Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 52
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
malicious
Score: 52
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
Name | IP | Detection |
---|---|---|
windowsupdatebg.s.llnwi.net | 95.140.236.128 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\~DF9B4A5A35E9DCFF4E.TMP |
data | # | |
C:\Users\user\Desktop\~$H3TvDB3v.doc |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex |
Little-endian UTF-16 Unicode text, with no line terminators | # | |
Click to see the 15 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\cbH3TvDB3v.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Jun 17 14:37:59 2022, mtime=Fri Jun 17 14:37:59 2022, atime=Fri Jun 17 14:38:10 2022, length=229376, window=hide | # | |
C:\Users\user\AppData\Local\Temp\~DFD769752DB3460C4F.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFCFAC4359F737332B.TMP |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template (…) | # | |
C:\Users\user\AppData\Local\Temp\~DFA9B3A0F712249C78.TMP |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF4D47212460854302.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF2FA714AB39BD624A.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF2DA25969847DD094.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF284A8B9707C89825.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF1CADFA05493ACF52.TMP |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{86E0087D-F291-472A-A1A1-6F1E38491318}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0A41982D-0DE7-49E2-91D7-2CAB52C73798}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{EF825FBA-D225-41ED-8810-8C00E821558A}.tmp |
Composite Document File V2 Document, Cannot read section info | # |