Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
77.247.127.198 | United Kingdom | |
104.21.26.226 | United States | |
104.21.66.125 | United States | |
Click to see the 1 hidden entries | ||
172.67.139.125 | United States |
Name | IP | Detection |
---|---|---|
mo1010.duckdns.org | 77.247.127.198 | |
java-eg.com | 104.21.66.125 | |
chilp.it | 172.67.139.125 |
Name | Detection |
---|---|
mo1010.duckdns.org | |
https://nuget.org/nuget.exe | |
http://java-eg.com | |
Click to see the 32 hidden entries | |
https://github.com/Pester/Pester | |
http://james.newtonking.com/projects/json | |
https://chilp.it/7854 | |
https://java-eg.com | |
https://java-eg.com/wp-content/themes/twentyseventeen/template-parts/header/java/php.jpg | |
http://schemas.xmlsoap.org/wsdl/ | |
https://contoso.com/ | |
https://chilp.it/7854610X | |
https://www.newtonsoft.com/jsonschema | |
http://chilp.itx | |
https://www.nuget.org/packages/Newtonsoft.Json.Bson | |
https://system.data.sqlite.org/ | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://crl.miV | |
http://crl.micros | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
http://nuget.org/NuGet.exe | |
https://java-eg.com8 | |
https://java-eg.comx | |
https://chilp.it/7854610 | |
https://java-eg.com/wp-content/themes/twentyseventeen/template-parts/header/java/i2.jpg | |
http://chilp.it | |
http://pesterbdd.com/images/Pester.png | |
http://schemas.xmlsoap.org/soap/encoding/ | |
http://chilp.it/7854610 | |
https://go.micro | |
https://contoso.com/License | |
https://contoso.com/Icon | |
https://java-eg.com/wp-content/themes/twentyseventeen/template-parts/header/java/i1.jpg | |
https://system.data.sqlite.org/X | |
https://www.newtonsoft.com/json | |
https://chilp.it |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\Public\Music\alosh.ps1 |
ASCII text, with CRLF line terminators | # | |
C:\Users\Public\Music\run.ps1 |
ASCII text, with CRLF line terminators | # | |
C:\Users\Public\Music\vb.bat |
ASCII text, with CRLF line terminators | # | |
Click to see the 26 hidden entries | |||
C:\Users\Public\Music\vb.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Users\Public\Service.ps1 |
ASCII text, with very long lines | # | |
C:\Users\Public\WindowsStateRepositoryCore.bat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\vfl4qio1\vfl4qio1.0.cs |
C++ source, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\vfl4qio1\vfl4qio1.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\vfl4qio1\vfl4qio1.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ra2cc3nn.htl.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20210925\PowerShell_transcript.141700.ZNRASwRg.20210925102617.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u4t0ypvc.tro.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\vfl4qio1\CSC646E655CB52D4766BD87DD83F0456ED1.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\vfl4qio1\vfl4qio1.out |
ASCII text, with CRLF, CR line terminators | # | |
C:\Users\user\Documents\20210925\PowerShell_transcript.141700.6c+yQSjo.20210925102653.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210925\PowerShell_transcript.141700.AqQg2vAe.20210925102646.txt |
UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators | # | |
C:\Users\user\Documents\20210925\PowerShell_transcript.141700.Wmi7Y8+9.20210925102640.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\ProgramData\ServiceState\WindowsStateRepositoryCore.vbs |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qaqxfbd5.hwt.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozfsb0sd.c5h.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oiavrk5x.uun.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogriscnf.3fi.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hsosxhun.yqd.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2zjx0icl.5k2.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RESF057.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 61157 bytes, 1 file | # |