Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
104.23.99.190 | United States | |
194.5.97.173 | Netherlands | |
104.23.98.190 | United States |
Name | IP | Detection |
---|---|---|
1.ispnano.dns-cloud.net | 194.5.97.173 | |
pastebin.com | 104.23.98.190 |
Name | Detection |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/ | |
Click to see the 16 hidden entries | |
http://crl.globalsi7 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/ | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince | |
https://go.microd | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005 | |
http://logo.vGs | |
https://pastebin.com/raw/W63zsRav | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o | |
https://go.micro | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shipping order#.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
Click to see the 18 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shipping order#.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat |
ISO-8859 text, with no line terminators | # | |
C:\Users\user\Documents\20210108\PowerShell_transcript.701188.tt6CRrQ7.20210108182806.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210108\PowerShell_transcript.701188.nGv+RGBh.20210108182808.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210108\PowerShell_transcript.701188.ONgqdUkt.20210108182809.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210108\PowerShell_transcript.701188.Laubqkk7.20210108182807.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yf4s2bry.3jw.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x2khrpam.ug2.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pilnwesf.xu0.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_harhvbow.ned.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fraa5aiu.gcp.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e04p2qly.o2t.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czsau0n1.mqj.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_brge2zcm.hwd.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBDF.tmp.dmp |
Mini DuMP crash report, 15 streams, Fri Jan 8 17:29:22 2021, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3D9.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DEE.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # |