Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | IP | Detection |
---|---|---|
canonicalizer.ucsuri.tcs | 0.0.0.0 |
Name | Detection |
---|---|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
Click to see the 15 hidden entries | |
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# | |
http://www.nirsoft.net/ | |
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# | |
http://www.sourceforge.net/projects/regextestkhttp://www.codeproject.com/KB/cs/dotnetregextest.aspx_ | |
http://www.davidemauri.it/ | |
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s | |
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t | |
https://sectigo.com/CPS0D | |
https://sectigo.com/CPS0C | |
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# | |
http://regexlib.com/ | |
http://ocsp.sectigo.com0 | |
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 | |
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y | |
https://sectigo.com/CPS0 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Program Files\Common Files\system\E59A6148\svchost.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ADA33B7.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ADA33B7.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
Click to see the 61 hidden entries | |||
C:\Program Files\Common Files\system\E59A6148\svchost.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxw1d434.kcs.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_soufzxk1.qev.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sssd5d50.ed0.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tdifzaeb.1nw.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_te20ts3b.dv2.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uumxibsd.qrp.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbtwqko3.baj.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z2dsoebv.o3s.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvmxazb3.r4v.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\a6bde2fa-d937-4133-8635-97d75b194940\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\a6bde2fa-d937-4133-8635-97d75b194940\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\b5da386f-05a4-4a60-a911-8b9954bd3249\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\b5da386f-05a4-4a60-a911-8b9954bd3249\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqobtuj1.jfs.ps1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.+XmHsUNP.20210915155527.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.1UafY6nv.20210915155630.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.2IO6Ihvl.20210915155520.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.7dgcABRu.20210915155608.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.CByUc04+.20210915155502.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.OpllYleI.20210915155500.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.Usb5hF8x.20210915155615.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.Z7CArzfL.20210915155612.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345._PywPqRN.20210915155503.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.cNh4BXcU.20210915155615.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.hovu9FR5.20210915155511.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.m3EPoBtw.20210915155610.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.nsM1HNmK.20210915155512.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.571345.sWSZZ_Tx.20210915155519.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bakq5gb0.q3f.ps1 |
very short file (no magic) | # | |
C:\ProgramData\Microsoft\Network\Downloader\edb.log |
data | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db |
Extensible storage user DataBase, version 0x620, checksum 0xb5c8843e, page size 16384, DirtyShutdown, Windows version 10.0 | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\114ecffd-3c3d-4852-9b52-9e435e4d4550\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\114ecffd-3c3d-4852-9b52-9e435e4d4550\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\743d8702-3ca1-4afe-8f7c-4f95be21c963\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\743d8702-3ca1-4afe-8f7c-4f95be21c963\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\79402708-a4e5-478e-aa5f-5322f2c0e4b7\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\79402708-a4e5-478e-aa5f-5322f2c0e4b7\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vq4c30n.hre.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fhtvdiy.ks4.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53g0o2y2.5iz.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5cymq2wv.eqf.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qxn55ua0.cnh.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_butynpy2.fhn.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvydw1mq.uvm.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h5mblyo5.hbx.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ichx54v4.s1k.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyamx0do.zt4.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jddt5hq2.czv.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jna5bssn.ldi.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jpezsbnz.1f0.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lbdjttyt.kg4.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nd4is0gq.rfd.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndk5muty.fik.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_npy3ftdb.oi1.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psd5o1gf.32i.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptyzf23y.xc5.ps1 |
very short file (no magic) | # |