Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | IP | Detection |
---|---|---|
api.telegram.org | 149.154.167.220 |
Name | Detection |
---|---|
http://127.0.0.1:HTTP/1.1 | |
https://api.ipify.org%GETMozilla/5.0 | |
http://DynDns.comDynDNS | |
Click to see the 7 hidden entries | |
http://tempuri.org/ | |
https://api.telegram.org/bot2030557675:AAF2CRvHF_rfT7tYXz9VN8YUb6kF5qxu_xg/sendDocumentdocument----- | |
http://YsLVkm.com | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip | |
https://api.telegram.org/bot2030557675:AAF2CRvHF_rfT7tYXz9VN8YUb6kF5qxu_xg/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Windows\Microsoft.NET\Framework\BABEDAFADDBCFEAAEFCDFCDE\svchost.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#NEW ORDER FOR JANUARY 2022.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndedftbp.hio.psm1 |
very short file (no magic) | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\Documents\20220114\PowerShell_transcript.301389.qPOtysNN.20220114053246.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220114\PowerShell_transcript.301389.TjhCOvM7.20220114053243.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220114\PowerShell_transcript.301389.Kmftd8NL.20220114053244.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220114\PowerShell_transcript.301389.Cb2iz80h.20220114053303.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220114\PowerShell_transcript.301389.8tzwXQ58.20220114053231.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yrcvsx0a.z50.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qim5i45f.hre.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pswme1px.15w.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_knth15sn.2xz.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_knfqx50j.snp.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gj0etfuz.zra.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d2nywgzx.vdr.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4uypqtat.42m.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2rnex2ek.lje.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\svchost.exe.log |
ASCII text, with CRLF line terminators | # |