Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
162.159.130.233 | United States | |
194.147.140.25 | unknown | |
162.159.133.233 | United States |
Name | IP | Detection |
---|---|---|
cdn.discordapp.com | 162.159.133.233 | |
friomo.duckdns.org | 194.147.140.25 |
Name | Detection |
---|---|
https://appexmapsappupdate.blob.core.windows.net | |
https://dev.virtualearth.net/mapcontrol/logging.ashx | |
https://dev.ditu.live.com/mapcontrol/logging.ashx | |
Click to see the 38 hidden entries | |
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= | |
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/ | |
https://dev.virtualearth.net/REST/v1/Transit/Schedules/ | |
https://dynamic.t | |
https://dev.virtualearth.net/REST/v1/Routes/Transit | |
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen | |
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v= | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://activity.windows.com | |
http://www.bingmapsportal.com | |
https://dev.ditu.live.com/REST/v1/Locations | |
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ | |
https://%s.dnet.xboxlive.com | |
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/ | |
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= | |
https://dev.virtualearth.net/REST/v1/Routes/Walking | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= | |
https://dev.ditu.live.com/REST/v1/Routes/ | |
https://dev.virtualearth.net/REST/v1/Routes/Driving | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx | |
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/ | |
https://t0.tiles.ditu.live.com/tiles/gen | |
https://dev.virtualearth.net/REST/v1/Routes/ | |
https://cdn.discordapp.com/attachments/886962207051640872/890689205934620692/4102A6C4.jpg | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= | |
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx | |
http://crl.ver) | |
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? | |
https://cdn.discordapp.com | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= | |
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n= | |
http://google.com | |
https://%s.xboxlive.com | |
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v= | |
https://dev.virtualearth.net/REST/v1/Locations |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_s9SWgUgyO5.exe_906cf9c9d383b63dc7dffe55c9f4374d6972c2_bc6c4cc7_044e01f0\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\Users\Public\Documents\???????????????\svchost.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\Public\Documents\???????????????\svchost.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 54 hidden entries | |||
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat |
Non-ISO extended-ASCII text, with no line terminators, with overstriking | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jzm0yq0h.1yh.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4xsvq2co.5px.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kyz0njed.lca.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lq2mhz2z.irn.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmzxtpal.wlv.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qbngdk45.hvk.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qx5b0ha2.mrm.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rslbwbev.gpk.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2q3ne0h.er5.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yvx0vfuv.bx0.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z1nf1r4w.p5l.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvraegol.fzc.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat |
data | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin |
data | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat |
data | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.9xOhnXgG.20210927202809.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.Axn3CWdN.20210927202806.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.IFp2s05x.20210927202733.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.J9PIXj6a.20210927202731.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.JSwVICU1.20210927202749.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.KdadWnHW.20210927202810.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.lgnlqOM5.20210927202750.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.mbVnUaXY.20210927202729.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20210927\PowerShell_transcript.910646.tfVce1MH.20210927202752.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp |
ASCII text, with no line terminators | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER73D9.tmp.txt |
data | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db |
Extensible storage engine DataBase, version 0x620, checksum 0xa184da57, page size 16384, DirtyShutdown, Windows version 10.0 | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_f7137cbad9f7f196b5e4d4e5d71130be24217a9_1341e600_0bfe5ce1\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_f7137cbad9f7f196b5e4d4e5d71130be24217a9_1341e600_15a2778d\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CFA.tmp.dmp |
Mini DuMP crash report, 15 streams, Tue Sep 28 03:28:15 2021, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D71.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F37.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F47.tmp.csv |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5718.tmp.txt |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER62AE.tmp.dmp |
Mini DuMP crash report, 15 streams, Tue Sep 28 03:28:27 2021, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C44.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E0A.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E1C.tmp.csv |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hrkzr5yy.54x.psm1 |
very short file (no magic) | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCEBB.tmp.dmp |
Mini DuMP crash report, 15 streams, Tue Sep 28 03:27:52 2021, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE958.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA82.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAAF.tmp.csv |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2DE.tmp.txt |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vptdszn.afy.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_21by5mbg.ozg.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3la1bnrc.tow.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3zzq33dl.zko.ps1 |
very short file (no magic) | # | |
C:\ProgramData\Microsoft\Network\Downloader\edb.log |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dxgvoyop.yop.ps1 |
very short file (no magic) | # |