Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
198.54.126.101 | United States |
Name | IP | Detection |
---|---|---|
nobettwo.xyz | 198.54.126.101 |
Name | Detection |
---|---|
https://nuget.org/nuget.exe | |
https://github.com/Pester/Pester | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip | |
Click to see the 17 hidden entries | |
https://api.ipify.org% | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://blog.naver.com/cubemit314Ghttp://projectofsonagi.tistory.com/ | |
https://api.ipify.org%GETMozilla/5.0 | |
http://oVNzXy.com | |
https://contoso.com/Icon | |
https://contoso.com/License | |
http://127.0.0.1:HTTP/1.1 | |
https://contoso.com/ | |
http://nobettwo.xyz | |
https://pNaYvIZ26OfWPs.net | |
http://crl.microsoft.co | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha | |
http://pesterbdd.com/images/Pester.png | |
http://DynDns.comDynDNS | |
http://nuget.org/NuGet.exe |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NKPhba0VZI.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Drivers.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Drivers.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
Click to see the 8 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Drivers.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bnmp4ebp.syx.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d1rqppmh.xce.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j5urz4n2.cbm.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uwlodmhm.as4.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20210225\PowerShell_transcript.376483.hZkrHILO.20210225122601.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210225\PowerShell_transcript.376483.uDG1lXLj.20210225122519.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # |