Download
Community
knowledgeBase
» www.capitaltowervault.com
Overview
Analysis
IPs Addresses (9)
Downloads (8)
Network (18)
www.capitaltowervault.com
Domain Information
Server location:
Oregon, United States (US)
ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US
Root domain:
capitaltowervault.com
Analysis
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
PUP.installCore.Fokakunu.Installer.Meta (M), PUP.InstallCore.AVSoftwa.Installer (M), PUP.InstallCore.RE11 (M)
100.00%
IPs Addresses
The domain www.capitaltowervault.com has been seen to resolve to the following 9 IP addresses.
52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 5, 2016
52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 5, 2016
52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 5, 2016
54.69.11.66
ec2-54-69-11-66.us-west-2.compute.amazonaws.com
May 20, 2016
52.88.159.85
ec2-52-88-159-85.us-west-2.compute.amazonaws.com
May 20, 2016
52.25.41.73
ec2-52-25-41-73.us-west-2.compute.amazonaws.com
May 20, 2016
52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
May 20, 2016
54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
May 20, 2016
54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
May 20, 2016
Downloads
File downloads found at URLs served by www.capitaltowervault.com.
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=iU3b2 oMB7971vi6bVh3CZonVztdlQu6neXn82VEayA=&c=Iijw5dUjl6mV IAj/aO/yY9TqASPy/ s2doCyZ/zOGtypPQupcV3t0i3dhHlBDdfDAK W79IBSkAE4JT vgAvUXjaxzxfUkjRlwrdPc2lDoQ8Lkj4R5vMwBFvcSMnFT6&downloadAs=SetUp.exe&fallback_url=http://.../setup1.19.exe
(3ccfbf0efd9556ead522a69b225fa79d)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=ig3Y0uFer4zuwB7v79EckYVBDAJH/PM82yjEskIdW4I=&c=pMSE5EpIt9CT3oLM7IUmjxX0GoREow57J/j2G9DAYS kzD8lOhm206AgJ9FUk671vDoTMF1ScUUukOE fHl109ox0GRTECPgFM/9zVhIFml4m LDBvPKA5dc9BWnJLmK&downloadAs=EaseUS_Data_Recovery.exe&fallback_url=http://.../get.php?file=7109041d&m3
(icreinstall_easeus_data_recovery.exe)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=qylLtXgKq/uttA YZ8tFFeZeLdaXgLrZurEd4SHk5SE=&c=8qXHroAF0LOLcsFbg6Bc6ECoeT2hSkzLwg3qQHo1GIhPN6cL05xkx8JHBFrzR0YHhToc4gJqxsbbn5tpog7WlZy04f9huJYUepWOIkbk0wmP8ofQm3zcP7ltyziNTdAS&downloadAs=fresh-software24blog.exe&fallback_url=http://.../get.php?file=b2083bae&m3
(icreinstall_fresh-software24blog.exe)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=Uft0KSlfErLJ0iI5EopCTFI1rgNhwJE2sXiEWGcXzF8=&c=G7jV xTLBM5Ju1/GZKAUr561/OdQQ0C4Lvy6YZcsk/FqKdW4wwzhgkQSVmF6EVj123WYp4b0j09XopQKkaYs JQIBrXaDP0iWq LYj8wNWnS5uD6eKaHBDwpcfxiPvaH&downloadAs=VLC-Media-Player.exe&fallback_url=https://download.videolan.org/pub/videolan/vlc/2.2.1/.../vlc-2.2.1-win32.exe
(c.exe)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=hHe/Mpun Z4/EjFU2m9IEUlzqukmpNHQ/wH5a x1UbM=&c=3jDfiuJKed1kaRbYQDZomNbkqY0ihvTUaw9B2ZIUTVkkCQSNrzjnf6UHmDnxFUwniekecBE2Ql8kQhhYdzjKf5l2 8AM0twSFzgJ 2EmNW2Uaxii1zL6sT6RqgJZZgfz&downloadAs=kuyhaa-android19comd.exe&fallback_url=http://.../get.php?file=3310d1f1&m3
(9de43eaf01869da738e1d483af1d16da)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=YvcmyDODcXbE3hxWZP3 fsPlXHhhQeFI0qSElHmrlrY=&c=fY2ygyMS9Rl nZZyvsFEa PQqoNX2CmoSQtBPyYY87mtyddkbp1uS5Xl1y11tp RxrezblOXasOO/X43wxCnQsZxVYNOcKDuzq6if1TW6/lJf 4wWOfSs YwuDF9QemW&downloadAs=recoverytar.exe&fallback_url=http://.../get.php?file=c8d13c2b&m3
(49b8652db34c20fe3ac417b4c9aea428)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=090ERPWjmBtZf4ukxU1KtVS3fozEz8eM7dpa Xi23fg=&c=hSN5JSCjwplOX87uGdPQo533wy2rzFuneh2fC0lrifObSmQGT4PzztG//ISNHMAvO0cRbtAp55ZuEg4PQyF9ZXTeitCyHs60cmId6pS8uTY1gBaO3eOZGJ5 XJRufQ3K&downloadAs=JIFFY_WAYT_-_SWISH_U.exe&fallback_url=http://.../get.php?file=94e718a6&m3
(d1b7870555682b836c750c18c5a7faa9)
1 / 68 (PUP)
http://www.capitaltowervault.com/c?x=6seD2wxGVIwc8Bx/WEgrvfPKeVz68GFa1tsDHHmg/0s=&c=FLli/S8/VInP4ED3IDjx0aivsWvLaDVkVqraNxTueT201 oGYt/obzuDakbAerqXwXrRisc0KZTMDD0DvoY7kyM5VrxM5hLx56ROCL u8vFBZl7F0CyChNXvBqgeKQM4&downloadAs=QQPlayer39936USB.exe&fallback_url=http://.../get.php?file=4edc3612&m3
(541832fedc5ee5a08d8c11d555f7085d)
Network Communications
The following 18 files have been seen to comunicate with www.capitaltowervault.com in live environments.
TCP »
52.38.209.219
:80
rlvknlg.exe (Relevant-Knowledge by TMRG)
TCP »
52.38.209.219
:80
UCBrowser.exe (UC Browser by UCWeb)
TCP »
52.38.209.219
:80
browserairexec.exe (BrowserAir by Goobzo)
TCP »
52.24.26.116
:443
online-guardian-v2.0.9.exe
TCP »
52.24.26.116
:443
online-guardian-v2.0.9.exe
TCP »
52.38.209.219
:80
browser.exe (Browser)
TCP »
52.24.26.116
:443
rlvknlg.exe (Relevant-Knowledge by TMRG)
TCP »
52.24.26.116
:443
036629fbd4864725737a8ba8fe7e8cd6.exe
TCP »
52.38.209.219
:80
3.9.0.128_20140916045038.exe (The KMPlayer by PandoraTV)
TCP »
52.38.209.219
:80
e5be.tmp
TCP »
52.24.26.116
:443
rlvknlg.exe (Relevant-Knowledge by TMRG)
TCP »
52.24.26.116
:443
Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))
TCP »
52.38.209.219
:80
client.exe
TCP »
52.38.209.219
:80
rlvknlg.exe (Relevant-Knowledge by TMRG)
TCP »
52.38.209.219
:80
kmplayer 3.8.0.117 -[www.patoghu.com].exe (The KMPlayer by PandoraTV)
TCP »
52.38.209.219
:80
KMPlayer_3.9.0.126.exe (The KMPlayer by PandoraTV)
TCP »
52.38.209.219
:80
3.9.0.125_20140702035547.exe (The KMPlayer by PandoraTV)
TCP »
52.38.209.219
:80
rlvknlg.exe (Relevant-Knowledge by TMRG)
TCP »
52.38.209.219
:80
online-guardian-v2.0.9.exe
X