Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
2.56.57.22 | Netherlands | |
20.106.232.4 | United States | |
199.34.228.47 | United States | |
Click to see the 3 hidden entries | ||
54.203.72.218 | United States | |
45.128.51.66 | Netherlands | |
91.195.240.103 | Germany |
Name | IP | Detection |
---|---|---|
www.salazarcomunicacion.com | 103.167.196.150 | |
www.sushifactoryamphawa.com | 199.34.228.47 | |
www.mgav21.xyz | 45.128.51.66 | |
Click to see the 7 hidden entries | ||
a-0019.standard.a-msedge.net | 204.79.197.222 | |
www.nexusbalance.com | 91.195.240.103 | |
part-0032.t-0009.fbs1-t-msedge.net | 13.107.219.60 | |
a-9999.a-msedge.net | 204.79.197.254 | |
www.choicearticleto-readtoday.info | 54.203.72.218 | |
site-cdn.onenote.net | 0.0.0.0 | |
www.createurs-de-bijoux.com | 0.0.0.0 |
Name | Detection |
---|---|
http://www.bikebrewandflights.com/s4ig/www.hibikaiteki.com | |
http://www.caui.top/s4ig/ | |
http://www.acesso-livre-mercado.comReferer: | |
Click to see the 95 hidden entries | |
http://2.56.57.22/daveCrpted.jpg | |
http://www.shref94.comReferer: | |
https://contoso.com/ | |
http://20.106.232.4/rumpe/26-05-2022-StartUp.pdf | |
http://www.nexusbalance.comReferer: | |
http://www.createurs-de-bijoux.comReferer: | |
http://www.bikebrewandflights.com/s4ig/ | |
http://www.caui.top | |
http://2.56.57.22/tsdfguhijk.txt | |
http://www.hibikaiteki.com/s4ig/ | |
http://www.deadsdradqueer.com | |
www.hibikaiteki.com/s4ig/ | |
http://www.40dgj.xyzReferer: | |
https://contoso.com/License | |
http://www.nexusbalance.com/s4ig/www.choicearticleto-readtoday.info | |
http://www.prostitutkitambovasuck.info/s4ig/ | |
http://www.acesso-livre-mercado.com | |
http://www.createurs-de-bijoux.com/s4ig/ | |
http://www.choicearticleto-readtoday.info/s4ig/ | |
http://www.giaohanggiaretetkiemhcm.com | |
http://www.choicearticleto-readtoday.info | |
http://20.106.232.4 | |
http://2.56.57.22/ts | |
http://www.bikebrewandflights.com | |
http://www.choicearticleto-readtoday.info/s4ig/?0tx=EE1KxreShStuWGRfOzXQivmJYb01nsHN4Y+USZVKUNF8o5M6FFhEbiUBXOrRFrwbnBV3ymr95w==&CTM8q=6lUH4xyXELQ8-0r | |
http://2.56.57.22/daveCrpted | |
http://www.40dgj.xyz/s4ig/ | |
http://www.shref94.com | |
http://www.prostitutkitambovasuck.infoReferer: | |
http://www.prostitutkitambovasuck.info | |
http://www.mentication.com | |
http://www.hibikaiteki.comReferer: | |
http://www.mgav21.xyz | |
http://www.deadsdradqueer.comReferer: | |
http://www.giaohanggiaretetkiemhcm.com/s4ig/ | |
http://www.sushifactoryamphawa.com/s4ig/www.mgav21.xyz | |
http://20.106.232.4/dll/26-05-2022-StartUp.pdf | |
http://www.sushifactoryamphawa.com/s4ig/?CTM8q=6lUH4xyXELQ8-0r&0tx=OUASG+zKIyPgsbPq7aByYUb53Y7vFTrhhhVYwgCqKyQGNMMvVk3uDgUSApaDProA7A9idTtJxA== | |
http://www.mentication.com/s4ig/ | |
http://www.giaohanggiaretetkiemhcm.com/s4ig/www.mentication.com | |
http://20.6. | |
http://www.choicearticleto-readtoday.info/s4ig/www.sushifactoryamphawa.com | |
http://www.createurs-de-bijoux.com/s4ig/www.fairble.com | |
https://www.mgydez.site/s4ig/?0tx=dCXC | |
http://www.hibikaiteki.com/s4ig/www.caui.top | |
http://www.mgav21.xyz/s4ig/?0tx=dCXC+2ZT0QRaPMB/1bkCzyFCQOsWt/uhEcdMypxrEdi7eXd+jvTokAesL3IOP6QRIKOYlLryUQ==&CTM8q=6lUH4xyXELQ8-0r | |
http://www.caui.topReferer: | |
https://go.micro | |
http://www.40dgj.xyz/s4ig/www.bikebrewandflights.com | |
http://pesterbdd.com/images/Pester.png | |
http://www.createurs-de-bijoux.com | |
http://www.nexusbalance.com/s4ig/ | |
http://www.40dgj.xyz | |
http://www.fairble.com/s4ig/ | |
http://2.56.57.22/daveCrpt | |
http://www.mentication.com/s4ig/www.prostitutkitambovasuck.info | |
http://www.giaohanggiaretetkiemhcm.comReferer: | |
http://www.deadsdradqueer.com/s4ig/www.acesso-livre-mercado.com | |
http://www.fairble.comReferer: | |
http://www.hibikaiteki.com | |
http://www.nexusbalance.com | |
http://2.56.57.22/daveCrpted.jpg0y | |
http://www.mentication.comReferer: | |
http://www.shref94.com/s4ig/www.deadsdradqueer.com | |
http://www.fairble.com/s4ig/www.shref94.com | |
http://www.acesso-livre-mercado.com/s4ig/ | |
http://www.bikebrewandflights.comReferer: | |
http://www.acesso-livre-mercado.com/s4ig/www.40dgj.xyz | |
http://www.choicearticleto-readtoday.infoReferer: | |
http://2.56.57.22x | |
http://www.mgav21.xyz/s4ig/ | |
http://www.caui.top/s4ig/www.giaohanggiaretetkiemhcm.com | |
http://www.fairble.com | |
http://www.sushifactoryamphawa.com | |
http://www.deadsdradqueer.com/s4ig/ | |
http://2.5 | |
http://www.prostitutkitambovasuck.info/s4ig/TL | |
http://www.mgav21.xyz/s4ig/www.createurs-de-bijoux.com | |
http://www.mgav21.xyzReferer: | |
http://2.56.57.22 | |
https://contoso.com/Icon | |
http://www.sushifactoryamphawa.comReferer: | |
https://www.sushifactoryamphawa.com/s4ig/?CTM8q=6lUH4xyXELQ8-0r&0tx=OUASG | |
https://www.sushifactoryamphawa.com/s4ig/?CTM8q=6lUH4xyXELQ8-0r&0tx=OUASG | |
http://www.sushifactoryamphawa.com/s4ig/ | |
http://www.nexusbalance.com/s4ig/?CTM8q=6lUH4xyXELQ8-0r&0tx=cD7SGqgsMdn1qG9AyDMlGxGbikkTJ3e+SLNAYG8XHeGes8xhGajuA9PSV6Vq4uulpQsNka3DRA== | |
http://20.106.232.48 | |
http://www.shref94.com/s4ig/ | |
https://nuget.org/nuget.exe | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://img.sedoparking.com | |
https://www.sedo.com/services/parking.php3 | |
http://nuget.org/NuGet.exe | |
https://github.com/Pester/Pester | |
http://www.apache.org/licenses/LICENSE-2.0.html |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Windows\Temp\Done.vbs |
Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators | # | |
C:\ProgramData\Done.vbs |
Non-ISO extended-ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yi3ekm1h.hmy.ps1 |
very short file (no magic) | # | |
Click to see the 21 hidden entries | |||
C:\Users\user\Documents\20220527\PowerShell_transcript.936905.zvvmzKz8.20220527211546.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.936905.niV_xjXk.20220527211529.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.936905.nOp+0WJ9.20220527211551.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.936905.g8PVW+ZW.20220527211543.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.936905.E1mPwf08.20220527211605.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220527\PowerShell_transcript.936905.5h_PkwvK.20220527211608.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notepad.lnk |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Apr 11 22:35:26 2018, mtime=Sat May 28 03:15:50 2 (…) | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GKHBRLNPJU0ODJT48OSA.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\203a5f290b65cc8e.customDestinations-ms (copy) |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yqfb03wu.q5o.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qct2mbdi.gzd.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qbmitrze.fya.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0pwlqea.rls.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gmtexydj.af0.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_egrwuhbw.ty3.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5kpxlgc.rz4.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ci2jssrm.icg.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5pqmaeda.zwf.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2fuzbet0.1gd.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0i4inhxi.qyz.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # |