Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
94.140.115.8 | Latvia |
Name | Detection |
---|---|
http://94.140.115.8/drew/50s8s_2Fm/cVudhHX9qhkwnZn8YGEa/1_2FluFvn0rgITgZHrA/wgcOmIc7KszdPMRNYAwCGU/riR21HHqBfnky/h3W8R7X2/i4XUx7MW7pUIRFpHREax99S/CeaSmQqUkf/_2FQJb20GfOBx67Hv/vcYd4qEFb5vs/GCAhrG_2F_2/Fs8jogZPWA_2BZ/E84C3VPBHuhbD17con0IW/u18AFJcaJWYZ53TT/SBbkABZO2lEW2gv/N0JCn4zxEtu_2BD1lC/F07n5Kpw2LWAlyB/hwLOToT.jlk | |
http://94.140.115.8/drew/WXsBbTk_2FBXBK/mS8Hu3n2DbeYWVwpxggIZ/cAzhqJf7aBOMcFyZ/ERg2cki7hXSFbet/cCn9kY_2Baq8v2FrSn/Rei5wg7J9/Qsu_2FMujMKTcbcDzJ0J/AhSY_2BVu9QQM_2FYvA/N7OdLSd3CjR0pY4_2FFyUB/GOmdiT9hoha13/v02bkkOg/EJzbMo_2FrexM_2BofdpAOE/xgFjJDpwMl/8SxBhJlVDNq8aMCyL/7JDY3gS5rUN7/gZQ5T5rpdKF/AFQ_2BiwFrwd7d/YmSmnBkM9/kco.jlk | |
http://https://file://USER.ID%lu.exe/upd | |
Click to see the 2 hidden entries | |
http://constitution.org/usdeclar.txt | |
http://constitution.org/usdeclar.txtC: |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\RES2B5B.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols | # | |
C:\Users\user\Documents\20220428\PowerShell_transcript.468325.WGQFiXaw.20220428103607.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\iig1japh.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
Click to see the 14 hidden entries | |||
C:\Users\user\AppData\Local\Temp\iig1japh.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\iig1japh.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\iig1japh.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yympvmax.25e.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrh5g1xw.2sy.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RESE3E.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\CSC8E8486282EA843C08CB8749684F1E69.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\CSC1476D44366854E63BD1CA8712B7CCE92.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\0hvnxdzw.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\0hvnxdzw.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\0hvnxdzw.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\0hvnxdzw.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # |