Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | IP | Detection |
---|---|---|
canonicalizer.ucsuri.tcs | 0.0.0.0 |
Name | Detection |
---|---|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t | |
http://regexlib.com/ | |
https://dev.virtualearth.net/REST/v1/Routes/ | |
Click to see the 49 hidden entries | |
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/ | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= | |
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# | |
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? | |
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= | |
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v= | |
https://dev.virtualearth.net/REST/v1/Locations | |
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v= | |
https://dev.virtualearth.net/mapcontrol/logging.ashx | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= | |
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/ | |
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y | |
https://dynamic.t | |
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# | |
https://dev.virtualearth.net/REST/v1/Routes/Transit | |
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen | |
http://www.sourceforge.net/projects/regextestkhttp://www.codeproject.com/KB/cs/dotnetregextest.aspx_ | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= | |
https://dev.ditu.live.com/REST/v1/Locations | |
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/ | |
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= | |
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ | |
http://ocsp.sectigo.com0 | |
https://dev.ditu.live.com/REST/v1/Routes/ | |
https://dev.virtualearth.net/REST/v1/Routes/Driving | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx | |
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/ | |
https://t0.tiles.ditu.live.com/tiles/gen | |
https://dev.virtualearth.net/REST/v1/Routes/Walking | |
http://www.davidemauri.it/ | |
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# | |
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n= | |
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# | |
https://dev.ditu.live.com/mapcontrol/logging.ashx | |
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= | |
https://dev.virtualearth.net/REST/v1/Transit/Schedules/ | |
https://sectigo.com/CPS0C | |
https://sectigo.com/CPS0D | |
https://appexmapsappupdate.blob.core.windows.net | |
http://www.nirsoft.net/ | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://www.bingmapsportal.com | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip | |
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ | |
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx | |
https://sectigo.com/CPS0 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Program Files\Common Files\system\E59A6148\svchost.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ADA33B7.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ADA33B7.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
Click to see the 65 hidden entries | |||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lKJbVguaav.exe_2d31aef62bf69c86310ee4e4d6bcfe8179b846_f2aaf5a9_0d501a6f\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\Program Files\Common Files\system\E59A6148\svchost.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmd5esqe.nye.psm1 |
very short file (no magic) | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n53wgmkc.hjj.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nkandfd3.edm.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owyqwer5.pit.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prdboqvj.obf.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t3cudrtk.i1j.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t55ukbii.j4o.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vcgbxqwq.o1n.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlmwsvb4.xai.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w03g12pt.ext.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wyv2ksux.dc3.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4bdcww5.qt0.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\a917f366-d607-4eab-84c4-b148dd5c0b83\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_itmz2rec.cma.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\a917f366-d607-4eab-84c4-b148dd5c0b83\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.DYnW38wW.20210915161257.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.FKgT1nS8.20210915161142.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.Ip8DGDRD.20210915161155.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.UDSSE0Wa.20210915161256.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.WgKkZP8O.20210915161259.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.Y6uDcGdZ.20210915161140.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.dh5SBumr.20210915161301.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.jUr0FIc5.20210915161154.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.omxvttNV.20210915161253.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.shlvG_Cr.20210915161146.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.tRwex4kM.20210915161147.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.yYZmvm0B.20210915161155.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210915\PowerShell_transcript.216554.z8gC+7xP.20210915161149.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp |
ASCII text, with no line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFEC9.tmp.csv |
data | # | |
C:\Users\user\AppData\Local\Temp\6b30eb02-4ddc-4526-af49-69f73f778fc3\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\6b30eb02-4ddc-4526-af49-69f73f778fc3\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\5bb2c36b-9ef3-485f-8cd6-e02fb42d70a2\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\5bb2c36b-9ef3-485f-8cd6-e02fb42d70a2\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\19b25a48-953e-448c-9e64-5dc032452e45\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\19b25a48-953e-448c-9e64-5dc032452e45\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\74756a05-3a9e-4a94-ac38-fe701c90e011\AdvancedRun.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE8C.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFCC6.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3FB.tmp.dmp |
Mini DuMP crash report, 14 streams, CheckSum 0x00000004, Wed Sep 15 23:12:22 2021, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13AA.tmp.txt |
data | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm |
data | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db |
Extensible storage engine DataBase, version 0x620, checksum 0x9d0904e9, page size 16384, DirtyShutdown, Windows version 10.0 | # | |
C:\ProgramData\Microsoft\Network\Downloader\edb.log |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i4ep12v3.0x4.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\74756a05-3a9e-4a94-ac38-fe701c90e011\test.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0sujccj5.2hr.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0to0l3af.5lh.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wq03asq.lvp.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fxzhyif.zrp.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_52yaov0d.0wm.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a3fzrzyw.hii.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_av5ukidk.5ll.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ayrbxg4e.dwv.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cucfolck.ogk.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dahb04fl.vus.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e2lf1ctc.q2f.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ffdfjlzo.kti.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_guupapww.iif.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i34xi30m.50h.psm1 |
very short file (no magic) | # |