Report Overview
Submitted URL
www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip
IP
142.213.20.178
ASN
#11489 BACI
Submitted
2024-05-07 14:42:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
11
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
ocsp.entrust.net | 1208 | 1997-07-28 | 2014-01-10 | 2024-05-06 | 328 B | 2.0 kB | 184.24.45.171 |
www.ramq.gouv.qc.ca | 780066 | 2000-10-23 | 2017-02-03 | 2023-10-24 | 541 B | 20 MB | 142.213.20.178 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip
IP
142.213.20.178
ASN
#11489 BACI
File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
20 MB (20342150 bytes)
Hash
2733b943eaba75091669536bdfc0ae09
f0848e54ca8da1b2f84155fa84a09c43a17e5e91
Archive (72)
Filename | Md5 | File type | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
LisezMoi 5.11.docx | 9720bcd3bcee73e9212d06579d63986c | Microsoft Word 2007+ | |||||||||
LisezMoi 5.11.pdf | e39d0c6a818196e65c4a13136239b9e1 | PDF document, version 1.5, 2 pages (zip deflate encoded) | |||||||||
Args.ps1 | 33a41bab3132069a6f98d0ce241f982e | ISO-8859 text, with CRLF line terminators | |||||||||
Config.ps1 | 6500cd3712cc4c52d5bfdf515b8c4202 | ISO-8859 text, with CRLF line terminators | |||||||||
Constantes.ps1 | f27e70eeb3b755b1399098a39047f1b4 | ISO-8859 text, with CRLF line terminators | |||||||||
IEIntegration.ps1 | a78bde31a1773182da49ec8df4577d14 | Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | |||||||||
Install.ps1 | 0378aa74de98c19c85895b7d3c878e69 | Unicode text, UTF-8 text, with CRLF line terminators | |||||||||
Lib.ps1 | e9c931243e1d1f522240fe735ffd9251 | ISO-8859 text, with CRLF line terminators | |||||||||
PostUninstall.ps1 | 22f4576c7531b4315c14ac192cb51279 | ISO-8859 text, with CRLF line terminators | |||||||||
PreUninstall.ps1 | 4bd46380f85aecac9fcf0aa1329da983 | ISO-8859 text, with CRLF line terminators | |||||||||
Uninstall.ps1 | 2e94705c016997b6835d84076cc85a5b | Unicode text, UTF-8 text, with CRLF line terminators | |||||||||
Variables.ps1 | 8daeec251264feff845bc4697e1f469b | Unicode text, UTF-8 text, with CRLF line terminators | |||||||||
Infos.txt | 648c5e23f25bb63b817a87dfa741adaf | Unicode text, UTF-8 text, with CRLF line terminators | |||||||||
Installation_Visualiseur.cmd | 06182e1bc4d1c0397e8d20872e929624 | DOS batch file, ASCII text, with CRLF line terminators | |||||||||
ScriptInstall.ps1 | dc5df2c56cf7f042441b0478159b5212 | ISO-8859 text, with CRLF line terminators | |||||||||
atl80.dll | 3c7def3cbbca6284867aa4621d5d8a54 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||||||||
capicom.dll | 9130cce19b5db3d2e31f9f789263fc4a | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections | |||||||||
crypt32.dll | efc958396a7a7ef7e6d4a52b97512e18 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections | |||||||||
CryptoHelper.inf | a6e7c4d48eae56b9394d6f2711ce4487 | Windows setup INFormation | |||||||||
CryptoHelperATL.dll | 3d2b67df122f2c0e461034873f2f75a6 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||||||||
mfc80.dll | 1b7524806d0270b81360c63a2fa047cb | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections | |||||||||
Microsoft.VC80.ATL.manifest | d5a659b220ec3694c39a3ed33f4637ca | XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators | |||||||||
Microsoft.VC80.CRT.manifest | 541423a06efdcd4e4554c719061f82cf | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators | |||||||||
Microsoft.VC80.MFC.manifest | 97b859f11538bbe20f17dfb9c0979a1c | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators | |||||||||
msvcm80.dll | cae6861b19a2a7e5d42fefc4dfdf5ccf | PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections | |||||||||
msvcr80.dll | e4fece18310e23b1d8fee993e35e7a6f | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||||||||
AC_emettrice_G3.cer | 272bc25bf1c259a03c1f02edf5c49dd1 | Certificate, Version=3 | |||||||||
AC_emettrice_PARTE_G3.cer | 8d73a73a96017dd2b259042906bb0082 | Certificate, Version=3 | |||||||||
certadm.dll | aed39116fe12c5550975043da1d1b244 | PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections | |||||||||
certutil.exe | 711db2ef10b6c2ab2080698aec6c6d08 | PE32 executable (console) Intel 80386, for MS Windows, 3 sections | |||||||||
PKI2015-racineparteG32015.cer | ff1bd7f3ca10e3390b5b6ec3ae9ecefa | Certificate, Version=3 | |||||||||
PKI2015-racinesecursanteG32015.cer | 1ff1cbb3a9a9ba481c859ce496a1ce69 | Certificate, Version=3 | |||||||||
FortiToken-FTK300-Minidriver-Setup_x64.msi | 1fb9419674cdbcaf9d85b86ab1210ec2 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: FortiToken Installer, Author: Hypersecu Information Systems Inc, Keywords: Mindriver Installer, Comments: FortiToken is developed by Hypersecu., Template: x64;1033, Revision Number: {A7E0A946-5ACB-407F-A36C-80E8AA30D8BA}, Create Time/Date: Fri May 12 08:00:30 2023, Last Saved Time/Date: Fri May 12 08:00:30 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2 | |||||||||
FortiToken-FTK300-Setup_x64.msi | 069410b20af9cfea9dd405cad3252dd3 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: FortiToken Installer, Author: Hypersecu Information Systems Inc, Keywords: Mindriver Installer, Comments: FortiToken is developed by Hypersecu., Template: x64;1033, Revision Number: {D8AF5215-1D7A-483C-87C3-7CB54087FBFE}, Create Time/Date: Fri Aug 25 01:42:40 2023, Last Saved Time/Date: Fri Aug 25 01:42:40 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2 | |||||||||
axaltocm.dll | d0334b10bc93a7629b64b207ab74805a
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||||||||
axaltocm_x64.dll | ad4006ec753d6cc3c194f7ad23dc380c
| PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections | |||||||||
SafeNet.Minidriver.IDPrime.cat | 77ded97b8e31b9e08c5334c377fa8863 | DER Encoded PKCS#7 Signed Data | |||||||||
SafeNet.Minidriver.IDPrime.inf | c057a5df2609401636d9de9d2c1c63f1 | Windows setup INFormation | |||||||||
SafenetMD.dll | e8fea28e0932fc1b46fdce873e4aa8af
| PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections | |||||||||
SafenetMD_x64.dll | f04dc9f7db6d5118d2c607cdf74333e4
| PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections | |||||||||
GemCCID.cat | 2a03294119edf2420b9f65bcc06142b1 | DER Encoded PKCS#7 Signed Data | |||||||||
gemccid.inf | 8a4b3b2cdc241735e98be7681c34ae8d | Windows setup INFormation | |||||||||
gemccid.PNF | 7e3f91246f7a1927a11c9b287d504c86 | Windows Precompiled iNF, version 3.1 (Windows Vista-8.1), flags 0x1000083, unicoded, has strings, at 0x4980 "Signature", InfVersionLastWriteTime Mon Oct 17 20:29:42 2016, at 0x60 WinDirPath, LanguageID 40c | |||||||||
GemCCID.sys | d9dd4df7c7ff10f4dbbb1fc3a0193bb8 | PE32+ executable (native) x86-64, for MS Windows, 8 sections | |||||||||
GemCCID.pdb | 25b56cb3ee3fd7f024df91ba1e7f1542 | MSVC program database ver 7.00, 1024*867 bytes | |||||||||
GemCCID.cat | c3cd219380a6be669552e520c2f11781 | DER Encoded PKCS#7 Signed Data | |||||||||
gemccid.inf | 7b22ce6b6ca60852b1f716b0090298fa | Windows setup INFormation | |||||||||
GemCCID.sys | bc918d0a06770b25b083fd045fa18c08 | PE32 executable (native) Intel 80386, for MS Windows, 7 sections | |||||||||
GemCCID.pdb | 2e1689b448e11f0df9846df6ebe15871 | MSVC program database ver 7.00, 1024*987 bytes | |||||||||
GemPcCCID_en-us_32.msi | 40c1f130d30c72fa7f26a955cafbe081 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows 2000 32-bits and next OS releases, Template: Intel;1033, Revision Number: {2BF0728C-3216-4AFB-815F-DEE582A0E9DF}, Create Time/Date: Tue Nov 11 09:49:20 2014, Last Saved Time/Date: Tue Nov 11 09:49:20 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2 | |||||||||
GemPcCCID_en-us_64.msi | 6a2ce47081a86d2d5ffe9c4406e11d35 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows XP 64-bits and next OS releases, Template: x64;1033, Revision Number: {98F2DF03-86E4-4B2D-B2FA-96C91F7AFE28}, Create Time/Date: Tue Nov 11 09:51:10 2014, Last Saved Time/Date: Tue Nov 11 09:51:10 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2 | |||||||||
GemPcCCID_fr-fr_32.msi | a158cdeb7d3e52fc021da65afb21a33b | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows 2000 32-bits and next OS releases, Template: Intel;1036, Revision Number: {FDA7B8B2-D518-44B9-BE20-12F86A04D665}, Create Time/Date: Tue Nov 11 09:50:02 2014, Last Saved Time/Date: Tue Nov 11 09:50:02 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2 | |||||||||
GemPcCCID_fr-fr_64.msi | bb27922b1511466172ff260b48d62dde | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: GemPcCCID Version 2.0.5, Author: Gemalto, Keywords: Installer, Comments: GemPcCCID Installer Version 2.0.5 for Windows XP 64-bits and next OS releases, Template: x64;1036, Revision Number: {29208F50-8174-4D3D-AEC8-CD31AA450D67}, Create Time/Date: Tue Nov 11 09:51:26 2014, Last Saved Time/Date: Tue Nov 11 09:51:26 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2 | |||||||||
create_shorcut_dsq_labo.vbs | ac3ad5d9c8b3e9631e523bfbd51cef74 | ASCII text, with CRLF line terminators | |||||||||
Installation_Visualiseur Labortoire.bat | 7dcace89a3e591e2dc77379c6bfa018a | Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators | |||||||||
LogoDSQ.ico | 37a7a5d6599cb4ae7f0f628e0ee37372 | MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel | |||||||||
DSQ Formation.lnk | 05c364b735038fb6c53cd1e1a56ffd6d
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Fri May 21 13:17:07 2021, mtime=Tue Oct 12 13:10:58 2021, atime=Mon Oct 11 07:23:31 2021, length=3379608, window=hide | |||||||||
DSQ Production.lnk | ee68da29f3975da7739aac61b6d58366
| MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Fri May 21 13:17:07 2021, mtime=Tue Oct 12 13:10:58 2021, atime=Mon Oct 11 07:23:31 2021, length=3379608, window=hide | |||||||||
Portail libre-service.rdp | 18dc9cd795948a641deb507a297f4f89 | Unicode text, UTF-16, little-endian text, with CRLF line terminators | |||||||||
ActiveX_x64.reg | dcc288ecd084e212a056bc26f969cc95 | Windows Registry little-endian text (Win2K or above) | |||||||||
IE10_SiteDeConfiance_x64.reg | 2aeff6e77947502a84c37e7f1d31e08e | Windows Registry little-endian text (Win2K or above) | |||||||||
IE10_SiteDeConfiance_x86.reg | ff662250e524054713fa1ebf22dced49 | Windows Registry little-endian text (Win2K or above) | |||||||||
IE11_SiteDeConfiance_Win8.1_x64.reg | 22f3a6f51da4c1e38c7bfdf3a9cdcbdf | Windows Registry little-endian text (Win2K or above) | |||||||||
IE11_SiteDeConfiance_x64.reg | 9c455ac7f3ca6e6eb81986bb661b4991 | Windows Registry little-endian text (Win2K or above) | |||||||||
IE11_SiteDeConfiance_x86.reg | c2d3b55b93610c8ca755fb9ee94519c7 | Windows Registry little-endian text (Win2K or above) | |||||||||
IE9_CompatibilityView_x64.reg | d02e5dd0d46c64497d83cfc7f8044057 | Unicode text, UTF-16, little-endian text, with CRLF line terminators | |||||||||
IE9_CompatibilityView_x86.reg | d02e5dd0d46c64497d83cfc7f8044057 | Unicode text, UTF-16, little-endian text, with CRLF line terminators | |||||||||
ModuleUsage_x64.reg | 548d0cacd1488f29a6395133bc847033 | Windows Registry little-endian text (Win2K or above) | |||||||||
TrustedSites_x64.reg | 8ec390833fa4668490c1fafb9d264f07 | Windows Registry little-endian text (Win2K or above) | |||||||||
TrustedSites_x86.reg | 98c7c796995a497609d61841d1bc2cff | Windows Registry little-endian text (Win2K or above) | |||||||||
TrustedSites_x86.reg.temp | 742c8d6d7d4b4bae9a7e0b5b747102e3 | Windows Registry little-endian text (Win2K or above) | |||||||||
Visualiseur DSQ_V5.12_WIN7_Edge (1).zip | 1cb110dc6b41468da53d85abd38be5d4 | Zip archive data, at least v2.0 to extract, compression method=store |
Detections
Analyzer | Verdict | Alert |
---|---|---|
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies download artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
Public InfoSec YARA rules | malware | Identifies executable artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies download artefacts in shortcut (LNK) files. |
Public InfoSec YARA rules | malware | Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path. |
JavaScript (0)
HTTP Transactions (2)
URL | IP | Response | Size | |
---|---|---|---|---|
ocsp.entrust.net/ | 184.24.45.171 | 1.6 kB | ||
HTTP Headers
| ||||
www.ramq.gouv.qc.ca/sites/default/files/documents/non_indexes/visualiseur-dsq_v5-12.zip | 142.213.20.178 | 200 OK | 20 MB | |
HTTP Headers
| ||||