Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 88
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 100
|
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering
|
IP | Country | Detection |
---|---|---|
185.19.85.162 | Switzerland | |
148.66.138.165 | Singapore | |
13.107.43.12 | United States | |
Click to see the 2 hidden entries | ||
13.107.43.13 | United States | |
149.154.167.220 | United Kingdom |
Name | IP | Detection |
---|---|---|
myfrontmannyfour.ddns.net | 185.19.85.162 | |
vegproworld.com | 148.66.138.165 | |
l-0003.l-dc-msedge.net | 13.107.43.12 | |
Click to see the 5 hidden entries | ||
l-0004.l-dc-msedge.net | 13.107.43.13 | |
api.telegram.org | 149.154.167.220 | |
srod3g.dm.files.1drv.com | 0.0.0.0 | |
onedrive.live.com | 0.0.0.0 | |
srqeug.dm.files.1drv.com | 0.0.0.0 |
Name | Detection |
---|---|
https://vegproworld.com/wp-content/Medalj.vbsL5 | |
https://vegproworld.com/ | |
http://pesterbdd.com/images/Pester.png | |
Click to see the 41 hidden entries | |
https://vegproworld.com/wp-content/Medalj.vbs | |
http://mHPdOL.com | |
https://github.com/Pester/Pester | |
https://onedrive.live.com/ | |
https://srqeug.dm.files.1drv.com/J | |
https://srqeug.dm.files.1drv.com/y4mQ5yJoi4Y6HcwNbCc6pUgdD-mITQ7kZEuD91b6ItEUlOdCsX5pbb6sRhAFyyW0rsiikZIYNIG3aN6ru2QI2Jocl96QMckoKGjZLRdv33V4FgJlT3eaTuEf_wqTXNdhutLMwhMLh-VKMkO_LprFAOjs6TmBR3J7sRcYsKdRqB40Ocy23CLaBXHZNwliA1rPOqAP9E2b6fOWIjj8SBiqNoMxg/asonewstub_sILUK5.bin?download&psid=1 | |
https://srod3g.dm.files.1drv.com/ | |
https://onedrive.live.com/download?cid=B6AB3B5EAFD51867&resid=B6AB3B5EAFD51867%21312&authkey=AJEiJ04 | |
https://aka.ms/pscore6lB | |
https://contoso.com/ | |
https://nuget.org/nuget.exe | |
http://DynDns.comDynDNSnamejidpasswordPsi/Psi | |
https://srqeug.dm.files.1drv.com/ | |
https://www.google.com/accounts/servicelogin | |
https://login.yahoo.com/config/login | |
https://VaZy5Ui1fWtrw.com | |
https://srod3g.dm.files.1drv.com/y4m1P90Kk2H-cNQxXOJmqK2HftFgWGvGMYnAecew4IQelLJRvEs3Mvm9AZePLE-7ycB | |
https://onedrive.live.com/download?cid=B6AB3B5EAFD51867&resid=B6AB3B5EAFD51867%21315&authkey=AOvGd5g | |
http://www.nirsoft.net/ | |
http://api.telegram.org | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://contoso.com/License | |
https://srod3g.dm.files.1drv.com/y4m_w_TYZR6G948D0zxHbGIPmcNEAsiCr-h7u8jiKbgtUzAGOf6HCSyuDMew_yzc9ES | |
http://127.0.0.1:HTTP/1.1 | |
http://nuget.org/NuGet.exe | |
https://api.telegram.org | |
https://api.telegram.org/bot2135733177:AAGBiQMSb9sct4MUL0kpdpB0pPO3n3AKBfA/sendDocumentdocument----- | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
https://go.micro | |
https://srqeug.dm.files.1drv.com/y4mQ5yJoi4Y6HcwNbCc6pUgdD-mITQ7kZEuD91b6ItEUlOdCsX5pbb6sRhAFyyW0rsi | |
https://api.telegram.org/bot2135733177:AAGBiQMSb9sct4MUL0kpdpB0pPO3n3AKBfA/sendDocument | |
https://srod3g.dm.files.1drv.com/y4m1P90Kk2H-cNQxXOJmqK2HftFgWGvGMYnAecew4IQelLJRvEs3Mvm9AZePLE-7ycBADDM9gjChXojaUAFvzvY-Cy423yGwrUlC_bcoe1JiYKCw2nHeJm1x3gw-2YaAOTwF9stB2Fe3I_Q9EF5DHXKtmNsHMwqvsJEU4eUPPpWM4bTgczCUMzY-aeTL5nEBZP9w9o-E6QNqLbkLX7BveYa8g/asorem_uGQzQlB204.bin?download&psid=1 | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www | |
https://contoso.com/Icon | |
https://srqeug.dm.files.1drv.com/y4mWmfXrC7pY_5e5zLdKHGbqTRTY7ru3PzSbuunLusBV8qDfu1gh_BHmiBYNt80W1VE | |
https://support.google.com/chrome/?p=plugin_flash | |
https://onedrive.live.com/download?cid=B6AB3B5EAFD51867&resid=B6AB3B5EAFD51867%21312&authkey=AJEiJ04sJsNkOJM | |
https://srod3g.dm.files.1drv.com/z | |
http://www.nirsoft.net | |
https://onedrive.live.com/download?cid=B6AB3B5EAFD51867&resid=B6AB3B5EAFD51867%21312&authkey=AJEiJ04sJsNk | |
https://srod3g.dm.files.1drv.com/E( |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\RESF835.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\ugvgydy0.1al\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite |
SQLite 3.x database, user version 12, last written using SQLite version 3036000 | # | |
Click to see the 24 hidden entries | |||
C:\Users\user\AppData\Roaming\ugvgydy0.1al\Chrome\Default\Cookies |
SQLite 3.x database, last written using SQLite version 3036000 | # | |
C:\Users\user\AppData\Local\Temp\xxulbm |
Little-endian UTF-16 Unicode text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\rettetast.dat |
data | # | |
C:\Users\user\AppData\Local\Temp\msjsdp |
Little-endian UTF-16 Unicode text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\bhv8863.tmp |
Extensible storage engine DataBase, version 0x620, checksum 0xf8b2a747, page size 32768, DirtyShutdown, Windows version 10.0 | # | |
C:\Users\user\AppData\Local\Temp\bhv46D6.tmp |
Extensible storage engine DataBase, version 0x620, checksum 0xf8b2a747, page size 32768, DirtyShutdown, Windows version 10.0 | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yuh0lgm1.yl0.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqh2gi34.byq.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqeymjvc.kdh.psm1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fu5ipelj.u5l.psm1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\Troldes.dat |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\RES8878.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\Medalj.vbs |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\5gap5ezo\CSCC8BD0ABCCBE4C73AB31B0DCB5E94165.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\5gap5ezo\5gap5ezo.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\5gap5ezo\5gap5ezo.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\5gap5ezo\5gap5ezo.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\5gap5ezo\5gap5ezo.0.cs |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\15yt3nse\CSC6AB740706204464FA33B93DBB15436C9.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\15yt3nse\15yt3nse.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\15yt3nse\15yt3nse.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\15yt3nse\15yt3nse.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\15yt3nse\15yt3nse.0.cs |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # |