Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
185.228.233.17 | Russian Federation | |
162.241.216.53 | United States |
Name | IP | Detection |
---|---|---|
gtr.antoinfer.com | 185.228.233.17 | |
app.flashgameo.at | 185.228.233.17 | |
data.green-iraq.com | 162.241.216.53 | |
Click to see the 1 hidden entries | ||
resolver1.opendns.com | 208.67.222.222 |
Name | Detection |
---|---|
http://gtr.antoinfer.com/ | |
http://app.flashgameo.at/3RCQ0msRVVnLSJ5u/TSJ_2Fxz80keoop/a7EjDDG7wrXHG68ZtX/Pmtf7IzJN/aJqNiYsKzCerz7CxDBe7/e24yGD4QU8YxhhSD3YO/03mvbgBdqeCIW6TNLEFcOV/EK49ihmFywAO1/pIF7jejl/dujcubamjFalP53t_2FHK8B/KFSEJwMt_2/BtevMf85tQFfIELR_/2BcnIXZSnbYO/KZzJGKYFtQN/vyvR7VHvQcMFD4/kY1tU9entnPFjHGBpC6PC/rfEItxXtG1ipdjW8/L_2BLpkqRSBRNu3/Qm7zxsLhdRlaAq032b/I1k1iSuisV_2F/6 | |
http://gtr.antoinfer.com/vADDezNeSke9U/kvoRl9HX/wg75j_2F1ccwy_2BN_2FgkC/Yh7aCXFF09/ee6kz01isjr6jdjmu/pk1iZnzuGks_/2FuxytqUYce/a5iWzRhuhKAZ4y/D3pXNK4fyJfK_2FkQ5xOt/JVfaKqEHewQX_2Bv/e8GLEmqyRCDOz2z/IZT7WGXdb3gbjuggsB/nJqV1sh4i/1CBsNlHce4vH9r545Rqj/lW_2BT5w8VeL3I13xEE/kQKMsI_2FV_2BAmRAPTTX_/2Fpo46_2FxhKi/aU1VyuXn/ftd9GHd_2FR3UMOYr1sC0hP/YgHDHBl7oA/36ctrYN2Q45zT_2FE/cFBpdxQOL4tl/xsOclWLyg_2B/TAMc8 | |
Click to see the 58 hidden entries | |
https://sectigo.com/CPS0 | |
http://ocsp.sectigo.com | |
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s | |
http://null.oracle.com/ | |
http://java.oracle.com/ | |
http://bugreport.sun.com/bugreport/ | |
http://www.certplus.com/CRL/class2.crl | |
http://cps.letsencrypt.org0 | |
http://x1.c.lencr.org/ | |
http://cps.root-x1.letsencrypt.orgK | |
http://x1.i.lencr.org/ | |
http://crl.xrampsecurity.com/XGCA.crl | |
http://policy.camerfirma.com0 | |
http://cps.root-x1.letsencrypt.org0 | |
http://repository.swisssign.com/ | |
http://www.quovadisglobal.com/cps | |
http://cps.chambersign.org/cps/chambersroot.html | |
http://www.certplus.com/CRL/class3P.crl | |
http://r3.i.lencr.org/; | |
https://sectigo.com/CPS | |
http://crl.securetrust.com/STCA.crl | |
http://constitution.org/usdeclar.txt | |
http://crl.xrampsecurity.com/XGCA.crl0 | |
http://www.quovadis.bm | |
http://www.quovadis.bm0 | |
http://x1.i.lencr.org/k | |
http://cps.root-x1.letsencrypt.org | |
https://data.green-iraq.com/app.dll | |
http://crl.chambersign.org/chambersroot.crl | |
http://cps.letsencrypt.org | |
http://r3.o.lencr.org | |
http://r3.o.lencr.orgC | |
http://crl.chambersign.org/chambersroot.crl0 | |
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0 | |
http://ocsp.sectigo.com0 | |
http://cps.chambersign.org/cps/chambersroot.html0 | |
http://cps.letsencrypt.orgk | |
http://constitution.org/usdeclar.txtC: | |
http://www.chambersign.org1 | |
http://https://file://USER.ID%lu.exe/upd | |
http://repository.swisssign.com/0 | |
http://policy.camerfirma.com | |
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# | |
https://ocsp.quovadisoffshore.com | |
http://www.chambersign.org | |
http://crl.securetrust.com/STCA.crl0 | |
http://www.certplus.com/CRL/class3P.crl0 | |
http://r3.i.lencr.org/ | |
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl | |
http://www.certplus.com/CRL/class2.crl0 | |
http://r3.i.lencr.org/07 | |
http://www.quovadisglobal.com/cps0 | |
http://x1.c.lencr.org/0 | |
http://x1.i.lencr.org/0 | |
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl | |
http://r3.o.lencr.org0 | |
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt | |
https://ocsp.quovadisoffshore.com0 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\winapp.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\Documents\20210803\PowerShell_transcript.579569.PzaIZfVx.20210803182038.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a |
data | # | |
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.out |
ASCII text, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\wm2qs3oi\wm2qs3oi.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\wm2qs3oi\CSC4DF65D5B5CD44487ACE6B52D8E184D85.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.out |
ASCII text, with CRLF, CR line terminators | # | |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\wfvgme3v\wfvgme3v.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\wfvgme3v\CSCBEAB7CEF44BD41E5AC32CBB29DE9912D.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swqqbxtk.cak.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qt0tzypn.feq.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RES50C8.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\RES3CF2.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # |