bf.exe
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
| IP | Country | Detection |
|---|---|---|
| 45.8.158.104 | Russian Federation |  |
| Name | IP | Detection |
|---|---|---|
| trackingg-protectioon.cdn1.mozilla.net | 0.0.0.0 |  |
| Name | Detection |
|---|---|
| http://45.8.158.104/uploaded/yF6a_2FDQsakg/vhzDEpLd/QLXYBzG7kj94jslDUwFt6Q7/guaMASEjD_/2Fwjtn_2FbMKN4_2B/neZHbyl_2FTz/WRcCnPf48th/_2BnEyE4hHu4xb/OQTgNzDOBvYXhZuNKPCjo/Se4kG5Jd15I6_2BO/PIOOLab_2FaIRS_/2BJxZMNIg5OcVaNI8G/mQ26WRsBL/qXoJnMt5W6zv90WyMR1b/Ptzm2woaF0N0gfu_2Fw/LXYoIalnFw_2BDv_2BDw6X/sbGwXMB_2Fbi6/_2BA0mWm/E7uvZfJQauIX0oefIQsSQRv/Edcduhqp0k/CVtU.pct | |
| http://45.8.158.104/uploaded/MpZpEfGoUvu/8hUMFuBMM1NnXA/6MZyif_2BG2HgaMoqVeei/YUDzzwQcxrHdHNoS/EXZmGyBGvTrov_2/Bh6hEUV9tS11RoXAor/dNd5MwAK3/XCS5R5_2BKzlachPA71X/MbdidhiKMdjJAptDG_2/BNaZm8dRfEW1zyXDW0PSBM/dBySGVlelOOwd/9hE4I1n7/jHYTRUOb30YRjhbqgoqT1Sz/1siPfJ_2Bk/jbwyxHgiR7TKhcYfm/asMZ6QS0oVF6/3ktdFVcNy5v/GtXFAG10Xu11CO/A_2BTM8kgrY0K/a9Ia.pct | |
| http://www.autoitscript.com/autoit3/J | |
| Click to see the 6 hidden entries | |
| http://https://file://USER.ID%lu.exe/upd | |
| http://constitution.org/usdeclar.txt | |
| http://trackingg-protectioon.cdn1.mozilla.net/uploaded/OpQxWz98QKMWv_2/FDwCe9CiLqhz94zXhO/jzUmpRbDp/ | |
| http://45.8.158.104/uploaded/MpZpEfGoUvu/8hUMFuBMM1NnXA/6MZyif_2BG2HgaMoqVeei/YUDzzwQcxrHdHNoS/EXZmG | |
| http://constitution.org/usdeclar.txtC: | |
| http://crl.microsofU | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Temp\4rgoqrxw.cmdline |
Unicode text, UTF-8 (with BOM) text, with very long lines (350), with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
| Click to see the 13 hidden entries | |||
C:\Users\user\AppData\Local\Temp\4rgoqrxw.0.cs |
C++ source, Unicode text, UTF-8 (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\4rgoqrxw.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\4rgoqrxw.out |
Unicode text, UTF-8 (with BOM) text, with very long lines (429), with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\CSC1B282484FFBD4A98A4CBD8847ACCD8A8.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\CSCC346B8403E7B4A1592C575AE3967513E.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\RESE2A5.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols, created Thu Oct 13 16:31:10 2022, 1st section name ".debug$S" | # | |
C:\Users\user\AppData\Local\Temp\RESEB8E.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols, created Thu Oct 13 16:31:12 2022, 1st section name ".debug$S" | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1sgyoy32.ak1.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ekbzmn3f.skw.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\n2sgiaoa.0.cs |
C++ source, Unicode text, UTF-8 (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\n2sgiaoa.cmdline |
Unicode text, UTF-8 (with BOM) text, with very long lines (350), with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\n2sgiaoa.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\n2sgiaoa.out |
Unicode text, UTF-8 (with BOM) text, with very long lines (429), with CRLF, CR line terminators | # | |
