4D6EB765BB4837F09283101490375DF5F68C8E37
A3F8C832C69388A88E47DD8B612382F74D5131E8C710741EFB2410EC450BDF2D
C:\Program Files (x86)\PrintFolders\is-GVS6M.tmp
false
C8B211D81EB7D4F9EBB071A117444D51
43BF57BB0931EBED953FE17F937C1C7FF58A027C
AFD6FEA6A792B722E45A6587F70334F30051798017F4A278508C7ED3FEEA80CC
C:\Program Files (x86)\PrintFolders\is-NSDTB.tmp
true
4FB606EDBDE8EFB6D34E6E1BC5F677F1
F8F094064D107384E619DED1139932AA38476272
A960C9DCD1D5C7B79F4FDD38D6F25299F4F7925555E381EA4AB6217681482F62
C:\Program Files (x86)\PrintFolders\unins000.dat
false
5B3F2721E0A66E1839F68D766D4CA56A
3A0C94379344A2224A9E5FA5B23400D3BCB4D921
9F088E172E91E763423A1E153AD9C74E1739A70AB5DD0E04B0DBDA97D867C9A6
C:\Program Files (x86)\PrintFolders\unins000.exe (copy)
true
CF680B53729F6E3059183D51F91D337D
4D6EB765BB4837F09283101490375DF5F68C8E37
A3F8C832C69388A88E47DD8B612382F74D5131E8C710741EFB2410EC450BDF2D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\count[1].htm
false
CFCD208495D565EF66E7DFF9F98764DA
B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fuckingdllENCR[1].dll
false
418619EA97671304AF80EC60F5A50B62
F11DCD709BDE2FC86EBBCCD66E1CE68A8A3F9CB6
EB7ECE66C14849064F462DF4987D6D59073D812C44D81568429614581106E0F4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\library[1].htm
false
CFCD208495D565EF66E7DFF9F98764DA
B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ping[1].htm
false
064DB2A4C3D31A4DC6AA2538F3FE7377
8F877AE1873C88076D854425221E352CA4178DFA
0A3EC2C4FC062D561F0DC989C6699E06FFF850BBDA7923F14F26135EF42107C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\library[1].htm
false
CFCD208495D565EF66E7DFF9F98764DA
B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
C:\Users\user\AppData\Local\Temp\is-258FQ.tmp\_iscrypt.dll
true
A69559718AB506675E907FE49DEB71E9
BC8F404FFDB1960B50C12FF9413C893B56F2E36F
2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
C:\Users\user\AppData\Local\Temp\is-258FQ.tmp\_isetup\_setup64.tmp
true
9E5BA8A0DB2AE3A955BEE397534D535D
EF08EF5FAC94F42C276E64765759F8BC71BF88CB
08D2876741F4FD5EDFAE20054081CEF03E41C458AB1C5BBF095A288FA93627FA
C:\Users\user\AppData\Local\Temp\is-258FQ.tmp\_isetup\_shfoldr.dll
false
92DC6EF532FBB4A5C3201469A5B5EB63
3E89FF837147C16B4E41C30D6C796374E0B8E62C
9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
C:\Users\user\AppData\Local\Temp\is-OJDTA.tmp\is-8PA5U.tmp
true
85B94E72C3F2D2B5464E2AAF3C9E242A
CE7CCAE5F50A990D059D59292D4A332979E162BA
1441464FEEEF365573AF18802C464769B7D3107624FDE24604F57E386F97F1A7
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\1mWX2l.exe
true
3FB36CB0B7172E5298D2992D42984D06
439827777DF4A337CBB9FA4A4640D0D3FA1738B7
27AE813CEFF8AA56E9FA68C8E50BB1C6C4A01636015EAC4BD8BF444AFB7020D6
45.139.105.171
45.139.105.1
85.31.46.167
107.182.129.235
171.22.30.106
http://pfolders.atopoint.com.
false
unknown
http://www.innosetup.com/
false
unknown
http://www.atopoint.com
false
unknown
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
false
45.139.105.171
http://pfolders.atopoint.comZ
false
unknown
http://107.182.129.235/storage/extension.php
true
107.182.129.235
http://www.remobjects.com/?ps
false
unknown
http://pfolders.atopoint.com
false
unknown
http://www.innosetup.com
false
unknown
http://107.182.129.235/storage/ping.php
true
107.182.129.235
http://www.atopoint.com.
false
unknown
http://www.innosetup.comDVarFileInfo$
false
unknown
http://171.22.30.106/library.php
true
171.22.30.106
http://www.atopoint.comJ
false
unknown
http://www.remobjects.com/?psU
false
unknown
Detected unpacking (overwrites its own PE header)
Yara detected Nymaim
Machine Learning detection for dropped file
Detected unpacking (changes PE section rights)
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file