Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
94.140.115.8 | Latvia |
Name | Detection |
---|---|
http://94.140.115.8/drew/LtgGoR4W/2VkXik7fjDcVktkLvg4IApw/X92UzCdVgy/XGxL6WnODxABmAmav/eQYJObhAwpfD/VdmVLoyMEHz/dwiltyOKA4QHrd/HIJmqKTpq7hYAhh7xdD_2/BebjcoubFQh657nc/ksw26clyZ6v7ljU/oLbDPDTt1qYXqZfF_2/Fct2ocSBw/YaWKTOq17vIwu56czhmj/mDU1dku9eqq5aKu5F_2/FjqClysn2ko_2Fsx8SaFZF/ugZkpFnnMo_2B/poGcHSuZrc7hSygj/D8.jlk | |
http://94.140.115.8/drew/lAbS1TW8Ry8K_2Fy_2F02/IsWfDHUCh87tGSw4/6lgCxLe1Qs4WPGx/DknDiIGwAkcSSAjTq_/2BfvJx7dx/1hlTGDAg0PRAb8RWrNXa/OnwJqcZ0UkVEA4nNNEX/rU_2BEpbIQ3L_2FTXhvUWT/8ZfWEtxix63AY/iFey05B2/gKLIqEyGvdF_2FQqfOcIngQ/d4nr47OKVK/s16bIA5z3PH2z3706/OF3C_2BAmDzq/p9S3fF0IaVA/8GI4MffuRsVQDp/0oN_2BdvJJV7wESzGZsla/_2FLi.jlk | |
http://94.140.115.8/drew/NiEEiC_2F3/2h7kr_2B2M1EBpHcH/ENyHLalFXmOl/_2FTW0ecUVe/3N7nldlK89kw4y/VYeID7sRLB3A_2FAgFg0G/a5El_2BO7WD36Nlp/el4uE7tHR4Z8M9p/QG4TJaEWODl3HaYCH4/kP01txLgC/1iGXgYXBwcTcIgoIP92G/0JSXT0rNb0xnVvZFyXY/gCk_2F7aTYUhOqcRrdrBn4/EZOQnHcHRUgv3/B5BfYkj9/KpyjZ64W8U3keBpCjw85kZ4/8t_2Bri7RNBUNE3Y/8jsFDn.jlk | |
Click to see the 6 hidden entries | |
http://94.140.115.8/drew/NiEEiC_2F3/2h7kr_2B2M1EBpHcH/ENyHLalFXmOl/_2FTW0ecUVe/3N7nldlK89kw4y/VYeID7 | |
http://https://file://USER.ID%lu.exe/upd | |
http://constitution.org/usdeclar.txt | |
http://94.140.115.8/37 | |
http://constitution.org/usdeclar.txtC: | |
http://94.140.115.8/drew/lAbS1TW8Ry8K_2Fy_2F02/IsWfDHUCh87tGSw4/6lgCxLe1Qs4WPGx/DknDiIGwAkcSSAjTq_/2 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\pyir2nwc\pyir2nwc.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\WhiteBook.lnk |
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized | # | |
C:\Users\user\TestLocal.ps1 |
ASCII text, with no line terminators | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\Documents\20220428\PowerShell_transcript.123716.e+y1bmjH.20220428154848.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\vx43imot\vx43imot.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\vx43imot\vx43imot.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\vx43imot\vx43imot.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\vx43imot\vx43imot.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\vx43imot\CSCE0D7D73128344F6AB96E56EC2E032.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\pyir2nwc\pyir2nwc.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\pyir2nwc\pyir2nwc.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\pyir2nwc\pyir2nwc.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\pyir2nwc\CSC3492E89F885A4D28ABE1C8363667B7D.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptawa3qf.k1u.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fbj0ibhp.0cz.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RES6B2B.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RES4ECA.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # |