Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
193.56.146.148 | unknown | |
146.70.35.138 | United Kingdom | |
67.43.234.14 | Canada | |
Click to see the 1 hidden entries | ||
67.43.234.37 | Canada |
Name | IP | Detection |
---|---|---|
1.0.0.127.in-addr.arpa | 0.0.0.0 | |
222.222.67.208.in-addr.arpa | 0.0.0.0 | |
8.8.8.8.in-addr.arpa | 0.0.0.0 | |
Click to see the 2 hidden entries | ||
myip.opendns.com | 102.129.143.53 | |
resolver1.opendns.com | 208.67.222.222 |
Name | Detection |
---|---|
http://193.56.146.148/cook64.rar | |
http://146.70.35.138/phpadmin/zilwS36OC_2/FnjmOckuG_2BCm/VAdwDdj_2Fnac_2F0y6xc/deXhx0rBocPzi7tR/z8VoemZhKDJOEZ_/2FB71dJS5j3dZE2NGK/cGLO3t6yJ/yUrrIk8eZ08FZSU_2FS0/2G1FFOzId8doUQdjVtt/kPQnX57urwlFySqx1IZrAD/AgrnwQGGtXT4R/Tizv3fN7/xX9kvTCwfaZ1KZbAGWbajAo/gFAssOtH9Z/e8lp2TS1JzI4llaNY/olcdYO51/byt.src | |
http://193.56.146.148/stilak32.rar | |
Click to see the 32 hidden entries | |
http://146.70.35.138/phpadmin/TYhCb5d3/Qd3Po_2BKjelP_2F7WSwUso/7m8jnTpLRx/uExGwdKAdHoPBjWMC/elgD5kzT2sqT/T1iJBxA5UdT/uL5VED_2B8E0P8/_2FtpnrB_2FZlg9AlWg_2/BdtlwpvI_2BcVtwg/McOCY72thR3WVt5/wVoK31AOn6hDpHdQON/XBB32U4r8/fKY68F7l0jZNTMcXJ71L/odruZsWwSuNEIUWqi7s/08LTc4yWUohU0pkFp1T8P2/l2fvxomE6/r6zvT.src | |
http://67.43.234.14/images/exH_2BV5hI6UV32xq/9iKc6ZjImWoQ/GIugApItTP6/eU0FsndbiatJlG/8sZ81QZwXTfmteOvaRx3j/YoZ9Z9WZVb88loFE/XwzEGCF_2FYd014/RsM17SCy13qQU2pAif/TMyGZBQvh/N26WrESLVWVbmtD7LEn9/Rx20gFSw1JZAg58DLOG/BJUKRsQbaNOa0owKYxus_2/BoGrwh_2BDKqm/DuvxAvK6/zywXiP_2Bz0bAUH1Ay0X5pY/Ej1B6Nr9jL/cJXSt0eQu6DGGZWaR/qgLa8p54JO9D/mFJ_2BIO/ix2MS.bmp | |
http://193.56.146.148/cook32.rar | |
http://146.70.35.138/phpadmin/O5VHv_2BomBJ/FDSQ3C_2FEh/d3AB91pB2zVZZc/V8xBUftmx0M_2Bqnngedi/DpLLDhwUKQDOSSQS/nVaNzwxkqgcnJXK/SQy2RrteBXCJGPusj_/2Fou9gPbn/TEfuPZW_2FR5wp1JKvFc/BRr_2Bgc4Sh6fwKpLbg/92QNhdYG6IBsInIDDSBHis/CLBmXrf7shSlX/Qy4n9fNl/nE2maUEbSwiaPEHMkNYQxQk/D1KSQzl_2F/HXQWBGmfgthfPqv/9SK.src | |
http://67.43.234.14/images/fWI73R1_2Fi/dMEh0cq63rRCJy/hEJHCisV7TLXf6s5qDp3z/BCtN_2Bg1My_2Bxo/AhaNT6s6q6_2B58/OQZoTj4FY38JIpdz1z/MCQ_2Fvl2/KaObwwaShYciWGHB8igT/ebmAGB0PycjKyjC2pvQ/6aj0R0O7yrH6fMGLiN7rcC/6qFHr8cars3Gw/I8BuhPaS/BZ6BhWd8QiKaDrJK4XQp4Ag/g0wwOGo1XO/QfQATDgE2jY4Wf7L8/foVbicjFFFm0/9oroSq36Cxf/G6HPMi1wZ9ycu5/gwcS_2Bt/rdAx9WRg/N.bmp | |
http://193.56.146.148/stilak64.rar | |
http://curlmyip.net | |
http://67.43.234.14/images/vdoa2puIgygDcKHOof7W5Nx/Sm5x_2FLro/zObUXzRQyLPWX4K31/W76pZEGagBpT/o6IGunTWfCn/lXzKVuv3SgxDcg/QnnnzAZBFXh1ukr9Caozw/wPM7sTqNdf9sx_2F/Rne6TvIOz1EJrXu/g31KyfFRkwWQ7yEqN4/zXMBf0AoC/FcsOEsPhqIXCKsCLKvy2/p_2BCCsPTnYHLO5apYZ/ZOWl4UxrQhGJIiW3n82a5o/LRy86Sxl6Pzdu/NQ1r9_2F/M2tmRTakUsCXcEs_2FmAAzP/G6Sk1Uhj8yi4/tFtBd.bmp | |
http://ipinfo.io/ip | |
http://help.disneyplus.com. | |
https://www.disneyplus.com/legal/your-california-privacy-rights | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://nuget.org/NuGet.exe | |
https://disneyplus.com/legal. | |
https://nuget.org/nuget.exe | |
https://contoso.com/ | |
http://ns.adobe.uxEN | |
http://crl.microsoft.coQ | |
http://constitution.org/usdeclar.txt | |
http://pesterbdd.com/images/Pester.png | |
https://www.disneyplus.com/legal/privacy-policy | |
http://ns.micro/1%L | |
http://ns.adobe.cmge | |
https://github.com/Pester/Pester | |
http://curlmyip.netQ8tR9QJN7lLzOLlefile://c: | |
https://www.tiktok.com/legal/report/feedback | |
http://https://file://USER.ID%lu.exe/upd | |
https://contoso.com/Icon | |
https://contoso.com/License | |
http://constitution.org/usdeclar.txtC: | |
http://ns.adobp/ | |
http://www.apache.org/licenses/LICENSE-2.0.html |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\g2letrfe\g2letrfe.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\B95F.bin\Root.pfx |
data | # | |
C:\Users\user\AppData\Local\Temp\DFA5.bin |
ASCII text, with CRLF line terminators | # | |
Click to see the 38 hidden entries | |||
C:\Users\user\AppData\Local\Temp\DFA5.bin1 |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\FFD3.bin |
Zip archive data, at least v2.0 to extract | # | |
C:\Users\user\AppData\Local\Temp\RES5B2D.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RES71E1.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3t4dtxl.aez.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zqgxvc3t.uvk.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\g2letrfe\CSC71DE0290BB9F401583CAD01729BF75D7.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\g2letrfe\g2letrfe.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\B95F.bin\AuthRoot.pfx |
data | # | |
C:\Users\user\AppData\Local\Temp\g2letrfe\g2letrfe.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\g2letrfe\g2letrfe.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\vqkyohgm\CSCBF795D6899604BF9A48E638AB671C4FD.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\vqkyohgm\vqkyohgm.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\vqkyohgm\vqkyohgm.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\vqkyohgm\vqkyohgm.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\vqkyohgm\vqkyohgm.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\Documents\20220422\PowerShell_transcript.367706.vGPyFZhc.20220422161533.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
\Device\ConDrv |
ASCII text, with CRLF, CR line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA3E.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_7875e6245bdd47cab51d5025544adb25af7c1d5b_7cac0383_19f2e3d2\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_a0b9814f9a8146de5cfec8d14bee9aa28ce9d7_7cac0383_11cea998\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F47.tmp.dmp |
Mini DuMP crash report, 15 streams, Fri Apr 22 23:14:54 2022, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3BD.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA554.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1C6.tmp.dmp |
Mini DuMP crash report, 15 streams, Fri Apr 22 23:14:59 2022, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB580.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6D8.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5B9.tmp.dmp |
Mini DuMP crash report, 15 streams, Fri Apr 22 23:15:08 2022, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_3fb78dbd3096a159cff8d7df2087ea8f72df4a_7cac0383_1a1ec4c1\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB97.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\11D3.bin |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\2DBE.bin |
Zip archive data, at least v2.0 to extract | # | |
C:\Users\user\AppData\Local\Temp\40F3.bin |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\4A44.bin |
Zip archive data, at least v2.0 to extract | # | |
C:\Users\user\AppData\Local\Temp\6B3A.bi1 |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\7BC3.bin |
Zip archive data, at least v2.0 to extract | # |