Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
131.186.113.70 | United States | |
104.16.155.36 | United States | |
104.21.19.200 | United States | |
Click to see the 2 hidden entries | ||
199.193.7.228 | United States | |
216.146.43.70 | United States |
Name | IP | Detection |
---|---|---|
69.170.12.0.in-addr.arpa | 0.0.0.0 | |
checkip.dyndns.org | 0.0.0.0 | |
whatismyipaddress.com | 104.16.155.36 | |
Click to see the 3 hidden entries | ||
freegeoip.app | 104.21.19.200 | |
smtp.privateemail.com | 199.193.7.228 | |
checkip.dyndns.com | 131.186.113.70 |
Name | Detection |
---|---|
http://www.carterandcone.como.R | |
http://www.carterandcone.coml | |
http://www.goodfont.co.krF | |
Click to see the 87 hidden entries | |
https://github.com/Pester/Pester | |
http://www.fontbureau.comd | |
http://whatismyipaddress.com | |
http://www.fontbureau.comY | |
https://contoso.com/Icon | |
http://www.sakkal.com-mq | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha | |
http://ns.adobe.cobj | |
http://www.typography.net-d | |
http://pesterbdd.com/images/Pester.png | |
https://sectigo.com/CPS0 | |
http://www.fontbureau.comF | |
http://www.goodfont.co.kr9 | |
http://DynDns.comDynDNS | |
http://www.fontbureau.com | |
http://www.apache.org/licenses/LICENSE-2.0 | |
http://nuget.org/NuGet.exe | |
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# | |
https://freegeoip.app/xml/ | |
http://www.jiyu-kobo.co.jp/ | |
http://ns.ado/1 | |
http://www.tiro.com-cz | |
https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26 | |
http://www.typography.netn | |
http://fontfabrik.com( | |
http://www.sandoll.co.krn-u | |
http://www.fontbureau.comdsed | |
http://www.apache.org/licenses/LICENSE-2.0.htmlL | |
http://www.fontbureau.com/designers8 | |
http://www.jiyu-kobo.co.jp/l | |
http://www.founder.com.cn/cniac | |
http://www.fontbureau.comm | |
http://www.typography.netx | |
http://pesterbdd.com/images/Pester.pngL | |
http://checkip.dyndns.org/HBFl | |
http://www.fontbureau.com/designers/frere-jones.html | |
http://www.founder.com.cn/cn | |
http://www.fontbureau.comceto | |
http://www.fontbureau.comdV | |
http://www.fontbureau.coma3 | |
http://www.fontbureau.com/designers/cabarga.htmlN | |
http://www.founder.com.cn/cnT | |
http://fontfabrik.com | |
http://www.galapagosdesign.com/staff/dennis.htm | |
http://www.founder.com.cn/cn/cThe | |
http://www.typography.netD | |
http://csARxe.com | |
http://www.sajatypeworks.com | |
http://www.carterandcone.com | |
http://www.goodfont.co.kr | |
http://ns.adobe.c/g | |
http://www.fontbureau.com/designers | |
http://www.tiro.com | |
http://www.typography.net-siu | |
https://contoso.com/License | |
http://www.founder.com.cn/cnR | |
http://tempuri.org/DataSet1.xsd | |
http://www.fontbureau.com/designers? | |
https://github.com/Pester/PesterL | |
http://ocsp.sectigo.com0 | |
http://www.zhongyicts.com.cnaN | |
http://www.founder.com.cn/cn/bThe | |
http://www.fontbureau.com/designers/? | |
http://www.fontbureau.com/designersG | |
http://www.fonts.com | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip | |
http://www.sakkal.com | |
http://www.carterandcone.como. | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://www.zhongyicts.com.cn | |
http://www.nirsoft.net/ | |
http://whatismyipaddress.com/ | |
http://www.urwpp.deDPlease | |
http://www.site.com/logs.php | |
http://www.sandoll.co.kr | |
http://127.0.0.1:HTTP/1.1 | |
https://login.yahoo.com/config/login | |
https://api.ipify.org%GETMozilla/5.0 | |
https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu | |
http://www.galapagosdesign.com/DPlease | |
http://whatismyipaddress.com/- | |
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/ | |
https://nuget.org/nuget.exe | |
https://contoso.com/ | |
http://www.typography.net | |
http://checkip.dyndns.org/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_697020edb13ed8bc761f5d6b0de413dddfcbfb_b4666e22_1b230661\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_Invoices_pdf.exe.log |
ASCII text, with CRLF line terminators | # | |
Click to see the 31 hidden entries | |||
C:\Users\user\AppData\Local\Temp\hawkgoods.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\origigoods20.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\origigoods40.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_697020edb13ed8bc761f5d6b0de413dddfcbfb_b4666e22_12f099c3\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_93f07d9c4f92cda17563b29cabdf995c588ef9_00000000_1a4a83a4\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_93f07d9c4f92cda17563b29cabdf995c588ef9_00000000_14dc0d13\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\pid.txt |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\pidloc.txt |
ASCII text, with no line terminators | # | |
C:\Users\user\Documents\20210202\PowerShell_transcript.830021.dnDUrXav.20210202085254.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210202\PowerShell_transcript.830021.vpu_jBUU.20210202085147.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\holderwb.txt |
Little-endian UTF-16 Unicode text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zllqa32j.uf3.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fla1cgxx.qbm.ps1 |
very short file (no magic) | # | |
C:\Users\user\Documents\Matiex Keylogger\Screenshot.png |
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_awkr53h0.pdr.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4e14qwxc.os0.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\I$s#$lT3ssl.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDB6.tmp.mdmp |
Mini DuMP crash report, 14 streams, Tue Feb 2 16:53:45 2021, 0x60521 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD84E.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD020.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF48.tmp.mdmp |
Mini DuMP crash report, 14 streams, Tue Feb 2 16:52:18 2021, 0x60521 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8566.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER81AC.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7473.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72DC.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BB7.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F33.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # |