Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
172.67.184.102 | United States | |
37.0.9.166 | Netherlands | |
34.102.136.180 | United States |
Name | IP | Detection |
---|---|---|
dell-tv.tk | 37.0.9.166 | |
www.volunteervabetweenk.com | 172.67.184.102 | |
www.texaszephyr.com | 0.0.0.0 | |
Click to see the 5 hidden entries | ||
www.1oavyx.com | 0.0.0.0 | |
www.bandhancustomer.com | 0.0.0.0 | |
www.publicfigure.skin | 0.0.0.0 | |
publicfigure.skin | 34.102.136.180 | |
texaszephyr.com | 34.102.136.180 |
Name | Detection |
---|---|
www.fcusd4.com/op9t/ | |
http://dell-tv.tk/ashlyzx.exe | |
http://www.volunteervabetweenk.com/op9t/?0l=exlpTNNXh0F&c0=WMWbw9/24XbwIiPl+aU7TY/mYt55hlmFa8WJlEktQGdJQVklk58s/CKKr8Th7+7tz7UKpw== | |
Click to see the 29 hidden entries | |
http://www.msn.com/?ocid=iehp0 | |
https://support.mozilla.org | |
http://www.autoitscript.com/autoit3 | |
http://www.%s.comPA | |
http://computername/printers/printername/.printer | |
http://servername/isapibackend.dll | |
http://www.piriform.com/ccleaner | |
http://www.msn.com/de-de/?ocid=iehp | |
http://www.msn.com/?ocid=iehp | |
http://investor.msn.com/ | |
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv | |
http://www.icra.org/vocabulary/. | |
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
http://www.msn.com/de-de/?ocid=iehpC | |
http://www.windows.com/pctv. | |
http://java.sun.com | |
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check | |
http://www.publicfigure.skin/op9t/?c0=RQ8pabDbnEWS4MHppDnLpAnnVm0R7EKmWqTB7JHuP07woLOWNs0JhuHKNBpScYVLrEmjjw==&0l=exlpTNNXh0F | |
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2 | |
http://treyresearch.net | |
http://www.hotmail.com/oe | |
http://windowsmedia.com/redir/services.asp?WMPFriendly=true | |
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM | |
http://www.iis.fhg.de/audioPA | |
http://www.texaszephyr.com/op9t/?0l=exlpTNNXh0F&c0=4uZm8lPh56XAYP0u1p0c6SVxcutgTZuNbzhe7MVeNR3LwnMhhkFBXHHvU8jy6jgZH7Gcyg== | |
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1 | |
http://wellformedweb.org/CommentAPI/ | |
http://www.msnbc.com/news/ticker.txt | |
http://investor.msn.com |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ashlyzx[1].exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{3D999299-2169-4632-82B1-6FEE86AD4ADA}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Roaming\ashlkyvc7592.exe |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
Click to see the 6 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1301DF5A-9B1F-4290-90EE-2E8BF9838615}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{780FD6C6-AC2E-47FB-9E8C-CE3647E85B1F}.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\P.O-5433ERE.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:57 2021, mtime=Mon Aug 30 20:08:57 2021, atime=Fri Nov 26 01:08:15 2021, length=21635, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$O-5433ERE.doc |
data | # |