Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
| IP | Country | Detection |
|---|---|---|
| 192.169.69.26 | United States |  |
| Name | IP | Detection |
|---|---|---|
| nickdns22.duckdns.org | 192.169.69.26 | |
| Name | Detection |
|---|---|
| 127.0.0.1 | |
| nickdns22.duckdns.org | |
| https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guides |  |
| Click to see the 37 hidden entries | |
| https://www.elsevier.com/legal/elsevier-website-terms-and-conditions | |
| https://clients2.google.com/service/update2/crxupdate_urlBrowser | |
| http://p.yusukekamiyamane.com/ | |
| https://github.com/Juris-M/citeproc-js | |
| http://www.sysinternals.comWindowPositionSOFTWARE | |
| https://service.elsevier.com/app/contact/supporthub/mendeley?dgcid=Mendeley_Desktop_Help-menu-Contac | |
| https://plasma.kde.org | |
| https://www.mendeley.com/library | |
| https://www.virustotal.com/en/about/terms-of-service/ | |
| https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guideshttps://www.mendeley.com | |
| http://citationstyles.org/ | |
| http://www.sysinternals.comopenConnection | |
| https://github.com/citation-style-language/styles | |
| https://www.virustotal.comPOST4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0capikey | |
| https://www.sysinternals.comntdllRtlInitUnicodeStringNtOpenDirectoryObjectNtQuerySectionNtQueryDirec | |
| http://www.sysinternals.comFileVersionLegalCopyright | |
| https://citationstyles.org | |
| https://service.elsevier.com/app/answers/detail/a_id/22094/kw/migrate/supporthub/mendeley/ | |
| http://support.mendeley.com/customer/portal/articles/227955 | |
| https://ims-prod06.adobelogin.com | |
| https://crashpad.chromium.org/ | |
| https://ims-na1-stg1.adobelogin.com | |
| https://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-website | |
| https://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQ | |
| https://crashpad.chromium.org/bug/new | |
| https://www.gmu.edu/ | |
| https://csl.mendeley.com | |
| http://www.sysinternals.com | |
| https://www.zotero.org/ | |
| https://www.elsevier.com/legal/privacy-policy | |
| https://www.virustotal.com/about/terms-of-service%s | |
| http://www.sysinternals.comopenThe | |
| https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new | |
| https://rrchnm.org/ | |
| http://creativecommons.org/licenses/by-sa/3.0/ | |
| http://www.sysinternals.comFileVersionLegalCopyrightLISTBOXDEL:AllUsersuserComputerscomputerGroupsgr | |
| https://service.elsevier.com/app/answers/detail/a_id/19611/kw/duplicates/supporthub/mendeley/Yes | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Temp\tmp9A5C.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat |
Non-ISO extended-ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\znytpstdcrwsisx.fr.url |
Generic INItialization configuration [InternetShortcut] | # | |
| Click to see the 6 hidden entries | |||
C:\Users\user\AppData\Roaming\hdoydskbdx\znytpstdcrwsisx.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\MSBuild.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\aut8DF8.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\cbmfpeiu |
data | # | |
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat |
ASCII text, with no line terminators | # | |
\Device\ConDrv |
ASCII text, with CRLF line terminators | # | |
