Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
104.21.88.166 | United States | |
172.217.6.174 | United States | |
190.55.186.229 | Argentina |
Name | IP | Detection |
---|---|---|
shop.nowfal.dev | 104.21.88.166 | |
nightlifemumbai.club | 172.217.6.174 |
Name | Detection |
---|---|
https://shop.nowfal.dev | |
http://traumfrauen-ukraine.de/bin/JyeS/ | |
https://linhkienmaytinh.tctedu.com/wp-snapshots/VzJM/ | |
Click to see the 24 hidden entries | |
http://e-wdesign.eu/wp-content/bn1IgDejh/ | |
http://nightlifemumbai.club | |
http://190.55.186.229/efl8dd1i/ | |
http://nightlifemumbai.club/x/0wBD3/ | |
https://jflmktg.wpcomstaging.com/wp-content/AK/ | |
https://shop.nowfal.dev/wp-includes/RlMObf2j0/ | |
http://ocsp.entrust.net0D | |
http://windowsmedia.com/redir/services.asp?WMPFriendly=true | |
https://secure.comodo.com/CPS0 | |
http://www.%s.comPA | |
http://investor.msn.com/ | |
http://crl.entrust.net/2048ca.crl0 | |
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
http://www.icra.org/vocabulary/. | |
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 | |
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check | |
http://www.hotmail.com/oe | |
http://www.windows.com/pctv. | |
http://www.diginotar.nl/cps/pkioverheid0 | |
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 | |
http://ocsp.entrust.net03 | |
http://crl.entrust.net/server1.crl0 | |
http://www.msnbc.com/news/ticker.txt | |
http://investor.msn.com |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\Cha1_5j\Pzyrxyv\J47K.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\Desktop\~$Order.doc |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A07A78F5-D643-47FF-B622-0CF30ED55516}.tmp |
data | # | |
Click to see the 5 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3975822-A796-4096-8B6B-C6BCF64E2588}.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Order.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11 2020, mtime=Wed Aug 26 14:08:11 2020, atime=Tue Jan 26 06:13:33 2021, length=142336, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y1B2TNFFMYFTDZJ3L541.temp |
data | # |