Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
20.106.232.4 | United States | |
2.56.57.22 | Netherlands |
Name | IP | Detection |
---|---|---|
www.hibikaiteki.com | 118.27.122.216 | |
www.nancykmorrison.store | 172.67.160.125 |
Name | Detection |
---|---|
http://20.6. | |
http://2.56.57.22/ts | |
http://2.56.57.22x | |
Click to see the 17 hidden entries | |
http://20.106.232.4 | |
http://20.106.232.48 | |
https://contoso.com/Icon | |
http://20.106.232.4/dll/26-05-2022-StartUp.pdf | |
https://contoso.com/License | |
https://contoso.com/ | |
http://20.106.232.4/rumpe/26-05-2022-StartUp.pdf | |
http://20.106.232.4/dll/26-05-2022-StartUp.pdfPk | |
http://pesterbdd.com/images/Pester.png | |
http://2.5 | |
http://2.56.57.22 | |
http://2.56.57.22/tsdfguhijk.txt | |
https://nuget.org/nuget.exe | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
http://nuget.org/NuGet.exe | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://github.com/Pester/Pester |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\ProgramData\Done.vbs |
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lxmjsncm.0lo.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.783875.zMIa0yAZ.20220527211523.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
Click to see the 25 hidden entries | |||
C:\Users\user\Documents\20220527\PowerShell_transcript.783875.hz5nZdhI.20220527211619.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.783875.bfCcr7J2.20220527211526.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.783875._396rmPr.20220527211537.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.783875.QizwF1Bj.20220527211550.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.783875.6BQNrnBR.20220527211548.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.783875.1eplhr3P.20220527211616.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notepad.lnk |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Apr 11 22:35:26 2018, mtime=Sat May 28 03:15:32 2 (…) | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BCYMZUG86WIB33RE6HLM.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\203a5f290b65cc8e.customDestinations-ms (copy) |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdtgx0ab.jx5.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sy35pvwd.ng5.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pfeyzexk.3oy.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_laq4ftm4.4mp.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iplajpvg.nby.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gzbo1jkc.hpz.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnxlvzx1.xhq.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bu4y3ysi.wmb.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5saywipd.men.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dgawbhw.o05.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_14hqbqjj.gxr.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_113xeubt.0rn.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04g23aso.ckf.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\ProgramData\Done.vbs:Zone.Identifier |
ASCII text, with CRLF line terminators | # |