Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
104.236.161.64 | United States | |
114.109.179.60 | Thailand | |
185.94.252.13 | Germany | |
Click to see the 9 hidden entries | ||
77.90.136.129 | Germany | |
149.62.173.247 | Spain | |
73.116.193.136 | United States | |
89.32.150.160 | Romania | |
83.169.21.32 | Germany | |
35.209.238.78 | United States | |
189.2.177.210 | Brazil | |
64.90.40.69 | United States | |
185.94.252.12 | Germany |
Name | IP | Detection |
---|---|---|
www.leframe.com | 64.90.40.69 | |
irvingstudios.com | 35.209.238.78 | |
g.msn.com | 0.0.0.0 |
Name | Detection |
---|---|
https://store.officeppe.com/addinstemplate | |
https://prod-global-autodetect.acompli.net/autodetect | |
https://analysis.windows.net/powerbi/api | |
Click to see the 97 hidden entries | |
https://officesetup.getmicrosoftkey.com | |
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v= | |
https://dataservice.o365filtering.com/ | |
https://graph.windows.net | |
https://profile.xboxlive.com/users/batch/profile/settings | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= | |
https://web.microsoftstream.com/video/ | |
https://api.powerbi.com/v1.0/myorg/groups | |
https://www.odwebp.svc.ms | |
https://dev0-api.acompli.net/autodetect | |
http://www.hulu.com/privacy | |
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
https://globaldisco.crm.dynamics.com | |
https://dev.virtualearth.net/REST/v1/Routes/ | |
https://outlook.office.com/autosuggest/api/v1/init?cvid= | |
https://wus2-000.pagecontentsync. | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= | |
https://store.office.cn/addinstemplate | |
https://www.hulu.com/do-not-sell-my-info | |
http://kyleriffic.com/blogs/RQ24ETH6SM/ | |
https://sr.outlook.office.net/ws/speech/recognize/assistant/work | |
https://login.windows.net/common | |
https://apis.live.net/v5.0/ | |
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx | |
http://irvingstudios.com/photos/jH40783/ | |
https://dev.virtualearth.net/REST/v1/Routes/Driving | |
https://clients.config.office.net/user/v1.0/ios | |
http://leannewaller.com/wwvvv/w11WKn/ | |
https://incidents.diagnostics.office.com | |
https://management.azure.com | |
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= | |
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml | |
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios | |
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks | |
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= | |
http://185.94.252.12/kV76MG/k0eQr3GFjLfR1G/5fvh7/& | |
http://weather.service.msn.com/data.aspx | |
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ | |
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false | |
https://dev.virtualearth.net/REST/v1/Routes/Transit | |
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json | |
https://dynamic.t | |
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios | |
https://outlook.office365.com/autodiscover/autodiscover.json | |
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/ | |
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ | |
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy | |
https://entitlement.diagnosticssdf.office.com | |
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile | |
https://cloudfiles.onenote.com/upload.aspx | |
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
http://www.wpdate.Internal.InstallControlFWdtP | |
https://cortana.ai | |
https://lookup.onenote.com/lookup/geolocation/v1 | |
http://89.32.150.160:8080/euHNOkFn/52D | |
https://rpsticket.partnerservices.getmicrosoftkey.com | |
https://powerlift.acompli.net | |
https://dev.virtualearth.net/REST/v1/Routes/Walking | |
https://api.aadrm.com/ | |
https://clients.config.office.net/user/v1.0/tenantassociationkey | |
https://wus2-000.contentsync. | |
http://185.94.252.12/kV76MG/k0eQr3GFjLfR1G/5fvh7/ | |
https://cdn.entity. | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr | |
https://t0.tiles.ditu.live.com/tiles/gen | |
https://dev.ditu.live.com/REST/v1/Routes/ | |
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize | |
https://shell.suite.office.com:1443 | |
https://login.microsoftonline.com/ | |
https://api.diagnosticssdf.office.com | |
https://api.microsoftstream.com/api/ | |
https://officeci.azurewebsites.net/api/ | |
http://185.94.252.13/gpZ9zRh3Pjabg/VvYnUqF7/i7Ga/g6qbqZhQggth70/BIU2nc0EGCwBHCGddEC/BjaRNxQcLiGsSWIZ | |
https://tasks.office.com | |
https://powerlift-user.acompli.net | |
https://res.getmicrosoftkey.com/api/redemptionevents | |
https://graph.ppe.windows.net | |
https://ecs.office.com/config/v2/Office | |
http://www.bingmapsportal.com | |
https://portal.office.com/account/?ref=ClientMeControl | |
https://appexmapsappupdate.blob.core.windows.net | |
https://cr.office.com | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive | |
http://185.94.252.13:443/gpZ9zRh3Pjabg/VvYnUqF7/i7Ga/g6qbqZhQggth70/BIU2nc0EGCwBHCGddEC/BjaRNxQcLiGs | |
http://189.2.177.210:443/6BWAzRG6l/FKicTAw4/QIdJYqkq43ASWUd7d/ncpAn2ojRYQZ1I/hA$ | |
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies | |
http://189.2.177.210:443/6BWAzRG6l/FKicTAw4/QIdJYqkq43ASWUd7d/ncpAn2ojRYQZ1I/ | |
http://www.hulu.com/terms | |
http://89.32.150.160:8080/euHNOkFn/A3 | |
https://storeedgefd.dsx.mp.microsoft.c | |
http://89.32.150.160:8080/euHNOkFn/ | |
https://dev.virtualearth.net/REST/v1/Transit/Schedules/ | |
https://ofcrecsvcapi-int.azurewebsites.net/ | |
http://www.xbox.com/ | |
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\427.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\Documents\20200731\PowerShell_transcript.813848.3Bj+ssq2.20200731222421.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
Click to see the 29 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\File 072020.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Jul 27 13:56:56 2020, mtime=Sat Aug 1 04:24:16 2020, atime=Sat Aug 1 04:24:12 2020, length=177152, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Sat Aug 1 04:24:14 2020, mtime=Sat Aug 1 04:25:20 2020, atime=Sat Aug 1 04:25:20 2020, length=0, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC |
Little-endian UTF-16 Unicode text, with CR line terminators | # | |
C:\Users\user\Desktop\~$le 072020.doc |
data | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp |
ASCII text, with no line terminators | # | |
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log |
data | # | |
C:\ProgramData\Microsoft\Network\Downloader\edb.log |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl |
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl |
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL |
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL |
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL |
XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hesv1szd.0x5.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0cs44t2.55a.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\76570F3C-F132-4121-AE64-6F95A6D7EBC0 |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm |
data | # | |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db |
Extensible storage engine DataBase, version 0x620, checksum 0x5fa80937, page size 16384, DirtyShutdown, Windows version 10.0 | # |