Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
192.169.69.26 | United States |
Name | IP | Detection |
---|---|---|
hackerguru.duckdns.org | 192.169.69.26 | |
hackerguru.ddns.net | 0.0.0.0 |
Name | Detection |
---|---|
http://ziczac.it/a/login/?ReturnUrl= | |
http://big5.southcn.com/gate/big5/ | |
http://www.robtex.com/dns/arribada.ebay.$ | |
Click to see the 97 hidden entries | |
http://www.reddit.com/domain/en. | |
http://tubeurl.com/ | |
http://www.relatelist.com/ | |
http://www.americanjobs.com/my.job/jobs/?jobTitle=Client.Services.Associate&jobCompany=Indeed&am | |
http://www.stihi.ru/go/$www. | |
http://news.baidu.com/ns?cl=2&rn=20&tn=news&word= | |
http://4vn.eu/forum/vcheckvirus.php?url=http://www. | |
http://www.alexa.com/site/linksin/27.cn/&url= | |
http://www.admin173.com/tool/indexed.asp?url= | |
http://www.saveonpadfolios.com/ | |
http://www.pbnation.com/out.php?l=http://www. | |
http://pagerank.uzeik.net/?u=$www. | |
http://ekodok.com/search/gadis | |
http://americatelefonos.com/americatelefonos/americatelefonos.php?u=www. | |
http://nebulousrising.guildlaunch.com/tools/index.php?display_url= | |
http://www.alexa.com/site/linksin/zibolan.com/&url= | |
http://www.alexa.com/site/linksin/letao.com/&url= | |
http://subversion.tigris.org/ds/viewForumSummary.do?dsForumId=445&viewType=author&posterId=G | |
http://www.cirip.ro/post/?url= | |
http://www.seowen.com/plus/search.php?kwtype=0&keyword= | |
http://www.robtex.com/dns/broker.wip3.$ | |
http://www.faviki.com/person/rhaze/website/ | |
http://worth.buxcon.eu/www. | |
https://www.google.com.pg/?#q= | |
http://www.trackword.biz/s/ | |
http://www.rnasports.co.uk/ | |
http://www.radabg.com/url/ | |
http://www.postyourcameltoe.com/ | |
http://www.alexa.com/site/linksin/tutuwu.com//&url= | |
http://www.boostersite.com/vote-1387-1371.html?adresse= | |
http://pr.toolsky.com/pr.asp?domain= | |
http://fileshunt.com/download.php?id=1548390&q=fhm.april.2009.pdf&file=11.FHM.Philippines.No | |
http://www.i-dentity.com/ | |
http://www.orlandosentinel.com/search/dispatcher.front?page=1&target=google&Query=site:/ | |
http://www.net-temps.com/webapps/search/jobs.do?searchTerms=Apple.iPhone.3GS. | |
http://www.dealighted.com/?search=free | |
http://www.alexa.com/site/linksin/882suncity.net/&url= | |
http://mrtaggy.com/search?q=maps | |
http://www.alexa.com/site/linksin/guohaojuanlianmen.cn/&url= | |
http://www.wordsjunction.com/word/ | |
http://www.robtex.com/dns/6apart.$ | |
http://ca.mymistake.info/ | |
http://asiantelephones.com/asiantelephones/asiantelephones.php?u=www. | |
http://www.scopesite.net/ | |
http://www.architectureweek.com/cgi-bin/wlc?http://www. | |
http://zzxgj.com/index.php?tl=keyword_rank&action=do&keyword=%CD%F8%D5%BE&kw= | |
http://www.siteworthit.com/websiteworth.cfm?siteq= | |
http://www.directorystorm.com/?url= | |
http://www.liberec2009.com/ | |
http://www.peeplo.co.uk/domain/ | |
http://www.tlma.cn/tools/google/?q= | |
http://www.domainforum.in/ | |
http://www.sogou.com/web?query=link%3Aweather.$www. | |
http://www.savevid.com/?url=http://www. | |
http://sagoolapi.toypark.in/index.php?k=%E3%82%BF%E3%83%BC%E3%83%9F%E3%83%8D%E3%83%BC%E3%82%BF%E | |
http://www.mefasol.com/artist/vincent_900620/profiles.$ | |
http://www.zapin.net/externalURL/externLinkFrame_Main.asp?externalURL=http://www. | |
http://domainbyip.com/domaintoip/wptest.profiles. | |
http://www.wo55.com/alexa/?url= | |
http://validator.w3.org/check?uri= | |
http://www.alexa.com/site/linksin/client-consult.com/&url= | |
http://vkrugudruzei.ru/x/button/login?returnUrl= | |
http://www.25212.com/post/alexa/?url= | |
http://www.sooule.com/Search.aspx?all=www. | |
http://www.alexa.com/site/linksin/baoma7.com/&url= | |
http://jillemeryart.com/ | |
http://www.cre8asiteforums.com/ | |
http://www.robtex.com/dns/6apart. | |
http://www.infobel.com/en/world/Teldir.aspx?url=http://www. | |
http://www.robtex.com/dns/build- | |
http://www.seo-contest.nl/ | |
http://www.dealighted.com/all/search/page-7/Apple | |
https://www.google.ge/?#q= | |
http://www.myiptest.com/staticpages/index.php/Reverse-DNS-Lookup/miseriacordia. | |
http://www.websitetrafficrankings.com/alexa-traffic.php?for= | |
http://www.websiteaccountant.nl/www.travel./ | |
http://www.robtex.com/dns/bulletin. | |
http://www.myiptest.com/staticpages/index.php/Reverse-DNS-Lookup/wildatheart. | |
http://news.sogou.com/news?query=site%3Awww. | |
http://megastreaming.org/player/?q=http://megastreaming.org/player/?q=http%3A%2F%2F | |
http://www.sogou.com/web?query= | |
http://www.diigo.com/user/freshout?domain= | |
http://costaricacenter.com/costarica/go.php?url=hotbot. | |
http://www.sogou.com/web?query=site%3Aindexed.$www. | |
http://www.keywordspy.com/organic/domain.aspx?q=edcommunity. | |
http://hi.websiteworths.com/ | |
http://www.healthhaven.com/Dual_X-ray_Absorptometry_site: | |
http://www.folkd.com/url/vsonnurs.blog. | |
http://www.seaportrealtors.com/frame.shtml?http://www. | |
http://www.estimatedwebsite.co.uk/ | |
http://www.robtex.com/dns/activities.$ | |
http://search.msn.com/results.aspx? | |
http://www.lmgestion.net/ | |
http://www.gpirate.com/search?src=gpirate&hl=en&q= | |
http://www.alexa.com/site/linksin/zhaopin.com/&url= | |
http://www.worthstat.com/ | |
http://www.dealighted.com/all/search/page-14/iPod |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\blogger.exe |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | # | |
C:\Users\user\AppData\Local\Temp\script.vbs |
ASCII text | # | |
C:\Users\user\AppData\Local\Temp\Server1.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 30 hidden entries | |||
C:\Users\user\AppData\Local\Temp\Server4.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\Server6.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\Simple Backlink Indexer.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\svhost2.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\svhost6.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\svhost4.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_leooiuv4.nt1.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gswy1utg.bwi.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rt1oezby.cbd.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wjj14ie3.ztn.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20210824\PowerShell_transcript.675052.4uYwS3Xn.20210824013718.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210824\PowerShell_transcript.675052.ESjLN_ML.20210824013712.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210824\PowerShell_transcript.675052.H1NYyX8Y.20210824013714.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210824\PowerShell_transcript.675052.JYCnAQpj.20210824013711.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210824\PowerShell_transcript.675052.MlAp7Xoo.20210824013714.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210824\PowerShell_transcript.675052.T57Pp1pU.20210824013722.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2im0rnk.ydj.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ksm0ddf2.5hi.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Server1.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fkmj32pi.muz.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5i31ymt.403.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ddahowch.d0j.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cpkrmxy0.rs3.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3d4iv4kw.fbr.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0h2az4wk.rzn.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\Protect4a647d98.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Server6.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Server4.exe.log |
ASCII text, with CRLF line terminators | # |