Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
172.67.8.238 | United States | |
195.191.149.103 | Bulgaria | |
185.157.162.81 | Sweden | |
Click to see the 2 hidden entries | ||
208.95.112.1 | United States | |
37.46.150.139 | Moldova Republic of |
Name | IP | Detection |
---|---|---|
cutt.ly | 172.67.8.238 | |
yz.videomarket.eu | 185.157.162.81 | |
gtp.bg | 195.191.149.103 | |
Click to see the 1 hidden entries | ||
ip-api.com | 208.95.112.1 |
Name | Detection |
---|---|
http://gtp.bg/opka/iopd/ztyh/nmk/1vrkY2OMQfcfBgx.exe | |
http://www.piriform.com/ccleaner | |
http://37.46.150.139/bat/scriptxls_db309dc0-6a94-419d-8933-c37781a53f80_mic2_wddisabler.bat | |
Click to see the 7 hidden entries | |
http://www.%s.comPA | |
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv | |
http://www.piriform.com/ccleanerhttp://www.piri | |
http://gtp.bg/opkl/fioli/zplk/apo/5DVxvgK9jn5gaBl.exe | |
http://ip-api.com/json/ | |
https://curl.haxx.se/docs/http-cookies.html |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\Documents\pd.bat |
ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\JrekdQ.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\tmpCF32.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
Click to see the 24 hidden entries | |||
C:\Users\user\AppData\Local\Temp\eyBLwzbrUF1mwXoy.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\ars4t7gFPGrepVgh.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\sp.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\5DVxvgK9jn5gaBl[1].exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\5DVxvgK9jn5gaBl[1].exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Roaming\gUuYfpYBjYgU.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\Desktop\CCDE0000 |
Applesoft BASIC program data, first line number 16 | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y0IWL9PP10MD7U9YNNWP.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UF448UGC9HH8NS13TMAN.temp |
data | # | |
C:\Users\user\AppData\Roaming\Logs\01-06-2021 |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OY5PTG0JO5WWBCHCBZ8W.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DFLQU3YDWIS0DDTFQO4S.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\C46FS22UMOIQN8SC5D58.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\71YY0ZNRPQ4IRKSGGQ82.temp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\spetsifikatsiya.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Jan 6 16:57:41 2021, atime=Wed Jan 6 16:57:41 2021, length=242176, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jan 6 16:57:41 2021, atime=Wed Jan 6 16:57:41 2021, length=8192, window=hide | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 58936 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\tmpC70.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\tmp4F59.tmp |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\Tar9A5E.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\Cab9A5D.tmp |
Microsoft Cabinet archive data, 58936 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\1CDE0000 |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # |