Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
104.23.99.190 | United States | |
104.23.98.190 | United States | |
198.54.122.60 | United States |
Name | IP | Detection |
---|---|---|
84.102.13.0.in-addr.arpa | 0.0.0.0 | |
mail.privateemail.com | 198.54.122.60 | |
pastebin.com | 104.23.98.190 |
Name | Detection |
---|---|
http://www.sandoll.cQ | |
http://www.fontbureau.com/designers/frere-jones.html | |
http://www.founder.com.cn/cn | |
Click to see the 80 hidden entries | |
http://www.jiyu-kobo.co.jp/y | |
http://www.founder.com.cn/cn/ | |
http://www.carterandcone.coml | |
http://www.founder.com.cn/cnl-nO | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/ | |
https://github.com/Pester/Pester | |
http://www.fontbureau.comd | |
http://en.wikip | |
http://www.galapagosdesign.com/2 | |
http://www.fontbureau.coma | |
http://www.jiyu-kobo.co.jp/jp/ | |
http://schemas.micr | |
http://en.wikipedia | |
http://www.fontbureau.comion | |
http://www.goodfont.co.krK | |
http://www.goodfont.co.krF4 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone | |
http://www.fontbureau.comy | |
http://www.galapagosdesign.com/staff/dennis.htmWQ | |
http://www.fontbureau.comitud | |
http://www.carterandcone.comnxa | |
http://www.fontbureau.com/designers/ | |
http://www.fontbureau.com/designers0 | |
http://www.fontbureau.com/designers/o | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/ | |
http://www.urwpp.del | |
http://www.fontbureau.com/designers= | |
http://www.jiyu-kobo.co.jp/h | |
http://www.jiyu-kobo.co.jp/sl-s | |
http://www.fontbureau.com/designers8 | |
http://www.sandoll.co.krim | |
http://www.galapagosdesign.com/: | |
http://www.fontbureau.com.TTF: | |
http://www.jiyu-kobo.co.jp/ | |
http://schemas.xmlsoap.org/wsdl/ | |
http://www.fontbureau.comoitu: | |
http://www.monotype. | |
http://www.fontbureau.com/designers/cabarga.html | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20 | |
http://whatismyipaddress.com/- | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o | |
http://www.fontbureau.com( | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid | |
http://www.sandoll.co.krW | |
http://www.founder.com.cn/cnOx | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o | |
http://www.fontbureau.comednxn | |
http://www.monotype.X | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication | |
http://www.fontbureau.com/ | |
http://www.carterandcone.com | |
http://www.goodfont.co.kr | |
http://www.fontbureau.comessed | |
http://www.fontbureau.com/designers | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince | |
http://www.tiro.com | |
http://www.fontbureau.comgritaU | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200 | |
http://www.fontbureau.comI.TTF | |
http://www.fontbureau.com/designersr | |
http://www.founder.com.c | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
http://schemas.xmlsoap.org/soap/encoding/ | |
http://pesterbdd.com/images/Pester.png | |
http://www.jiyu-kobo.co.jp/U | |
http://www.fontbureau.comF | |
http://www.galapagosdesign.com/ | |
http://www.fontbureau.com | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005 | |
http://www.fontbureau.com/designerss | |
http://www.fontbureau.comueed | |
http://www.fontbureau.com.TTF | |
http://www.sakkal.com | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://www.zhongyicts.com.cn | |
http://www.urwpp.de | |
http://www.nirsoft.net/ | |
http://www.sandoll.co.kr |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\POinv00393.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POinv00393.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POinv00393.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 19 hidden entries | |||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ita4axrx.vfc.ps1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20210201\PowerShell_transcript.878164.c22VO1SZ.20210201132917.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210201\PowerShell_transcript.878164.RU3nUHy1.20210201132916.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210201\PowerShell_transcript.878164.RDa_5qiQ.20210201132920.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210201\PowerShell_transcript.878164.GqBDotby.20210201132918.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\pidloc.txt |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\pid.txt |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rrwl3rrp.fl5.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0eyjx0q.um5.psm1 |
very short file (no magic) | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AF9.tmp.dmp |
Mini DuMP crash report, 14 streams, Mon Feb 1 21:30:59 2021, 0x1205a4 type | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_igqs5mg1.0fv.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_btp5zmxs.mrt.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ap14tuqv.fkf.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3gd4shtk.lf5.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1jbb1rur.kxs.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC7D.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC13.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # |