GridinSoft Threat Intelligence
2Rem-5090-.base64encode.net.vbs threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as WScript_Shell_PowerShell_Combo.bot!yf. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- WScript_Shell_PowerShell_Combo.bot!yf
- Recommended action
- Scan and remove
- Last analysis
- 2026-05-18 21:00:48 (a week ago)
- File hash
- 2b816ac3d674e0558eee1b545db0b610
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as WScript_Shell_PowerShell_Combo.bot!yf.
First seen 2026-05-18 20:00:34 (a week ago); latest analysis 2026-05-18 21:00:48 (a week ago).
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.
File context
2Rem-5090-.base64encode.net.vbs is a Windows file recorded in the ThreatInfo database. The current detection status is WScript_Shell_PowerShell_Combo.bot!yf, based on the latest analysis from 2026-05-18 21:00:48 (a week ago).
If 2Rem-5090-.base64encode.net.vbs appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as WScript_Shell_PowerShell_Combo.bot!yf.
File Details
| MD5: | 2b816ac3d674e0558eee1b545db0b610 |
| Size: | 203 KB |
| First Published: | 2026-05-18 20:00:34 (a week ago) |
| Latest Published: | 2026-05-18 21:00:48 (a week ago) |
| Status: | WScript_Shell_PowerShell_Combo.bot!yf (on last analysis) | |
| Analysis Date: | 2026-05-18 21:00:48 (a week ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %temp% |
ThreatInfo has observed 2Rem-5090-.base64encode.net.vbs in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen 2Rem-5090-.base64encode.net.vbs across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is United States with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for 2Rem-5090-.base64encode.net.vbs is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
Report conclusion
GridinSoft detects this file as WScript_Shell_PowerShell_Combo.bot!yf
This report identifies 2Rem-5090-.base64encode.net.vbs by MD5 2b816ac3d674e0558eee1b545db0b610. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.