Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 56
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
Name | Detection |
---|---|
http://nuget.org/NuGet.exe | |
http://www.apache.org/licenses/LICENSE-2.0 | |
http://constitution.org/usdeclar.txt | |
Click to see the 13 hidden entries | |
http://pesterbdd.com/images/Pester.png | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
https://contoso.com/ | |
https://nuget.org/nuget.exe | |
http://constitution.org/usdeclar.txtC: | |
https://contoso.com/License | |
https://contoso.com/Icon | |
https://oneget.orgX | |
http://https://file://USER.ID%lu.exe/upd | |
https://oneget.orgformat.ps1xmlagement.dll2040.missionsand | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://github.com/Pester/Pester | |
https://oneget.org |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\5z3xaygo\5z3xaygo.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\ad403csv\ad403csv.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ebtshoty.hoc.psm1 |
very short file (no magic) | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\Documents\20211122\PowerShell_transcript.618321.JkieqDuu.20211122204245.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X0LX71ESHNRJY9TJQYH1.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy) |
data | # | |
C:\Users\user\AppData\Local\Temp\ad403csv\ad403csv.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\ad403csv\ad403csv.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\ad403csv\ad403csv.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\ad403csv\CSCD6795C79BDE3450B9F7CAA8771DF83B.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kc3e5p1v.f0a.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\RESE4F1.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\RESD522.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\5z3xaygo\CSC84083F42CE6043C2AA7FFF454285CD95.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\5z3xaygo\5z3xaygo.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\5z3xaygo\5z3xaygo.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\5z3xaygo\5z3xaygo.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # |