Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
94.140.115.8 | Latvia |
Name | Detection |
---|---|
http://94.140.115.8/drew/pWUKzJDbrhpv/FFkNspqcCVD/4ANu5UR3K56aq1/YlZTd4vqqjxlSWQE81tmv/0903hK9AGVho5G_2/FPX1B2ZeY41YUql/9Zl7hUh81wcOKdUUaq/Z_2FlHHRh/JDsEpYdxv2Sil3Q8A91e/jYpDxmigXCYZ8PDT72P/GzAMhzuxMmNvrbZtpOxqlx/F1jRyqu5A3bI6/9P2_2BGh/CvwgeSwx46r_2FQDHgxUtUu/VEvc4RUsji/nf7CiGV7ZHZfisjbY/l_2FOYdkMf6Q/cPBDnAZaABD/3v7KHlHBv_2B/_2BGS0Es/y.jlk | |
http://94.140.115.8/drew/ik1LQOZMh/mVRbIyzEQTxBwTr6Z5u6/zI22UmjAz8JK2nSoDWz/PBbBE92xQ6eDvkHhGI4LUa/C2IzDYhRuCy1X/B8bDGu4d/NNeE2BpCwJS_2BLL1GATet_/2FJaGdNT8S/qykJG_2BzgaYwDsmt/6L38BacVeBDK/DI5poywJVgk/0BVE0JF2RsEX1d/ehK8HVo5nM5dN_2BvfT0B/d2eei3kq6JFp_2Bo/wjjnHOVxOWAf9Rl/iq5emFWqLQuh9aW2bI/a4pKOz5Hp/Nn13tipc/V.jlk | |
http://94.140.115.8/drew/BCNeqjF198SdSe826/ArOdCqmPIWdy/mLsvCOAaonH/_2B_2FaHw_2FNP/whZllPw0UWDpWxMk3vD70/ZW7HQlXyVsLFMEnd/ioWk92wZdXi7gVZ/YpqeONxg_2FtJ1pLE0/gkg_2BzOr/T30turd_2FCKY_2FdW3S/SQG35opQqK5eweX5X3z/X5WbnNy0h0F7CgoMJPXQn8/WlhTd00F2BAHX/eC3JkGFi/jMv01ywCxcdZG9_2BXsKQ2k/cWPyDUzVgF/HeX7VJFkhkvecZXZ0/41xqfgFNRUy_/2Fgmw0qSg6Ao/JqGQVxm.jlk | |
Click to see the 4 hidden entries | |
http://https://file://USER.ID%lu.exe/upd | |
http://constitution.org/usdeclar.txt | |
http://crl.micro | |
http://constitution.org/usdeclar.txtC: |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\o1ulwvct\o1ulwvct.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\WhiteBook.lnk |
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized | # | |
C:\Users\user\TestLocal.ps1 |
ASCII text, with no line terminators | # | |
Click to see the 14 hidden entries | |||
C:\Users\user\AppData\Local\Temp\tn4ral5l\tn4ral5l.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\tn4ral5l\tn4ral5l.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\tn4ral5l\tn4ral5l.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\tn4ral5l\tn4ral5l.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\tn4ral5l\CSC7E5DF85510FF49B49113DD9CBF81BD4.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\o1ulwvct\o1ulwvct.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\o1ulwvct\o1ulwvct.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\o1ulwvct\o1ulwvct.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\o1ulwvct\CSC9597862635B74071BA42F3284427E86E.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gpafcgl0.stl.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04s3loul.cwz.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RESA96F.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RES9868.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols | # |