Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 84
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 100
|
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering
|
IP | Country | Detection |
---|---|---|
142.250.181.225 | United States | |
188.127.230.176 | Russian Federation | |
142.250.179.174 | United States |
Name | IP | Detection |
---|---|---|
drive.google.com | 142.250.179.174 | |
tuk.linkpc.net | 188.127.230.176 | |
googlehosted.l.googleusercontent.com | 142.250.181.225 | |
Click to see the 1 hidden entries | ||
doc-14-70-docs.googleusercontent.com | 0.0.0.0 |
Name | Detection |
---|---|
https://doc-14-70-docs.googleusercontent.com/ | |
https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie | |
http://nsis.sf.net/NSIS_ErrorError | |
Click to see the 6 hidden entries | |
http://google.com | |
https://doc-14-70-docs.googleusercontent.com/%%doc-14-70-docs.googleusercontent.com | |
https://drive.google.com/ | |
https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527/*/1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd | |
https://drive.google.com/x~ | |
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat |
Non-ISO extended-ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\caspol.exe.log |
ASCII text, with CRLF line terminators | # | |
Click to see the 12 hidden entries | |||
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\subfolder1\windows.exe |
data | # | |
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\catalog.dat |
data | # | |
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\settings.bin |
data | # | |
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\storage.dat |
data | # | |
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\task.dat |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\Integrationsprvens.Adg72 |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\format-text-bold-symbolic.svg |
SVG Scalable Vector Graphics image | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\location-services-disabled-symbolic.symbolic.png |
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\uforfrdetheden.Rid |
data | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # |