P0_00122.doc
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
| IP | Country | Detection |
|---|---|---|
| 103.153.78.234 | unknown |  |
| 2.58.149.41 | Netherlands | |
| Name | IP | Detection |
|---|---|---|
| paxz.tk | 2.58.149.41 | |
| obeyice4rm392.bounceme.net | 103.153.78.234 | |
| Name | Detection |
|---|---|
| http://paxz.tk/plugmanzx.exe | |
| obeyice4rm392.bounceme.net | |
| 127.0.0.1 | |
| Click to see the 5 hidden entries | |
| http://www.%s.comPA |  |
| http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
| http://google.com | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| http://servername/isapibackend.dll | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\plugmanzx[1].exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\plugmahm65898.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\RlKeHhAgpZws.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
| Click to see the 18 hidden entries | |||
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat |
data | # | |
C:\Users\user\AppData\Local\Temp\tmp1B2F.tmp |
XML 1.0 document, ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{68E37369-07A5-4DAF-B360-5250F0AAA6E9}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9028E283-917F-4BAA-8392-C7BA4366CE6B}.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\tmp39FF.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\tmp412F.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\Exceptions\1.2.2.0\da0a22967d69764878492dcdfafebb2b.dat |
data | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3FB9168D-43F2-40D2-AFBC-6B32481207BC}.tmp |
data | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\storage.dat |
data | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\P0_00122.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:56 2021, mtime=Mon Aug 30 20:08:56 2021, atime=Fri Jan 14 01:22:15 2022, length=42511, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8BC7PPIC80D40DHBNKNO.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy) |
data | # | |
C:\Program Files (x86)\SMTP Service\smtpsvc.exe |
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\Desktop\~$_00122.doc |
data | # | |
