Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 60
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 100
|
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering
|
IP | Country | Detection |
---|---|---|
85.209.2.33 | Russian Federation |
Name | IP | Detection |
---|---|---|
secure01-redirect.net | 85.209.2.33 | |
erubbw.bl.files.1drv.com | 0.0.0.0 | |
ervmpg.bl.files.1drv.com | 0.0.0.0 | |
Click to see the 2 hidden entries | ||
onedrive.live.com | 0.0.0.0 | |
skydrive.live.com | 0.0.0.0 |
Name | Detection |
---|---|
http://secure01-redirect.net/gb13/fre.php | |
http://secure01-redirect.net/gb13/fre.php:j | |
https://onedrive.live.com/ | |
Click to see the 24 hidden entries | |
https://ervmpg.bl.files.1drv.com/ | |
https://skydrive.live.com/redir.aspx?resid=5A15FDA1AE98540B%21122&avres=Infected&averror=SUCCESS&vin | |
https://onedrive.live.com/? | |
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd | |
http://docs.oasis-open.org/ws-sx/ws-trust/200512 | |
https://erubbw.bl.files.1drv.com/y4mYud6ym_NJqaq22uaIor9GRHQ64LzKJki5GZymu2f7YS1D2FLOko-vkkGMGoXIJDV | |
https://erubbw.bl.files.1drv.com/Kf | |
http://schemas.xmlsoap.org/wsdl/ | |
https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21122&authkey=AD5G_ly | |
http://schemas.xmlsoap.org/wsdl/soap12/ | |
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy | |
https://onedrive.live.com/viruswarning.aspx/fabrika.exe?cid=5a15fda1ae98540b&avres=I | |
https://erubbw.bl.files.1drv.com/ | |
http://schemas.xmlsoap.org/wsdl/lt | |
http://schemas.xmlsoap.org/ws/2005/02/trust | |
http://upx.sf.net | |
https://ervmpg.bl.files.1drv.com/y4m-APER2p5Nb5FMLd_ybyQzx60L82xlgrG-sbtfretok1410vF9H862p1fC8MWInho | |
https://skydrive.live.com/ | |
http://ocsp.di | |
https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21123&authkey=AKpY_r2 | |
https://ervmpg.bl.files.1drv.com/y4mYPEwbzED-97xrx9n29fV7fSyD1fgGpzSF-jmJxyxzc1NPIYDEsZm2hHvKAjBl1ub | |
http://schemas.xmlsoap.org/ws/2004/09/policy | |
https://ervmpg.bl.files.1drv.com/Q | |
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec |
data | # | |
C:\Users\user\AppData\Local\Temp\fabrika.exe |
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators | # | |
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb |
ISO-8859 text, with no line terminators | # | |
Click to see the 4 hidden entries | |||
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck |
very short file (no magic) | # | |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb |
data | # | |
C:\Windows\appcompat\Programs\Amcache.hve |
MS Windows registry file, NT/2000 or above | # | |
C:\Windows\appcompat\Programs\Amcache.hve.LOG1 |
MS Windows registry file, NT/2000 or above | # |