PO-ORDER-PURCHASE.exe
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
| IP | Country | Detection |
|---|---|---|
| 54.235.182.194 | United States |  |
| 54.225.66.103 | United States | |
| Name | IP | Detection |
|---|---|---|
| elb097307-934924932.us-east-1.elb.amazonaws.com | 54.225.66.103 | |
| api.ipify.org | 0.0.0.0 | |
| Name | Detection |
|---|---|
| http://api.ipify.org/ | |
| http://api.ipify.org/P | |
| http://api.ipify.org/p | |
| Click to see the 8 hidden entries | |
| https://www.youtube.com/watch?v=Qxk6cu21JSg | |
| http://api.ipify.org/Pz | |
| http://api.ipify.orgD | |
| http://elb097307-934924932.us-east-1.elb.amazonaws.com | |
| http://api.ipify8 | |
| http://api.ipify8:/ | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| http://api.ipify.org | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\videodiswire\vidoediswire.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # |  |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\videodiswire\vidoediswire.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
| Click to see the 3 hidden entries | |||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f1avu0qo.rtm.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yrj3iywu.0t3.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20201018\PowerShell_transcript.141700.+s+lYK3s.20201018084139.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
