Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
149.154.167.220 | United Kingdom | |
109.206.241.81 | Germany | |
162.159.135.233 | United States | |
Click to see the 2 hidden entries | ||
162.159.133.233 | United States | |
162.159.134.233 | United States |
Name | IP | Detection |
---|---|---|
cdn.discordapp.com | 162.159.134.233 | |
api.telegram.org | 149.154.167.220 |
Name | Detection |
---|---|
http://109.206.241.81/htdocs/eZYWw.exe | |
http://crl.entrust.net/2048ca.crl0 | |
http://127.0.0.1:HTTP/1.1 | |
Click to see the 25 hidden entries | |
https://api.ipify.org% | |
http://109.206.241.81P | |
https://secure.comodo.com/CPS0 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://ocsp.entrust.net0D | |
http://api.telegram.org | |
https://api.telegram.org/bot5520247480:AAEoBq-eVV-KfON2FKSf_2riekCozVDdnus/sendDocument | |
http://DynDns.comDynDNSnamejidpasswordPsi/Psi | |
https://api.telegram.org/bot5520247480:AAEoBq-eVV-KfON2FKSf_2riekCozVDdnus/sendDocumentdocument----- | |
http://crl.entrust.net/server | |
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 | |
http://ypWPmbJ0rAhp55WcExAk.org | |
https://cdn.discordapp.com | |
https://api.ipify.org%%startupfolder% | |
http://fWvVfB.com | |
https://api.telegram.org/bot5520247480:AAEoBq-eVV-KfON2FKSf_2riekCozVDdnus/ | |
http://www.diginotar.nl/cps/pkioverheid0 | |
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 | |
https://api.telegram.orgP | |
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www | |
http://ocsp.entrust.net03 | |
http://crl.entrust.net/server1.crl0 | |
https://api.telegram.org | |
https://cdn.discordapp.com/attachments/1005703293437235255/1005705055426588785/RealProxyFlagsBadSign | |
https://cdn.discordapp.com/attachments/1005703293437235255/1005705055426588785/RealProxyFlagsBadSignature.dll |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B571C632-7DEC-4279-BDFC-1CEF56BCD21F}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Temp\Client.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\Client.exe:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
Click to see the 12 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\29B1D60A.wmf |
Targa image data - Map - RLE 1569 x 65536 x 0 +2 "\005" | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6D4CCCED.wmf |
Targa image data - Map - RLE 28 x 65536 x 0 +2 "\005" | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0FBA591C-1198-4182-9EE3-9B1EEE452FAA}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A57256D0-EBE1-4542-8EF9-B2D4E6FF0AF4}.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\ICPO07082299976.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:53 2022, mtime=Tue Mar 8 15:45:53 2022, atime=Mon Aug 8 23:18:10 2022, length=33775, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\dazigpcb.bar\Chrome\Default\Cookies |
SQLite 3.x database, last written using SQLite version 3032001 | # | |
C:\Users\user\AppData\Roaming\dazigpcb.bar\Firefox\Profiles\7xwghk55.default\cookies.sqlite |
SQLite 3.x database, user version 7, last written using SQLite version 3017000 | # | |
C:\Users\user\AppData\Roaming\ohiyg0r5.hds\Chrome\Default\Cookies |
SQLite 3.x database, last written using SQLite version 3032001 | # | |
C:\Users\user\AppData\Roaming\ohiyg0r5.hds\Firefox\Profiles\7xwghk55.default\cookies.sqlite |
SQLite 3.x database, user version 7, last written using SQLite version 3017000 | # | |
C:\Users\user\Desktop\~$PO07082299976.doc |
data | # |