#RFQ ORDER7678432213211.exe
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
| IP | Country | Detection |
|---|---|---|
| 194.5.98.120 | Netherlands |  |
| Name | Detection |
|---|---|
| joseedward5001.ddns.net | |
| 194.5.98.120 | |
| http://www.jiyu-kobo.co.jp/n-u |  |
| Click to see the 36 hidden entries | |
| http://www.fontbureau.comasva | |
| http://www.jiyu-kobo.co.jp/X7e | |
| http://www.fontbureau.comaV. | |
| http://www.fontbureau.comgrita | |
| http://www.fontbureau.com/designers/frere-jones.html | |
| http://www.jiyu-kobo.co.jp/s | |
| http://www.jiyu-kobo.co.jp/Y0-f | |
| http://www.jiyu-kobo.co.jp/ | |
| http://www.fontbureau.coma | |
| http://www.fonts.comp | |
| http://www.jiyu-kobo.co.jp/Y. | |
| http://www.fonts.com | |
| http://www.jiyu-kobo.co.jp/2. | |
| http://www.jiyu-kobo.co.jp/O. | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| http://www.jiyu-kobo.co.jp/c.U | |
| http://www.jiyu-kobo.co.jp/rV. | |
| http://www.sakkal.com | |
| http://www.apache.org/licenses/LICENSE-2.0.html | |
| http://www.galapagosdesign.com/ | |
| http://www.fontbureau.comF | |
| http://www.galapagosdesign.com/staff/dennis.htmI; | |
| http://www.agfamonotype. | |
| http://www.fonts.comd | |
| http://pesterbdd.com/images/Pester.png | |
| http://www.jiyu-kobo.co.jp//tr | |
| http://www.jiyu-kobo.co.jp/jp/j. | |
| https://github.com/Pester/Pester | |
| http://www.galapagosdesign.com/W | |
| https://go.micro | |
| http://www.tiro.com | |
| http://www.jiyu-kobo.co.jp/X. | |
| http://www.jiyu-kobo.co.jp/u. | |
| http://www.jiyu-kobo.co.jp/jp/O. | |
| http://www.jiyu-kobo.co.jp/jp/ | |
| http://www.fontbureau.com | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat |
Non-ISO extended-ASCII text, with no line terminators | # | |
| Click to see the 14 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#RFQ ORDER7678432213211.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\tmpFD92.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uwb0ckt4.xfw.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20210720\PowerShell_transcript.226546.xFvC9uuU.20210720081339.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210720\PowerShell_transcript.226546.u9dWU6FT.20210720081341.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210720\PowerShell_transcript.226546.QECk8fRN.20210720081336.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjdu1muo.pll.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbvx1mrl.nve.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jkmlqmz3.kot.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5bowk3z4.alr.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3lbm0dym.0pl.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
