Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
149.102.154.62 | United States |
Name | IP | Detection |
---|---|---|
thekaribacruisecompany.com | 149.102.154.62 |
Name | Detection |
---|---|
httPs://thekaribacruisecompany.com/file.exe | |
httPs://thekaribacruisecompany.c | |
https://thekaribacruisecompany.com/file.exe | |
Click to see the 15 hidden entries | |
http://crl.entrust.net/2048ca.crl0 | |
https://secure.comodo.com/CPS0 | |
http://www.piriform.com/Yg | |
http://ocsp.entrust.net0D | |
http://nsis.sf.net/NSIS_ErrorError | |
https://thekaribacruisecompany.com | |
http://www.diginotar.nl/cps/pkioverheid0 | |
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 | |
http://www.piriform.com/ccleaner | |
httPs://thekaribacruisecompany.com/file.exePEQ | |
httPs://thekaribacruisecompany.com/file.exePE | |
http://ocsp.entrust.net03 | |
http://crl.entrust.net/server1.crl0 | |
http://nsis.sf.net/NSIS_Error | |
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Roaming\file.exe |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exe |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | # | |
C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT |
data | # | |
Click to see the 30 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Boo.wav |
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF501bcb.TMP (copy) |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF504a59.TMP (copy) |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9YQ9PYJ6KG059DAWKHEY.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YJUBHAZA5OF447Z3CQQ4.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\Trumpet1.wav |
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\ZedGraph.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Belysningsvsenerne\Kuneste\Hebraized\Overtegningerne\PSReadLine.format.ps1xml |
HTML document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0TIZ5KP0HTH2PPHMB9S2.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Cricks.Mou |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\License.rtf |
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025 | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Underlever.Als |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\httputility.dll |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\libgdk_pixbuf-2.0-0.dll |
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows | # | |
C:\Users\user\Desktop\~$PO0015922.doc |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy) |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex |
Unicode text, UTF-16, little-endian text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
Generic INItialization configuration [doc] | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\TEPO0015922.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:59 2022, mtime=Tue Mar 8 15:45:59 2022, atime=Sat Mar 18 11:34:15 2023, length=248144, window=hide | # | |
C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nss4AE7.tmp\System.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\nsnC988.tmp\System.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE1210DB-2D28-4E8A-A9AA-48F09BC90D1C}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D69C60B5-B29E-4F37-A352-937B9DD503EB}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CDF61019-DC02-4D7F-85CF-609F74BFDBD2}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8A92D3FF.png |
370 sysV pure executable | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3DD35DF4.wmf |
Windows metafile | # |