Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
151.80.8.11 | Italy | |
104.18.49.20 | United States |
Name | IP | Detection |
---|---|---|
alice2019.myftp.biz | 151.80.8.11 | |
paste.ee | 104.18.49.20 |
Name | Detection |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://paste.ee/r/9oMSH |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeObcreZp.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeObcreZp.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat |
Non-ISO extended-ASCII text, with no line terminators | # | |
Click to see the 20 hidden entries | |||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4iyobpy.ya3.psm1 |
ASCII text, with no line terminators | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200421\PowerShell_transcript.088753.wOLLzNsL.20200421012339.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20200421\PowerShell_transcript.088753.lYZjOG0e.20200421012329.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20200421\PowerShell_transcript.088753.bSc2hfpi.20200421012338.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20200421\PowerShell_transcript.088753._WPVLBC6.20200421012328.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\storage.dat |
data | # | |
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\catalog.dat |
data | # | |
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\WPA Service\wpasv.exe |
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ucsuky33.qoz.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyrv4obg.q3m.psm1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jodanar2.lya.psm1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_deajpnct.kty.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_anjtk3tt.dea.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3mopzjgk.ixp.psm1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11x04zm5.0cb.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wpasv.exe.log |
ASCII text, with CRLF line terminators | # |