Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
79.134.225.49 | Switzerland | |
93.89.224.134 | Turkey | |
67.199.248.10 | United States |
Name | IP | Detection |
---|---|---|
greatestyear2021.ddns.net | 79.134.225.49 | |
bit.ly | 67.199.248.10 | |
sgkmudder.org.tr | 93.89.224.134 |
Name | Detection |
---|---|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 | |
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
http://sgkmudder.org.tr/2d/mgLD5CcdJx9YVKl.jpg | |
Click to see the 12 hidden entries | |
http://crl.entrust.net/server1.crl0 | |
http://ocsp.entrust.net03 | |
http://bit.ly/2Me6ei3 | |
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 | |
http://www.%s.comPA | |
http://www.diginotar.nl/cps/pkioverheid0 | |
http://ocsp.entrust.net0D | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://secure.comodo.com/CPS0 | |
http://servername/isapibackend.dll | |
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css | |
http://crl.entrust.net/2048ca.crl0 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\tmpA055.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\Public\69577.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\rLliXAh.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 15 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\mgLD5CcdJx9YVKl[1].jpg |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\2Me6ei3[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8AD9C643-349E-46EF-BF24-C3A751787722}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9CA5B12C-492C-4E57-AE2D-0E7798ADDEF4}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AB5F6AD7-3C7C-4823-93B4-8E22DB7DEE25}.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\Cab7021.tmp |
Microsoft Cabinet archive data, 59134 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\Tar7022.tmp |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 59134 bytes, 1 file | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Deadly Variants of Covid 19.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Tue Feb 23 02:52:35 2021, length=833197, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex |
Little-endian UTF-16 Unicode text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WBLPQVYT.txt |
ASCII text | # | |
C:\Users\user\Desktop\~$adly Variants of Covid 19.doc |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # |