Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
185.189.151.28 | Switzerland |
Name | Detection |
---|---|
http://185.189.151.28/drew/B3tD71yvfFj/gfZp3daO_2Bdwd/J74GroU_2B2RS9pZPOWRu/OtFR_2FhyZw56X2R/PjMrptjYgxRI9yN/60a3_2BH3DG_2F54o6/k4FuNHdHt/_2Fbf7vihnann1jkglyS/JDZHHHQhyCPl_2BSxDF/uG766yIgjmWk3L5m76dvRD/pmah26XSX29wQ/IYFJ4adj/_2FD_2FRcsgG7WoAA7H9D1h/gAHU7HzWDw/jlIfQesseieLJV9o7/jX9Xt_2FD1_2/FDeYes_2BEB/BHmEAtxruA/ObgEypAYc/wR.jlk | |
http://185.189.151.28/drew/pL2S3mauJ/ftl9U086Yr5R_2BGOnva/jFSqVT1ErZkBfCX_2Fg/X5AWXLtBUgBo0HiM1ZmG01/i9_2Foi0hWOMh/kt_2BXWd/ZwgG5GWL_2BS_2B5k9py7Mm/M5ydzLJ00F/OUOYlxo1THtzfSqcP/YLfwc8k_2F3b/qp8voi_2FUn/dm5OQlYHNycvFv/Rn2XchWuPWJ9U7QQpuhMY/yqi5kizSNRLHXwg_/2F41yn_2FDivYQl/a2GTZwIPWSGu0czWUU/ouu3wy7I3/th3MQIX7zieroJNlDOkj/6S4TjfPA/dXoVyQ69E/K_2FWE.jlk | |
http://185.189.151.28/drew/krFJFZapp/FeVooZCa3X9CgEv8xl0O/YLbv5AhiuWs5MGksInl/tBlU_2FxtzsdfsZwM6Ovod/67bW8E4T2vUgE/HeLxzTad/oZP5OVXLlpNLv_2FOBj0V80/84LkUkK4y0/sJqpez9uSW7Jv6TpE/bISJOVuuOcGU/NkOjEPGUE29/vYH38g_2BE1Ulb/tT4DQxlwBXjg697UaCcr0/Udl7KSNzZ6A4c_2B/rr_2FdcFBzusftO/w9Exv3OLpwBuX38e1o/KQyxQpAIiKhAs/_2BS9Lh.jlk | |
Click to see the 7 hidden entries | |
http://185.189.151.28/ | |
http://https://file://USER.ID%lu.exe/upd | |
http://constitution.org/usdeclar.txt | |
http://185.189.151.28/drew/krFJFZapp/FeVooZCa3X9CgEv8xl0O/YLbv5AhiuWs5MGksInl/tBlU_2FxtzsdfsZwM6Ovod | |
http://185.189.151.28/drew/pL2S3mauJ/ftl9U086Yr5R_2BGOnva/jFSqVT1ErZkBfCX_2Fg/X5AWXLtBUgBo0HiM1ZmG01 | |
http://constitution.org/usdeclar.txtC: | |
http://185.189.151.28/drew/B3tD71yvfFj/gfZp3daO_2Bdwd/J74GroU_2B2RS9pZPOWRu/OtFR_2FhyZw56X2R/PjMrptj |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\1twaywxt\1twaywxt.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\1twaywxt\1twaywxt.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
Click to see the 12 hidden entries | |||
C:\Users\user\AppData\Local\Temp\1twaywxt\1twaywxt.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\1twaywxt\1twaywxt.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\1twaywxt\CSC8E4C4A27E0F846069DE582614FAC5C1.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\RES52DC.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RES678D.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ex1t0gx4.hpm.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ochynr5i.02z.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\sch0uqly\CSC67FDFB6A3EC42CBB7751570EDFD46.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\sch0uqly\sch0uqly.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\sch0uqly\sch0uqly.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\sch0uqly\sch0uqly.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\sch0uqly\sch0uqly.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # |