» icreinstall_microsoft-word-2013.exe
Overview
Analysis
File Details
Downloads (268)
Network (2)

icreinstall_microsoft-word-2013.exe

Cir

Destiny Dream S.A.

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_microsoft-word-2013.exe, “Cir Setup ” by Destiny Dream S.A has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.appstowncity.com and multiple other hosts. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

Minuho (signed by Destiny Dream S.A.)

Product:

Cir

Description:

Cir Setup

MD5:

81908f39b0f893d7a13a820bb1f87cf7

SHA-1:

9e2a68aa4b453ca2fc77bb9c85d7591b5dfff6a0

SHA-256:

f8d6d756f3a4b59f35205bdbcda89371be15791542752946394a18c037ceefcd

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/24/2024 1:44:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.DestinyD.Installer (M)

16.3.27.20

File size:

1 MB (1,078,040 bytes)

Product version:

4.7

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_microsoft-word-2013.exe

Digital Signature

Signed by:

Destiny Dream S.A.

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 5:55:11 PM

Valid to:

10/2/2016 6:36:18 PM

Subject:

CN=Destiny Dream S.A., O=Destiny Dream S.A., L=Clarens, S=Vaud, C=CH

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217A75EB912AE2167326222C18D9E2357F

File PE Metadata

Compilation timestamp:

6/20/1992 3:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:9bmjb2rfYLfQazIgBOg5h3bMqDyrRupNCMvE6G1NFYZVSmc8AR:9S7cazIgBOg5dbLyZMcoJu

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9068

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file icreinstall_microsoft-word-2013.exe has been seen being distributed by the following 50 URLs.

http://www.appstowncity.com/WVl6OTRQWEZ6ZVRKcWVESk1Sak0wZG5JeU9VVXhjRUpFVURKMGVXbHdkbWxxYlZKWlpFMXlhVloxZUdKNWJGRWxNMFFtWXoxQmFIZHJTa1pEV205elNrZGpiRUpNZVdSa1VETkVVa1F3UTNwdmEyRlZRVFUyVUdsR1l6TjJaU1V5UW10NGFFWTFRazVPSlRKR1FrOUJSVE5TVmpZMVltOTFTR28wWldjbE1rSTVjMU5pWVV4YU1sa3dZVWRGYW5aTGJuTkxhMlpzWWtWMmJYUldWMnRHVFZVbE1rWkhjRlI1YmpZMmQyVnZkMnMzUzJWMFVWVm5VeVV5Um0wNGRGZzNhRGgxYkhvMk1FOVBWR1ozTms1M2FteG9Ra0ZuSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBXMXBZM0p2YzI5bWRDMTNiM0prTFRJd01UTXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHYjJabWFXTmxMbTFwWTNKdmMyOW1kQzVqYjIwbE1rWmxiaTB3TURFbE1rWjNiM0prSlRKRw==

http://www.hostingtagbody.com/WVl6OTRQV3huU1VwdlExcERjbW8wT0RkdWRqbFFXakpJTVhVeE4zbDZObFZhVWpkR1ZtaFJORlYwZUhSUk9HY2xNMFFtWXoxSmRWWk5aMFpQUVVGVlkweE9kV1FsTWtaUVNEWTFhR0kxZFdwQ1ZIWXlOa0Z3YkdkaFExZHpSbFo0YzFGYWNFdFVVRk5aZVVOT09HMVBWbVJQVkVWdlQzTTVibTlLVFVGWU1HZHRkakJyUzBsUk5UUlFRWGhyU0hRd01XZG1aMGRaY1RWcWVXWXlTSFZ5Ym1NMWVtZEVTakJ4U25SWU9EUkJRa1ZLV2xWa2JVSllUMjlqTVU5MWJtUXhZbXhRZDBaQ2RVbE9XakpqZHlVelJDVXpSQ1psUFRBbVpHOTNibXh2WVdSQmN6MXRhV055YjNOdlpuUXRkMjl5WkMweU1ERXpMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVelFTVXlSaVV5Um05bVptbGpaUzV0YVdOeWIzTnZablF1WTI5dEpUSkdaVzR0TURBeEpUSkdkMjl5WkNVeVJnPT0=

http://www.vaultsdeliverycenter.com/c?x=hyUuaq/WDEIsvPzEGc9GpR9QAtPitj85PvuCQE7hrAo=&c=lXsLx91NZvFxV/aVSzpcpJt1jcBbWSwNAFRycAZDTaiCDcqoKuX3eppkzTDc7T8k9zFgX8KAisfjy8cTpHDuzLo1e6r5Px37 v51TDoVURINPC5n4y8FGLo1TQ8uvQwzaAfcyPRG0WqXXGZCE6FQJw==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/c?x=142WC02X/G6LieW72y8sDoBUPM/Q57H8j/QY/9jgkfc=&c=68XO8TqNxEdfrGGoI0ue83KvcQngakm6BIjK88OL5E/Gmg03dgIkOep9H/mx6XSef01OmsxShP90OO3U3U05tlbIND7nQn9sA86ofLZyve7e2JqD/0HzCc8EO8dInSMyWS Tjmy7MF5qz 1xse4jfw==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.conceptsbinariesbundles.com/WVl6OTRQVmxWY0VacmJGbzJhVFYzWmtWd1ZFSmtlVVJIVTJsYU5uaDJNbGxYYWpWaU1UTXpibE5SVUVGb1lYY2xNMFFtWXoxS1YyNW5KVEpDWWxwT2NYaDVOeVV5UmxWeGN6aFdiblpyYW5oUWJYRkVVa3RxUjJwQ1p6Wm5NbkU0ZVhoV1RUTkZVSGMyU0hOTWNEY3dlakpsVm05YVdHWkVhbXhPVGpRbE1rWnlaMWxSWVZWS2NqVm5jRUo2ZEhsQ2IzbDZkRFIwUkhCc1RFcG9RWEl6UVZCamJGVTBUbHBxYWsxUGNtOGxNa1paTlZWUE1EWXpSa0ZQYUZCeFUwZGtVRVJEWVdOT1VteHRaM0psWm01a1ZWVmxRU1V6UkNVelJDWmxQVEFtWkc5M2JteHZZV1JCY3oxdGFXTnliM052Wm5RdGQyOXlaQzB5TURFekxtVjRaU1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6UVNVeVJpVXlSbTltWm1salpTNXRhV055YjNOdlpuUXVZMjl0SlRKR1pXNHRNREF4SlRKR2QyOXlaQ1V5Umc9PQ==

http://www.cleandeliverytour.com/c?x=1FtmSvbHWMJXcYnZ1art4dngi3QnEqEPX9Z4JgJlV4o=&c=KhsyD0hHWSfm7D4jH/PS0kpx4ZyUR6hEuWOAy5qX2gJ3wLO HnbuSyaR8nH7GpdRfXoDbY6Ltzzv2wLYiyDifI2BWV AB6yG4DW2sUtTn0ADWPSmb8io/r JGFqbu6tXL323JLRnSTu9MB7oS2iEsBfiJoLlUvLpYGVjrHjrNTk=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.hostingtagbody.com/c?x=2ETfuuhtp WGMUnzdHy1vvERvQeM51urbaWR5lc7IC0=&c=2dMg6fLwfKsDUx4F38CTLa/L2YSLN3bIwjoCZnXChV0FIOQfqjRSgjbjkIr3QE0ip3af5xJ3p06AymMikrzHfNpes3y8PmPjk/yKmbZoASxd39BPlDWg7Ei3BHBszji4EnVSs2Tw633j69jz4uS56tqWxyPRMVP8znZTBo uItJb4HHrYEq8lTlzgx3oaXZ9&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.bulkapplicationsign.com/c?x=Ty18h/WpWKiz1kAC7AEG2Af6IxVjp8NwgUpwr4EYpfs=&c=9SBNNi55IioiLTthhdMwTGvK28FQ7xuwpnnnTpX4aubMfhuYPLDJY8W1f3BUlfXGvj/VwsW2W6yun ZYAKyvfgjdyHHjKvQk w23tigI4QMfCiIqb4BKt8DdYnxQUoJhgRt4wjVeFe3BVYgK6ykUVrkZZQg8lCQuAdqOBuFviXk=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.vaultsdeliverycenter.com/c?x=sd/B1pTHY2Cl3Ee3MLrM/V9TBZ6/lFCFL/PbwkmuTJU=&c=kZBCbUINcAkeX6t2rtWxqOIpz05CdYyrbcy5VpJ0M3l62nlpmKvtyhKasvNKwaMrjNciFNalgTNFOz/ikXhQaiZrfYRdZmgdqrvGvrInLa/IKCTxNNe358LfrwvFZ5eMqtLsrWKVDy9JzNg9gQRuFhvC/Dk5hlJNf0ApBnk/Zco=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.conceptsbinariesbundles.com/c?x=jbX14RrNfYlm5rLz/AlWR75irEtzFpti0fSlvKq6Liw=&c=eJWIFEGUG3JoFjF3uSHLpln8pwlA aRP63WPLPihO6FEeUX7UWetBSa/uPvA15x2pCnDwV33XfD4nAYUG HuuqrrAZQ 00KK4FdZIiBCzenLRtu1ziSxBZO7Mx/Aryt9fN3wFP00X9Az76PK Pbh9BDVwPNK0sLocvGDNwVal1k=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleandeliverytour.com/c?x=4jleOaLawsq nh6YZtcgiRPOGp7dg7i2b99fZtMJiRQ=&c=GO27jq6RDG5cDF67GL6uBr8Bw/5Y6WaOD/QsB r5WbYrl PO2wpqNFpegiIRGHUN1LbxePc1NgjMdFbf09ofhMEgxM11B2WFu1VQcahp92iH2O2wiXMQ0HprHAzyXjYI/AudUxu8yg2RsBl1wD54OJXiQpJHeUorVPPepiq1dQE=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.conceptsbinariesbundles.com/c?x=411bmqTJUMpXZ046zou8 ARkb3C6LUovIss/QcqUml4=&c=4/kETx2Uz8/1EkkLqtKFBqs5qcGR6Uqpl65ttkQK7XhjAuo4tm6r1gaZiqigHZgza/M1dyZ8LfGa/lCPCmXbvXQ6yWznhNZMAzzBWl11UXIGOwNNINNomU3siyMzhJK979XS9alnegDHCMc14GDUDXDZggSsX1Uz8qNIiNSssnQ=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.conceptsbinariesbundles.com/c?x=TDE9OYEvDxKXOdYdYGAaCqSrXqBUT7uBiQUsN/Bpm1c=&c= AVR60hWlhJ o0EaQamYuhPpMMhWaIBCGV63V29IA9 NdJiec/RavtZduiTNumC8sea7/GsMnbiwKXzLdhM 2q1Bu75MvahMC0HXY8LLHFb1k8yUA6cmxDCh 5rNMxlKZ8WYtV3pBukisJVcRiCWQ7sslpR16Sj88vxcsK41MlQ=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleandeliverytour.com/c?x=aCLkfT4dmm4n kX14A7jxsp26k2k5 Mm2y77V9RO1zY=&c=wU5A6DrlQtz 4gPRKYE2/nn pe5C03QmywxEVAtAO0 StM2WVVLRh/zONIowE/yGgSJnTgC/NNn9u4kxOo6Is18kod2e2LYJXVsshZg6OyCqXuhQajYDGQFVxh3LtKOq/GMfbe vlaNa/b3jeoc2zqnb3JswkGsnvJEt8eoRtdM=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/c?x=B/FGZbX3thPNj3UmLVn1YEfOXSBPXK8RBfS/57E4aDE=&c=4ApDAg2jL1eiJTHCo7KweRCwylDQl7j3ydRY3zkk9RkiUCBbS5GJgSM74o8S6GN3KmL B6Gdokl0Qu4nBNMXxlyMzdgvtJIfwqOYaE3sP QdWnFt9Jsf275nYdu4mwQTx2b030ZCc9b7GOffoaWb3w==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleandeliverytour.com/WVl6OTRQWGN3ZWxCdFJFczFSR04yYUZacU1GUkVSQ1V5Um5SSWF6RndWMHA0YjFNMk1YbFlWVFZzYTB4dlIxaFBRU1V6UkNaalBYWmFaRGRZYUVGWVdsVjNVazlVYzJ4REpUSkdKVEpDZFd4MmNVa3dSVzFqV0RSUmRIWlpUa3h0T0dnMk5XaG5jSFF3TTJGUGEydFNNVUZEZEdONFdISnZjR0l4WWlVeVJqUnNWRzloTVRZMFRqQm5TR1ZSUzBaeWRGVlpaakYzWWxwMFdHbEhhSE5rVm5CVFltMTNlV0Z6ZDJrMGJYWTVlV1IzUlVwYWFWSlZaR2N4ZDNSQldHRnNibnBIWlhwak9USTFOSFpNYWxwRVNpVXlSbTVSSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBXMXBZM0p2YzI5bWRDMTNiM0prTFRJd01UTXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHYjJabWFXTmxMbTFwWTNKdmMyOW1kQzVqYjIwbE1rWmxiaTB3TURFbE1rWjNiM0prSlRKRw==

http://www.conceptsbinariesbundles.com/c?x=DMU2uOA6Xzm3/ufgGj8e4Mj0qz4Gw3f8CdA0cNBg4uE=&c=PxrtUQtJAOr7Wh9BUvWi8x8Cr8WzU7kI98JA6tOuKXf2RerXEqc7g6mAV5g9wMgpxojGoTQMQauYw2670uzvTNkrRWQAixFParwhOR LOLfyQGUcvngslglym5mW7VXXKX5VNigRY0gbbcDRUYGzFdwuJFmyocFHuBpX7aoJLIa6NJPYFAoSFDDhPRc1L7Ch&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.bulkapplicationsign.com/c?x=iJvO XDyutaT58NYe6l4tV lFWBjcpOPU/o9WPvl2eQ=&c=Ehsd2OAH7U/mTHv75oTk7VWVDhyGCtlbEz35bqRSkH 2rXukvdA9arhE1EvoURgFTTrOdJjhj9BZdDmRrdZKm4rHNl 5g7df2iJTQsSTSd4udMAQy8aW XEFaYnrO0rkMlFgmdnN905rVLABuT6lVw==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/WVl6OTRQVWR4UWpkVlNGUjNZbnBsSlRKR2RHbDZjRFk1ZFhoV1ZuUlJiRk5oT0d4WVFsbGlOWFpPVFZKSGNtTkZTU1V6UkNaalBYRllVMVpDVEZWU1RrMVplVWd4UjJWWlMwdFFZbkk0WTBwUkpUSkNhRXBXYlhWdWFtOXNTQ1V5UWpGaWNtZG5ha1JaZFVONlJETkJiRGh4VFVoWVZWQndlV2s1YTNGUVVUSllNMDVET1VKck0yWk5TMVV5ZFhSSlkwUlNSSEp0Y21aTE9EUmxSSFpSU2sxc01VMHpRMnQzY1VOV01EUXdiMDVXY1V0WU1rd3pWV3BNV0VJbE1rWnJaRElsTWtJMVNUVXhZMHhxYWxsNGNWVmFOVEpCSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBXMXBZM0p2YzI5bWRDMTNiM0prTFRJd01UTXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHYjJabWFXTmxMbTFwWTNKdmMyOW1kQzVqYjIwbE1rWmxiaTB3TURFbE1rWjNiM0prSlRKRw==

http://www.hostingtagbody.com/WVl6OTRQV0pLYmlVeVFqWlNaa0pDZVdJeGJsVlJZblF5Ym10SVUxaG1hMW8yZVdONk5GRkliRVo1Tm1aMEpUSkdRWFZCSlRORUptTTllVWdsTWtKV1VGZGhOa296UWxZMlVtTnlOMmRJYjNCQ2VDVXlSazgwYTJsclIxZFJkemhSTTNoM1ExWmxOMkZITUd0UWJEaFNNbTVRWkRGWFNFbEhUemhzZWtaTGJHcHdWVWd5VERZMlZuZHlaVU5NYXlVeVJrUkJWVEZyVFdWaFRsRnhaa2hTU1dGbmNISnBkVXRIVVhCc1pEZ3pTVnAwV2xsR1RVdFFhbFZ5VDFvbE1rWWxNa0p6U1VOSFpHd2xNa1psYlVWdWFrTldkbFp0TlVzbE1rSlVkM2NsTTBRbE0wUW1aVDB3Sm1SdmQyNXNiMkZrUVhNOWJXbGpjbTl6YjJaMExYZHZjbVF0TWpBeE15NWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1p2Wm1acFkyVXViV2xqY205emIyWjBMbU52YlNVeVJtVnVMVEF3TVNVeVJuZHZjbVFsTWtZPQ==

http://www.cleandeliverytour.com/c?x=8xCTcqlpC36mXMDfoiQqwVu78vQAoTkUNH8t6a2dcqw=&c=2rzcJWsQWu4iYA9bhkgmB3faeZZiBSa V/ MTkRp4tHUZOeOfm8yrbk/wNGqbDDi06B Mw0V5B7PeV4hPfvL edr PNr1Cuy 3vBcsUX9QGsll4icFH7dCoe qI8jcW75XQ01lUpEYtj1xG8FFIAuQ==&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.appstowncity.com/c?x=fjA3A2lRZTjEEBiz8erwFUiesXK8go4mLxeoZXL7TC0=&c=RSZ/xPhKHm0mUY/TSsDXiT4qDIza87yktAZ05HV9YtmoqKIAaMt4F1oE78R2Jzd6dHlb9dhh3lkkGjpi7KEXYcLnAUrXp7dl6vxOuhcRVBf/tA8fPzDvwKVOq/Gc3HwLfyIohfJZ4B8 FDLlBI1JrVmmD5zpgAvjOiFMY/yG2aA=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/c?x=LIKhs2wfHO3xqzeIGJrwDKV1Br8aqBa95 b9ekMVUU=&c=n0h43bhukjI8l p nFhHwcjfkKoYcED7iJVbz35ZbtA29PM2ArtM7FLntcDZBGYaJtpu4Q4Wc4PbrhDz5gH6aSFWykN5hYyo3tUwvdSmaa/NLyl2kzyyRSPLcI1l2i42pBweCS3zH5jqpEgMH1QDVPa6ZE2W53UBUrufcUBBdNM=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/c?x=QcHfbkldydDY54ht3hcnGkPdOmtk8f6WdalTjdOecNg=&c=6Kji9UXN1xaOX8dtAQp153YpM09pJzEZLFERLN95yommsOZ8QivnxxpW2kGXPRpZi KsuMm2JEeoKe3D0BrM0GBI3yiPwzo9hQNhiiCHN9S6HYtln9Zt 5ABxBhMjJkFhyvuqYy7IHunk3kxZsED/ruvyp6d Ig8unTpMJ2ot/pc8Vxby078QEf4xjfEy780&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleandeliverytour.com/c?x=CcaFWjQr s270KJ4opdeZ5Pwcz4nisaKcgtoJObeXVM=&c=47FVT0USRYh HdH2Y3sJbCcaIdv/JIkyEhh5FIgq7rUSn1QU0YwejXT80azJsr1fy5h3ovzbHq7 T6Cwt7ThHc8ooca L1oazt q9Ll2L6OTjKUASfEtXgxXnhw95K6KyRJ2ppdP8ALtGPF9EtdFMkaYwAWYXx 8znAPOl0RLqGlr3tUuZe/c5nJYkUShXeJ&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.appstowncity.com/c?x=mXccaQOCW0ao/ZC34d6n9Wi5gAiWBFLTXRElrVTBH6s=&c=vZmnUvTOCajLYk2OA2 e7xEMfjPmC9Uv7/unBkusai9SM9fY8FqYrOWEBhmwA/RUyPGvq5WmAFQbHhHjrW duX5uey3nG19Htc1LrrTwHdfR4NsHVxW89qOy54Y3hMWhO9ntRiVUejq0tZu0HWmAH20Nf14dDBUtcb8v/d2i8WY=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/c?x=4nAsF0GCkwJP06R197A3iVUVjI/Z1ScGasgdN2/CUQY=&c=qXZodkALSPdkkJ9byCTqCCWi5LYrXWj77nFDelcYA7evVB5WbbqIPuxJL9ML6gmVqPdORSzxZlZeGnl3OXsMVxZ606IZ4NpHNwx0qAxCYaaDlRz3MgoYTy5THpNNxGBD/R6mq0nOxzAcbhRfEjtDV8zCE/bcqzys6PxWHeNe5OWQlHViimSOAAGhPk8aC5oL&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.signbundlefactory.com/c?x=in6S0bKytFuJg5zQYvZrWxUNSjfk4m6o1adP0DhOf7M=&c=2pGy1y8ceDIfgcv1vN KhpYuHORGFrFL1TPaJZ1vcpDAW6oz1c2XDRyMW1lfbJjzXV6y5LOoDYFXWFkkUeIyANxiaaW7UKYTdGkXT9IMJnCDjLKDwXTPDkZte/Jn0H9PF0Q0l ePMD1fpYzdbmeZcZxsGWZl4V92qUHIUX3IRmo=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.cleandeliverytour.com/c?x=jSsYdgRnPVAsiVveP4ouImRtou/9kMPkCHyt28iY6aU=&c=qBww650Qt2Li4Zk /eAW9l7ujbPJyq6Ty21X5vT M1W3K3/HdJzEh4FMEtSzVP8HqCp/IxrpCBJwudrabKAsENRW8dfQg1lMnDkL4nW/ncwBTZisKu7pQIOgeDv4Fdx6i6UKJrL7eX9k6PI6ylWMvLyuzR2wub9Zd5U36OClQg8=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

http://www.appstowncity.com/c?x=Th0fjhjY6bYPKnLhy7gVR yq/Q9jvNUbd5BjQCz5OzU=&c=A70iF0eNu53aeQ96JijMyImmEwhx 7HMLgHkDK0S488YbzmOalUulOCGvMl16W88/pnjKi3jdmLS6tSjzEQ3QMGitbDXA9xX47CliA833EPwfZXsnVC0me4Q37GmfmErmjNNp1c3tZIwCHO09oONEd dz0SGyrL5XVCHV5g3kIU=&e=0&downloadAs=microsoft-word-2013.exe&fallback_url=http://office.microsoft.com/en-001/.../

Latest 30 of 268 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_microsoft-word-2013.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.