Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 96
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
208.95.112.1 | United States |
Name | IP | Detection |
---|---|---|
ip-api.com | 208.95.112.1 |
Name | Detection |
---|---|
https://github.com/Pester/Pester | |
http://ip-api.com/line/?fields=hosting | |
http://crl.t.com/pki/crl/pr | |
Click to see the 26 hidden entries | |
http://crl.entrust.net/2048ca.crl0 | |
http://www.entrust.net/rpa0 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://crl.entrust.net/ts1ca.crl0 | |
http://www.codeplex.com/DotNetZip | |
http://ip-api.com | |
https://nuget.org/nuget.exe | |
https://contoso.com/ | |
http://schemas.xmlsoap.org/wsdl/ | |
http://nsis.sf.net/NSIS_Error | |
http://ip-api.com4 | |
http://crl.mi | |
http://nuget.org/NuGet.exe | |
http://nsis.sf.net/NSIS_ErrorError | |
http://crl.osofts/Microt0 | |
http://aia.entrust.net/ts1-chain256.cer01 | |
https://contoso.com/Icon | |
https://contoso.com/License | |
http://www.entrust.net/rpa03 | |
https://go.micro | |
http://ocsp.entrust.net02 | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
http://ocsp.entrust.net03 | |
http://schemas.xmlsoap.org/soap/encoding/ | |
http://pesterbdd.com/images/Pester.png | |
http://wsoft.com/pki/ceroCerAut_2010-06- |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Roaming\Windows\System.exe |
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\6363.exe |
PE32 executable (console) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Roaming\13.exe |
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows | # | |
Click to see the 14 hidden entries | |||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ntbonqkd.4oe.psm1 |
very short file (no magic) | # | |
C:\Users\user\Documents\20220321\PowerShell_transcript.124406.nPMpTzNg.20220321131615.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220321\PowerShell_transcript.124406.hEIboB2j.20220321131654.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\Documents\20220321\PowerShell_transcript.124406.H_CZkqq5.20220321131727.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmrv50ev.vgm.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_onkmbs4h.1fs.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\13.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kza20jcr.aj3.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdqh0fyf.oux.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ax1m5cxw.dic.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fszllca.cnq.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1nkf0ynl.1ys.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # |