Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
192.3.239.4 | United States |
Name | IP | Detection |
---|---|---|
api.ipify.org | 172.67.74.152 |
Name | Detection |
---|---|
http://192.3.239.4/noa.exe | |
https://api.ipify.org/ | |
Http://192.3.239.4/noa.exe$ | |
Click to see the 12 hidden entries | |
https://api.ipify.org | |
https://account.dyn.com/ | |
Http://192.3.239.4/noa.exej | |
https://api.ipify.org/TZ | |
http://tempuri.org/DataSeta.xsd)Microsoft | |
http://192.3.239.4/noa.exehhC: | |
https://api.ipif8 | |
https://api.ipify.org/p | |
https://api.ipify.org/T | |
https://api.ipify.org/t | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://api.ipify.org |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\noa[1].exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B8B4FECE-91CB-40A6-BB9B-A9E7F3908EA0}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Roaming\HJJC.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 18 hidden entries | |||
C:\Users\user\AppData\Roaming\BPRNYujHfkzq.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\tmp649D.tmp |
XML 1.0 document, ASCII text | # | |
C:\Users\user\Desktop\~$lsheis.doc |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\irlsheis.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:05 2023, mtime=Fri Aug 11 15:42:05 2023, atime=Thu May 2 08:37:56 2024, length=80214, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
Generic INItialization configuration [folders] | # | |
C:\Users\user\AppData\Local\Temp\ylokeenm.0nf.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\tmp91D5.tmp |
XML 1.0 document, ASCII text | # | |
C:\Users\user\AppData\Local\Temp\s0ivb3rf.vhy.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\oasyqr1s.qsx.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\jx5nxgzv.w5w.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\cypg3a5g.z3y.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\bpolodwy.gnc.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\5otw32s5.agf.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\4zqoluo2.nep.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9947BFAE-0747-43FE-8949-2FA8A0A0E79A}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{01A0D677-5EB1-4960-A838-CEACF6C76D09}.tmp |
data | # |