Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
185.189.151.28 | Switzerland |
Name | Detection |
---|---|
http://185.189.151.28/drew/5hvqzMd6r/y5LAWfsJPn_2FuJNBtSD/jo9Ej88JuprJYYLjeMo/uimRol7PlJG9VvIsIL3Df8/4b5dhKr7zfzzy/kQN4nu7p/Bi8YSgYkQh_2FrjUppzhtJE/zFVGD_2FFF/_2F9gKu_2BFOgZIul/mVEjfleUS_2B/_2FVExdXenS/GfiizuBv_2BCTK/T4Xb7Vm5ofWBzBK_2BS0m/v_2FFBHs0rb4cYP0/khifyRgzCQqsMFT/OI0rU2yRygplxTS_2B/_2FshpDk2/B_2B7kqCdL_2FzljvJKw/yu4lbDSn21X4G_2BWCi/VxE9dtb614/j6.jlk | |
http://185.189.151.28/drew/mUvYePprXz/HSjqVijdEeUR8rvJ9/cPWoN3kKWonK/lI7v_2BDaJj/aZ5n6IwN6RAkac/zBA3QOGURvi2Bn62CEKzA/A3rorOmUO13vlWw9/lzth0IsENWOQAIp/0T1fjcNdrBgHgQOml9/Vtvrq3J5S/ZVdmhdy814jSy4CHhelx/PV3kSAma_2FHk8mHoZj/0M9dNaFUJOk65VEW2JyCjp/DYhrX9Z9mZeAq/A_2Bj2mC/SRS888WqesbdPSEE6NoZrXT/lL5oVjMye8Q6/7p.jlk | |
http://https://file://USER.ID%lu.exe/upd | |
Click to see the 7 hidden entries | |
http://www.micr. | |
http://constitution.org/usdeclar.txt | |
http://185.189.151.28// | |
http://crl.microsoft.co | |
http://185.189.151.28/drew/5hvqzMd6r/y5LAWfsJPn_2FuJNBtSD/jo9Ej88JuprJYYLjeMo/uimRol7PlJG9VvIsIL3Df8 | |
http://185.189.151.28/drew/mUvYePprXz/HSjqVijdEeUR8rvJ9/cPWoN3kKWonK/lI7v_2BDaJj/aZ5n6IwN6RAkac/zBA3 | |
http://constitution.org/usdeclar.txtC: |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\CSC8B2F5B9E5B5E42FBBCD6AAD130D3A7FD.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\CSCA3AF429E64284F6FBA5C7EF0C7D44D.TMP |
MSVC .res | # | |
Click to see the 13 hidden entries | |||
C:\Users\user\AppData\Local\Temp\RES99B1.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RESB529.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_peljaqzs.1su.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wk4cirqy.03y.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\que4qvkg.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\que4qvkg.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\que4qvkg.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\que4qvkg.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\suyq54bl.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\suyq54bl.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\suyq54bl.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\suyq54bl.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\Documents\20220504\PowerShell_transcript.688098.e0lviBuJ.20220504162647.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # |