DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909yy.doc
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
| IP | Country | Detection |
|---|---|---|
| 67.199.248.11 | United States |  |
| 5.79.72.163 | Netherlands | |
| Name | IP | Detection |
|---|---|---|
| bit.ly | 67.199.248.11 | |
| teknik.io | 5.79.72.163 | |
| u.teknik.io | 0.0.0.0 | |
| Name | Detection |
|---|---|
| https://u.teknik.io/HOMqO.txt | |
| http://www.%s.comPA | |
| http://bit.ly/3kijui1 | |
| Click to see the 2 hidden entries | |
| http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\Public\69577.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # |  |
C:\Users\user\AppData\Roaming\xWdTBYiTWyTud.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\HOMqO[1].txt |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
| Click to see the 17 hidden entries | |||
C:\Users\user\AppData\Local\Temp\tmpA738.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\Tar36BB.tmp |
data | # | |
C:\Users\user\Desktop\~$L88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909yy.doc |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZEL5A6R0.txt |
ASCII text | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex |
Little-endian UTF-16 Unicode text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\DHL88700456XXXX_CONFIRMATION_BOOKING_REFERENCE_BJC400618092909yy.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Aug 26 14:08:13 2020, atime=Wed Feb 24 19:53:30 2021, length=1380809, window=hide | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 59134 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\Cab36BA.tmp |
Microsoft Cabinet archive data, 59134 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F060F5F7-4AFC-467A-BEBB-A714D3C0AD58}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B5F6BABB-61BE-41BF-89DB-AF92964D1C77}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7621A4C2-B642-4F8D-8632-93AA6D767CE8}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\3kijui1[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A |
data | # | |
