Threat Feed
QuickFetch.exe
2026-07-06T16:09:02.750
malicious
Windows Exe (x86-32)
Close
QuickFetch.exe
malicious
SHA256:
de13fc09ba8a1213989f6cf30e6612d7f8bfe939fa02d2ea12f15a631d696525
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Uses AFD endpoint for network communication
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Tries to evade debugger
3/5
Takes screenshot
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Reads network adapter information
2/5
Sends control codes to a driver
2/5
Signed executable failed signature validation
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
1/5
Possibly does reconnaissance
1/5
Creates a page with write and execute permissions
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Queries system time
1/5
Connects to remote host
1/5
Content matched by YARA rules
Spyware
NlgtX8OUOiCAd45w.html
2026-07-06T16:09:00.208
malicious
HTML Document
Close
NlgtX8OUOiCAd45w.html
malicious
SHA256:
5beed792c6ba323b58fb71fc89953d0e31245c91ce610e6fe191632c5b2ac0ae
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
PO# 45396377.JS
2026-07-06T15:49:47.549
malicious
JScript
Close
PO# 45396377.JS
malicious
SHA256:
3686b8b099af15e9cf798cb662c322c4aaa26876c95f0aaef25d85959f1f3655
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Sets up server that accepts incoming connections
5/5
Agent Tesla configuration was extracted
4/5
Tries to evade debugger
4/5
Tries to detect application sandbox
3/5
Classifies external IP address
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Possibly does reconnaissance
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Enables process privileges
2/5
Executes dropped PE file
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
1/5
Reloads native system libraries
1/5
Queries system time
1/5
Content matched by YARA rules
1/5
Query OS Information
1/5
Connects to remote host
1/5
Enumerates running processes
1/5
Unusual large memory allocation
Spyware
Backdoor
Downloader
925zQ0PuAGY5eOJh.exe
2026-07-06T15:49:15.424
malicious
Windows Exe (x86-64)
Close
925zQ0PuAGY5eOJh.exe
malicious
SHA256:
990a942d8221af0f0b27b94f8e5e8365b23e2bd1c9589782bf0afa99c44affcf
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Monitors keyboard input
3/5
Injects a file into another process
3/5
Uses HTTP to upload a large amount of data
2/5
Delays execution
2/5
Tries to detect analyzer sandbox
2/5
Schedules task
1/5
Content matched by YARA rules
1/5
Changes folder appearance
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Queries system time
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Checks external IP address
Spyware
3o3QF2AuLs02IyLc.exe
2026-07-06T15:47:20.108
malicious
Windows Exe (x86-64)
Close
3o3QF2AuLs02IyLc.exe
malicious
SHA256:
c835f1a1da7a3c22e92e1d0a8d6781fbd77f9016fb431e2c71d8dbe7c6295253
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Takes screenshot
2/5
Reads sensitive browser data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive remote access configuration data
2/5
Searches for sensitive password manager data
2/5
Searches for cryptocurrency wallet locations
1/5
Enables process privileges
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
Spyware