Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | Detection |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\67CdpRzUI7.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\tmpFE57.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\tOWpkfkEQkpDPd.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 42 hidden entries | |||
C:\Users\user\AppData\Roaming\tOWpkfkEQkpDPd.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.2tfvDpF+.20200918062706.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3rifdbu.bp3.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqkraush.qfr.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x2ic4abl.rjm.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmig2ct4.du5.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zty1ixpy.gjc.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.+K_MFW49.20200918062705.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.05xsmnAV.20200918062709.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tx4t4i0d.ubj.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.4xwntqkf.20200918062712.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.BgHYNPEQ.20200918062658.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.LgtgmmaC.20200918062702.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.PFlAt5se.20200918062702.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.V5P4DUwg.20200918062705.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.d1F0YTWO.20200918062703.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.jF7cgiVF.20200918062712.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.tbLRiJj7.20200918062704.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.wSEGsd1I.20200918062712.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.wvsU3erY.20200918062707.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g55v5qgm.afs.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0i1nhcti.4oe.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0whafc3a.lrl.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2fgdbglz.cvg.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ucitoxd.gfx.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0hienfz.4so.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cn2lziv5.w5p.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cultvf32.0ju.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_enmo4pfg.x0r.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tyco31l0.qx5.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gheeje5z.crb.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hazjys1w.t0d.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mh5k1mzm.yql.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmhn2whc.c2n.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p4hsgw0n.p52.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pjt51k02.1do.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qghjrwxy.je4.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1izqoyu.hfy.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjiogkdb.bzg.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swaddp3q.ohx.ps1 |
very short file (no magic) | # |