Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
176.223.209.5 | United Kingdom |
Name | IP | Detection |
---|---|---|
fiscalitate.eu | 176.223.209.5 | |
mail.fiscalitate.eu | 0.0.0.0 |
Name | Detection |
---|---|
http://OysMCylj1pBryKTY7.org | |
http://OysMCylj1pBryKTY7.orgtO | |
http://cps.letsencrypt.org0 | |
Click to see the 4 hidden entries | |
http://cert.int-x3.letsencrypt.org/0 | |
http://ocsp.int-x3.letsencrypt.org0/ | |
http://cps.root-x1.letsencrypt.org0 | |
http://OysMCylj1pBryKTY7.org413111d3B88A00104B2A6676 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\ActionQueue\wksprt.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\UoOfbM\UoOfbM.exe |
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActionQueue.url |
MS Windows 95 Internet shortcut text (URL=<file:///C:/Users/user/ActionQueue/ActionQueue.vbs>), ASCII text, with CR line terminators | # | |
Click to see the 6 hidden entries | |||
C:\Users\user\ActionQueue\ActionQueue.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\UoOfbM.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\spj1l5v0.x1b.zip |
Zip archive data, at least v2.0 to extract | # | |
C:\Users\user\AppData\Roaming\spj1l5v0.x1b\Chrome\Default\Cookies |
SQLite 3.x database, last written using SQLite version 3024000 | # | |
C:\Users\user\AppData\Roaming\spj1l5v0.x1b\Firefox\Profiles\6c4zjj0s.default\cookies.sqlite |
SQLite 3.x database, user version 9, last written using SQLite version 3023001 | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # |