Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 90
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | Detection |
---|---|
https://dynamic.t | |
https://dev.virtualearth.net/REST/v1/Transit/Stops/ | |
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r= | |
Click to see the 61 hidden entries | |
http://crl.rootca1.amazontrust.com/rootca1.crl0 | |
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? | |
http://ocsp.rootca1.amazontrust.com0: | |
http://nsis.sf.net/NSIS_ErrorError | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= | |
https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/ | |
https://%s.xboxlive.com | |
https://dev.virtualearth.net/REST/v1/Locations | |
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/ | |
https://dev.virtualearth.net/mapcontrol/logging.ashx | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= | |
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/ | |
http://nsis.sf.net/NSIS_Error | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= | |
https://www.thawte.com/cps0/ | |
http://www.ubikey.co.kr/infovine/download.html | |
https://www.thawte.com/repository0W | |
https://dev.virtualearth.net/REST/v1/Routes/Transit | |
http://crt.rootca1.amazontrust.com/rootca1.cer0? | |
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen | |
https://dev.ditu.live.com/REST/v1/Transit/Schedules/ | |
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north= | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= | |
https://activity.windows.com | |
https://dev.ditu.live.com/REST/v1/Locations | |
http://pcro.mobilesign.net/mini_cert_install.html679865F99D3C364AE1795B826BF546FAB3AC7343 | |
https://%s.dnet.xboxlive.com | |
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/ | |
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= | |
https://dev.virtualearth.net/REST/v1/Transit/Schedules/ | |
https://dev.ditu.live.com/REST/v1/Routes/ | |
http://rootca.kisa.or.kr/kor/hsm/hsm.jsp | |
https://dev.virtualearth.net/REST/v1/Routes/Driving | |
http://www.openssl.org/V | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx | |
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/ | |
https://t0.tiles.ditu.live.com/tiles/gen | |
https://dev.virtualearth.net/REST/v1/Routes/Walking | |
https://mobi.yessign.or.kr/mobisignInstall.htm | |
http://ids.smartcert.kr | |
http://www.openssl.org/support/faq.html | |
https://dev.ditu.live.com/mapcontrol/logging.ashx | |
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= | |
http://pcro.mobilesign.net/mini_cert_install.html | |
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG | |
http://crl.thawte.com/ThawteTimestampingCA.crl0 | |
https://activity.windows.comds | |
http://www.ubikey.co.kr/infovine/download.html1.4.0.2609100003www.dreamsecurity.comcenter.smartcert. | |
https://ecn.dev.virtualearth.net/mapcontrol/roadshield.ashx?bucket= | |
http://www.bingmapsportal.com | |
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/ | |
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ | |
http://cps.root-x1.letsencrypt.org0 | |
http://rootca.kisa.or.kr/kor/hsm/hsm.jspPKCS#11.DriverDriver | |
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx | |
https://mobi.yessign.or.kr/mobisignInstall.htmsiteCode6070059serviceOptubikeyUbikeylParamUbikeyWPara | |
https://dev.ditu.live.com/REST/v1/Transit/Stops/ | |
http://ocsp.thawte.com0 | |
https://dev.virtualearth.net/REST/v1/Routes/ | |
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\cert8.db |
Berkeley DB 1.85 (Hash, version 2, native byte-order) | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certutil.exe |
PE32 executable (console) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\CertManager.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
Click to see the 54 hidden entries | |||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\key4.db-journal |
SQLite Rollback Journal | # | |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\key4.db |
SQLite 3.x database, last written using SQLite version 3010002, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3 | # | |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\cert9.db-journal |
SQLite Rollback Journal | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX.exe.hmac |
data | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NXServices.exe |
PE32 executable (console) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tjbwzv1u.default-release\cert9.db |
SQLite 3.x database, last written using SQLite version 3010002, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7 | # | |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\secmod.db |
Berkeley DB 1.85 (Hash, version 2, native byte-order) | # | |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kc1pur8x.default\key3.db |
Berkeley DB 1.85 (Hash, version 2, native byte-order) | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\certmgr.exe |
PE32 executable (console) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\DreamSecurity\MagicLine4NX\logs\install-202211281523.log |
ISO-8859 text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\NsisUtil.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\DumpLog.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\KillProcDLL.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\libeay32.dll |
PE32 executable (DLL) (console) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\ssleay32.dll |
PE32 executable (DLL) (console) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\nsldap32v50.dll |
PE32 executable (DLL) (console) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\mlnp_dreamsecurity_com.ca-bundle |
PEM certificate | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\smime3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\System.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\nsExec.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\nsProcess.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nst78C0.tmp\version.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicLine4NX\MagicLine4NX.lnk |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Mar 29 10:06:58 2021, mtime=Mon Nov 28 13:22:36 2022, atime=Mon Mar 29 10:06:58 2021, length=3753952, (…) | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicLine4NX\Uninstall.lnk |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Nov 28 13:22:36 2022, mtime=Mon Nov 28 13:22:36 2022, atime=Mon Nov 28 13:22:36 2022, length=113488, (…) | # | |
C:\Windows\Logs\waasmedic\waasmedic.20221128_142248_759.etl |
data | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp |
Unicode text, UTF-8 (with BOM) text | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\L.user.cdp |
Unicode text, UTF-8 (with BOM) text | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\freebl3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\DSCToolkitV30-v3.4.2.20.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\ENG.ini |
ISO-8859 text, with CRLF line terminators | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\Images\Logo.bmp |
PC bitmap, Windows 3.x format, 369 x 73 x 16, image size 54022, resolution 3779 x 3779 px/m, cbSize 54076, bits offset 54 | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\IssuerOid.conf |
ISO-8859 text, with CRLF line terminators | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\IssuerOid_Eng.conf |
ASCII text | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\KOR.ini |
Generic INItialization configuration [Message] | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicCrypto32V21.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\MagicLine4NX_Uninstall.exe |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefox.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\ImportCAtoFirefoxCheck.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity-rootca.der |
Certificate, Version=3 Certificate, Version=01 | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\dreamsecurity.com.der |
Certificate, Version=3, Serial=009e5343085f93b442, not-valid-before=2015-09-03 04:11:52 GMT, not-valid-after=2035-08-28 04:11:52 GMT | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\httptx.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\libnspr4.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\libplc4.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\libplds4.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nspr4.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nss3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nssdbm3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\nssutil3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\plc4.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\plds4.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\softokn3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Program Files (x86)\DreamSecurity\MagicLine4NX\cert\sqlite3.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # |