Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
clean
0/100
|
IP | Country | Detection |
---|---|---|
162.159.129.233 | United States | |
162.159.133.233 | United States | |
185.140.53.3 | Sweden | |
Click to see the 1 hidden entries | ||
162.159.134.233 | United States |
Name | IP | Detection |
---|---|---|
cdn.discordapp.com | 162.159.134.233 | |
fridaycav.duckdns.org | 185.140.53.3 |
Name | Detection |
---|---|
https://cdn.discordapp.com | |
http://google.com | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
Click to see the 2 hidden entries | |
https://cdn.discordapp.com/attachments/893177342426509335/897507182801723452/C65065E4.jpg | |
https://cdn.discordapp.com/attachments/893177342426509335/897507184655605810/055DA049.jpg |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Windows\Resources\Themes\aero\shell\svchost.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Windows\Resources\Themes\aero\shell\svchost.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat |
data | # | |
Click to see the 34 hidden entries | |||
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.RVZtbnAH.20211022225200.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5y32fnr.leo.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_meakmi1f.t4b.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzs2cwah.aos.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbbu3mvy.x5n.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat |
data | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin |
data | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat |
data | # | |
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.R9XrkU99.20211022225201.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_he1yasx0.rr3.ps1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.eHoNN7Jh.20211022225143.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.gUcnmDrK.20211022225202.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.nxWumIGU.20211022225145.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.wuJWUGZi.20211022225141.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Windows\appcompat\Programs\Amcache.hve |
MS Windows registry file, NT/2000 or above | # | |
C:\Windows\appcompat\Programs\Amcache.hve.LOG1 |
MS Windows registry file, NT/2000 or above | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEB9.tmp.txt |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3866.tmp.csv |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4102.tmp.txt |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7263.tmp.csv |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CF3.tmp.txt |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE11.tmp.dmp |
Mini DuMP crash report, 15 streams, Fri Oct 22 20:52:05 2021, 0x1205a4 type | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFF4.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE218.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2D1.tmp.csv |
data | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ValorantLogin.ex_d3dae47f44387092f68ca1cb595871d71871171c_9e86c65d_1b86f724\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3bxehw53.30l.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4spir5cp.ks0.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bepvmxj4.oky.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfbgbltw.bmx.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bxhhxa5b.gac.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ceqjht5w.hno.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3xcemaw.5wl.ps1 |
very short file (no magic) | # |