Threat Feed
viQpeWKAnd4IRUd0.exe
2026-05-25T17:25:16.353
malicious
Windows Exe (x86-32)
Close
viQpeWKAnd4IRUd0.exe
malicious
SHA256:
f9ee8cf8c2aebc6a7f3b2798fc8487d3d23bb7d6516b6c1c3237ef8cba569d22
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies Windows automatic backups
4/5
Malicious content matched by YARA rules
3/5
All network connection attempts failed
2/5
Schedules task
1/5
URL contains a TLD highly associated with phishing
1/5
Creates process with hidden window
1/5
Installs system startup script or application
Ransomware
REQUESTING QUOTATION.js
2026-05-25T17:24:37.740
malicious
JScript
Close
REQUESTING QUOTATION.js
malicious
SHA256:
6753dee770ffb48a7db8deac2817ed1c37a9c45854a0bbbd0638f221650e3817
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
4/5
Tries to detect kernel debugger
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Writes into the memory of another process
4/5
Reads from memory of another process
3/5
Delays execution
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive browser data
3/5
Captures clipboard data
2/5
Enumerates running processes
2/5
Searches for sensitive browser data
2/5
Possibly does reconnaissance
2/5
Performs DNS request
2/5
Downloads file
2/5
Loads a dropped DLL
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Connects to remote host
1/5
Creates mutex
1/5
Query OS Information
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
Spyware
Injector
Order No. 528RS.exe
2026-05-25T17:24:00.362
malicious
Windows Exe (x86-32)
Close
Order No. 528RS.exe
malicious
SHA256:
9db2ce42b7375f4c70e286983c0aef3ebd0befef2d0ec96610f10c36c6df9eb6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Agent Tesla configuration was extracted
4/5
Injected process sets up server that accepts incoming connections
4/5
Modifies Windows Defender configuration
4/5
Process Hollowing
3/5
Classifies external IP address
2/5
Searches for sensitive browser data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Tries to detect application sandbox
2/5
Reads sensitive mail data
2/5
Reads sensitive browser data
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
Spyware
Backdoor
Injector
REQUESTING QUOTATION.js
2026-05-25T17:23:56.856
malicious
JScript
Close
REQUESTING QUOTATION.js
malicious
SHA256:
d43657135da7882b8e1e9f258981462260da25153cc370587ac8597c3f0ddeca
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Reads from memory of another process
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Process Hollowing
4/5
Tries to detect kernel debugger
4/5
Writes into the memory of another process
3/5
Captures clipboard data
3/5
Reads sensitive browser data
3/5
Bypasses PowerShell execution policy
3/5
Delays execution
2/5
Loads a dropped DLL
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Possibly does reconnaissance
2/5
Enumerates running processes
2/5
Searches for sensitive browser data
2/5
Performs DNS request
2/5
Downloads file
1/5
URL contains a TLD highly associated with phishing
1/5
Query OS Information
1/5
Creates mutex
1/5
Connects to remote host
1/5
Accesses Microsoft Security Software registry keys
1/5
Enumerates running processes
Spyware
Injector
f8n3N1gxHjW9az49.exe
2026-05-25T17:22:49.736
malicious
Windows Exe (x86-32)
Close
f8n3N1gxHjW9az49.exe
malicious
SHA256:
483e611c0075cc84afc55648f074ae18a609ef2ec1e0af44573f22ee8267d811
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies Windows automatic backups
4/5
Malicious content matched by YARA rules
4/5
Disables Windows Recovery Environment
3/5
Disables a system tool
3/5
Disables a crucial system service
2/5
Schedules task
1/5
Creates process with hidden window
1/5
Installs system startup script or application
Ransomware