Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 96
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 96
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Without Instrumentation
|
IP | Country | Detection |
---|---|---|
110.4.41.164 | Malaysia | |
217.76.130.50 | Spain | |
103.227.176.7 | Singapore | |
Click to see the 2 hidden entries | ||
149.255.62.9 | United Kingdom | |
104.247.72.198 | United States |
Name | IP | Detection |
---|---|---|
yumiwong.com | 110.4.41.164 | |
www.ymdc786.com | 0.0.0.0 | |
yusufpaintings.com | 104.247.72.198 | |
Click to see the 3 hidden entries | ||
iberfoods.com | 217.76.130.50 | |
ymdc786.com | 103.227.176.7 | |
iclebyte.com | 149.255.62.9 |
Name | Detection |
---|---|
http://yumiwong.com/img/Hct998/ | |
http://iclebyte.com/uPD6c443/ | |
http://www.ymdc786.com/connectors/0u9462/ | |
Click to see the 2 hidden entries | |
http://iberfoods.com/site/UHaa7627/ | |
https://yusufpaintings.com/cgi-bin/symNCd/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\Documents\20200802\PowerShell_transcript.506013.pp_ikGJO.20200802001346.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{450AF068-8F3A-408C-ACA6-3CAB6D1738D1}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
Click to see the 8 hidden entries | |||
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ikxc5lfy.rjp.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qz1cfv1c.ahq.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.Siggen2.12103.10447.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Aug 2 06:13:36 2020, mtime=Sun Aug 2 06:13:42 2020, atime=Sun Aug 2 06:13:39 2020, length=176128, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC |
Little-endian UTF-16 Unicode text, with CR line terminators | # | |
C:\Users\user\Desktop\~$curiteInfo.com.Exploit.Siggen2.12103.10447.doc |
data | # |