case (1522).xls
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
| IP | Country | Detection |
|---|---|---|
| 172.67.150.228 | United States |  |
| 104.21.60.169 | United States | |
| 172.67.200.147 | United States | |
| Click to see the 1 hidden entries | ||
| 104.21.73.69 | United States | |
| Name | IP | Detection |
|---|---|---|
| homesoapmolds.com | 104.21.60.169 | |
| rnollg.com | 172.67.150.228 | |
| gadgetswolf.com | 172.67.200.147 | |
| Click to see the 1 hidden entries | ||
| govemedico.tk | 104.21.73.69 | |
| Name | Detection |
|---|---|
| https://rnollg.com/kev/scfrd.dll |  |
| https://gadgetswolf.com/post.phpi | |
| http://crl3.digicertP | |
| Click to see the 32 hidden entries | |
| http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check | |
| http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 | |
| http://www.icra.org/vocabulary/. | |
| http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
| http://investor.msn.com/ | |
| http://www.%s.comPA | |
| http://windowsmedia.com/redir/services.asp?WMPFriendly=true | |
| http://wmwifbajxxbcxmucxmlc.com/files/april24.dll~ | |
| http://ocsp.entrust.net0D | |
| https://rnollg.com/kev/scfrd.dll$8 | |
| https://secure.comodo.com/CPS0 | |
| https://homesoapmolds.com/ | |
| http://crl.entrust.net/2048ca.crl0 | |
| https://gadgetswolf.com/post.php_ | |
| https://govemedico.tk/post.php | |
| http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 | |
| http://www.windows.com/pctv. | |
| http://investor.msn.com | |
| http://www.msnbc.com/news/ticker.txt | |
| http://crl.entrust.net/server1.crl0 | |
| https://govemedico.tk/7 | |
| http://crl3.digicert | |
| http://ocsp.entrust.net03 | |
| https://homesoapmolds.com/post.phpr | |
| http://www.hotmail.com/oe | |
| https://gadgetswolf.com/ | |
| http://www.diginotar.nl/cps/pkioverheid0 | |
| https://gadgetswolf.com/post.php | |
| http://crt.comod | |
| https://govemedico.tk/ | |
| https://homesoapmolds.com/post.php | |
| http://wmwifbajxxbcxmucxmlc.com/files/april24.dll) | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\ProgramData\formnet.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\scfrd[1].dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\B6EE0000 |
data | # | |
| Click to see the 9 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jan 27 04:31:44 2021, atime=Wed Jan 27 04:31:44 2021, length=12288, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\case (1522).LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Jan 27 04:31:44 2021, atime=Wed Jan 27 04:31:44 2021, length=99328, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B8J2SM51.txt |
ASCII text | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SCG1PMXY.txt |
ASCII text | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\TK4XJNTQ.txt |
ASCII text | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WG4KTJBM.txt |
ASCII text | # | |
C:\Users\user\AppData\Roaming\Ytziy\ipnyw.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\Desktop\77EE0000 |
Applesoft BASIC program data, first line number 16 | # | |
