Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
185.189.151.28 | Switzerland |
Name | Detection |
---|---|
http://185.189.151.28/drew/G9Zl6xXWK7/sq6mJwqNR6fvih_2F/3BlWMH0TTomc/U1aMCISKVce/sD1_2BamSatrUi/mArOkW2r7_2B0uc5NIyZ1/fqCKZKNfwHwtB7N_/2BOdKH9zPCcKh5j/aH7OQyg_2B7xMhAY1R/xlVSoeftX/sTSsZsRI3rAEzydEwaZ5/9QwFFn9O9UzVILrRbdl/7UPI548brok0gcZoBkvtCI/1vWqX_2Bjtpxo/llnrjwNT/qDZ6Nfo6aLVU8WQtuO_2FVg/zPD0a3AU1_/2BluOSPr1CN4zp_2B/j9DB_2Fzln/wTp23X8qY/8v5Y.jlk | |
http://185.189.151.28/drew/jXEA7ByXkNY6ttIyk/c1_2FpaHGG8A/Yx7P_2FoAZx/2kWyqwCGw_2Fq6/CqvTpauiAtq1S6NEfUFGz/azQBCUCEVQkwLO92/zmVyPCpquTYZDzt/P2EwT8kh0KHu8Lbvc2/Ag_2FS5Oy/Bwa_2FhroFaW1JJ7Yi_2/FCwhCYTX1vsSGLasuXt/5_2FN41F2ddMFyf13Vxa_2/FlhkTkOugqgwW/2xYMihrB/d1UYCEPSvlBu19hXDBks3k1/KTXlXsgnHu/yq5ztS0tgrWgRYyLM/xsuyeva.jlk | |
http://185.189.151.28/drew/yTRJAUZiMQ_2FTcjFd/OV31p2h1j/mj3Z9n_2BOBKbildEj82/DKgORp8r4Xx_2BnVgp_/2F_2F_2BvQg_2BZVCdBCQi/QtPh_2BkpemuH/LSUbfgED/uR6Ni2U_2B2TrekewEGTeeM/QVV2Ymg6iJ/T2mSA6ICc_2Fr99oW/m0E6ateNanP0/G9bVGRc76Wh/i2tCqLMog2Cd2S/BjsyNkJBT9sJ3ChkZSwYM/3GFd1ud_2Fz_2BWJ/ABPbUtrh_2BqYag/UdccpuDhsuWiS1djZj/kqFinK56w/1Yn7inetR1GAB9jPIhty/UC9Ej8wR/j.jlk | |
Click to see the 4 hidden entries | |
http://https://file://USER.ID%lu.exe/upd | |
http://ns.adobY | |
http://constitution.org/usdeclar.txt | |
http://constitution.org/usdeclar.txtC: |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\zbedhqob\zbedhqob.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\WhiteBook.lnk |
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized | # | |
C:\Users\user\TestLocal.ps1 |
ASCII text, with no line terminators | # | |
Click to see the 15 hidden entries | |||
C:\Users\user\Documents\20220504\PowerShell_transcript.210979.BCECBztA.20220504162021.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\zek5yaft\zek5yaft.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\zek5yaft\zek5yaft.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\zek5yaft\zek5yaft.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\zek5yaft\zek5yaft.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\zek5yaft\CSC3DAC9030B4CB46878A3398CFC11AF7A7.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\zbedhqob\zbedhqob.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\zbedhqob\zbedhqob.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\zbedhqob\zbedhqob.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\zbedhqob\CSCD26AEEEF9294175AE6FC384D1631824.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5qvxjjl.3xd.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0zsko4if.iqj.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RES3EDE.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RES1B0A.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # |