Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
79.124.76.20 | Bulgaria | |
104.22.0.232 | United States | |
185.157.162.81 | Sweden | |
Click to see the 1 hidden entries | ||
37.46.150.139 | Moldova Republic of |
Name | IP | Detection |
---|---|---|
cutt.ly | 104.22.0.232 | |
speed-bg.com | 79.124.76.20 |
Name | Detection |
---|---|
http://speed-bg.com/kapa3/ferrazio/typla/jbm/5bYDAStoeJnLmro.exe | |
http://www.piriform.com/ccleaner | |
http://37.46.150.139/bat/scriptxls_687c7069-ef4b-4efe-b745-594285a9a92b_mic2_wddisabler.bat | |
Click to see the 9 hidden entries | |
http://www.%s.comPA | |
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleaner7 | |
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv | |
http://www.piriform.com/ccleanerv | |
http://www.piriform.com/ccleanerhttp://www.piriform.c | |
http://www.piriform.com/cc | |
https://curl.haxx.se/docs/http-cookies.html | |
http://www.piriform.com/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\Documents\pd.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\sb.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\axoikBEWgDCn.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\AppData\Local\Temp\tmp8C58.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0BGTGBBF7Q6SKHN9BKYX.temp |
data | # | |
C:\Users\user\Desktop\66EE0000 |
Applesoft BASIC program data, first line number 16 | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RIK1BAD7SBY1C0IHKYVN.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R38BWSSJ7G62VJURDECV.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QWQLK7LNYAZINNN1XM4E.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PUV6Q5QUWPCDRN1NU16Z.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2YWU3VZ5KQ7YGZJ3GJV8.temp |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 58936 bytes, 1 file | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\spetsifikatsiya.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Tue Jan 5 17:06:44 2021, atime=Tue Jan 5 17:06:44 2021, length=242176, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jan 5 17:06:44 2021, atime=Tue Jan 5 17:06:44 2021, length=12288, window=hide | # | |
C:\Users\user\AppData\Local\Temp\Tar41F1.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\Cab41F0.tmp |
Microsoft Cabinet archive data, 58936 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\A5EE0000 |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # |