Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\KHNE9A4.tmp |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\NAmADA4.tmp |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Roaming\R3POs\wermgr.exe |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
Click to see the 7 hidden entries | |||
C:\Users\user\AppData\Local\Temp\Cjaq.cmd |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\tkcfGo.cmd |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wraljbotdtpzzk.lnk |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 13 03:46:15 2022, mtime=Wed Apr 13 03:46:15 2022, atime=Wed Apr 11 22:34:22 2018, length=209312, window=hide | # | |
C:\Users\user\AppData\Roaming\R3POs\wer.dll (copy) |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Windows\System32\CCAL\MDMAppInstaller.exe |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Windows\system32\CCAL\WTSAPI32.dll (copy) |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # |