Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
79.134.225.7 | Switzerland |
Name | IP | Detection |
---|---|---|
james12.ddns.net | 79.134.225.7 |
Name | Detection |
---|---|
james12.ddns.net | |
127.0.0.1 | |
https://go.microX% | |
Click to see the 2 hidden entries | |
http://www.fileden.com/files/2011/10/5/3204996/curver.txt | |
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\wDIaJji4Vv.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 14 hidden entries | |||
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat |
data | # | |
C:\Users\user\AppData\Local\Temp\tmpE049.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5wqclte.tm2.psm1 |
very short file (no magic) | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210404\PowerShell_transcript.216554.qbfO9BC_.20210404023623.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210404\PowerShell_transcript.216554.9U9ReEn0.20210404023626.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat |
data | # | |
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wlk4xu4b.yrc.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jbmpopxb.30w.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bn2wvdhj.h2i.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log |
ASCII text, with CRLF line terminators | # |