Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 72
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 84
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass
|
IP | Country | Detection |
---|---|---|
52.97.201.210 | United States | |
40.97.128.194 | United States | |
195.20.250.115 | Germany | |
Click to see the 9 hidden entries | ||
52.97.201.194 | United States | |
52.97.186.114 | United States | |
52.98.163.18 | United States | |
52.98.168.178 | United States | |
82.165.229.16 | Germany | |
172.217.168.14 | United States | |
52.97.232.194 | United States | |
82.165.229.59 | Germany | |
82.165.229.87 | Germany |
Name | IP | Detection |
---|---|---|
taybhctdyehfhgthp2.xyz | 0.0.0.0 | |
thyihjtkylhmhnypp2.xyz | 0.0.0.0 | |
outlook.com | 40.97.128.194 | |
Click to see the 12 hidden entries | ||
ZRH-efz.ms-acdc.office.com | 52.97.186.114 | |
www.mail.com | 82.165.229.59 | |
plusmailcom.ha-cdn.de | 195.20.250.115 | |
mail.com | 82.165.229.87 | |
wa.mail.com | 82.165.229.16 | |
www.googleoptimize.com | 172.217.168.14 | |
outlook.office365.com | 0.0.0.0 | |
s.uicdn.com | 0.0.0.0 | |
www.outlook.com | 0.0.0.0 | |
img.ui-portal.de | 0.0.0.0 | |
plus.mail.com | 0.0.0.0 | |
dl.mail.com | 0.0.0.0 |
Name | Detection |
---|---|
http://modernizr.com/download/?-csstransforms-csstransforms3d-csstransitions-flexbox-flexboxlegacy-f | |
http://mail.com/jdraw/2x8ENuMVJEai_2FVqcwg/KQQ50kpn0M3L73ENNBE/G1knvzad_2Fg_2BkyCoA3S/RcPZinl4BFdYu/NG5HWnb0/vfvVzx4Doj88hqHzLS5VCB0/IRrw6ObYiX/1_2Fr33YbqAT9Ry0m/a_2FLfkuNA_2/F_2Fy3jjalf/Eg8brnQokZm55h/jGcurV8IMufIt7jFcTF99/whDSjKuT/g9l8UU7_2/B.crw | |
https://outlook.office365.com/jdraw/0SBJEaWj8uzaYO9/X2ZLyhcXhOBs13vUhk/uA0Mj7KPw/1hd_2FrDfFtdqWCbDdz | |
Click to see the 58 hidden entries | |
https://github.com/getsentry/sentry-javascript | |
http://www.reddit.com/ | |
https://mail.com/jdraw/2x8ENuMVJEai_2FVqcwg/KQQ50kpn0M3L73ENNBE/G1knvzad_2Fg_2BkyCoA3S/RcPZinl4BFdYu | |
https://cdn.cookielaw.org/logos/b1d060cc-fa13-4e1e-8a5e-fd705963d55b/11da4229-abbc-4e04-a16b-72fa8f1 | |
http://thyihjtkylhmhnypp2.xyz/jdraw/5aLAbJwTVae/qoEFd9apr89OcM/6ayYRQOOdtFpSwTDl2aq9/CqCbos6Cqnizb6H | |
https://github.com/WebReflection/url-search-params/blob/master/src/url-search-params.js | |
https://s.uicdn.com/shared/sentry/5.5.0/bundle.min.js | |
http://www.nytimes.com/ | |
https://outlook.office365.com/jdraw/xGbcxYlao6QybS/5qDDj85QhfUdCqg61IRxY/a3KKCFnPRTca1yiq/_2Fc_2FODy | |
https://s.uicdn.com/mailint/9.1725.0/assets/consent/mailcom/styles.css | |
https://s.uicdn.com/tcf/live/ | |
https://dl.mail.com/permission/oneTrust/ | |
https://www.mail.com/consentpageVJEai_2FVqcwg/KQQ50kpn0M3L73ENNBE/G1knvzad_2Fg_2BkyCoA3S/RcPZinl4BFd | |
https://outlook.office365.com/jdraw/OvXGpKzLxUlvc/5YmODYZ1/gEki0c5_2Bcj_2BJgBmclYf/4zl_2FiIGx/zg7_2F | |
https://cdn.cookielaw.org/logos/b1d060cc-fa13-4e1e-8a5e-fd705963d55b/662e5c67-1d13-450e-90e2-8ba98fb | |
https://dl.gmx.net/permission/oneTrust/ | |
https://s.uicdn.com/mailint/9.1725.0/assets/consent/mailcom/spinner.gif | |
https://s.uicdn.com/mailint/9.1725.0/assets/favicon.ico | |
https://www.mail.com/consentpage | |
https://mam-confluence.1and1.com/display/TDII/BRAIN-Tracking | |
http://www.youtube.com/ | |
https://www.mail.com/jdraw/2x8ENuMVJEai_2FVqcwg/KQQ50kpn0M3L73ENNBE/G1knvzad_2Fg_2BkyCoA3S/RcPZinl4B | |
https://cdn.cookielaw.org/vendorlist/ | |
http://www.wikipedia.com/ | |
https://github.com/js-cookie/js-cookie | |
http://www.live.com/ | |
https://s.uicdn.com/mailint/9.1725.0/assets/favicon.ico~ | |
https://dl.gmx.fr/permission/oneTrust/ | |
https://dl.web.de/permission/oneTrust/ | |
https://www.mail.com/cdraw/2x8ENuMVJEai_2FVqcwg/KQQ50kpn0M3L73ENNBE/G1knvzad_2Fg_2BkyCoA3S/RcPZinl4B | |
https://dl.1und1.de/permission/oneTrust/ | |
https://wa.mail.com/1and1/mailcom/s?_c=0&name= | |
https://www.mail.com/consentpage/event/visit | |
https://img.ui-portal.de/pos-cdn/tracklib/4.3.0/tracklib.min.js | |
https://s.uicdn.com/mailint/9.1725.0/assets/consent/consent-management.js | |
http://scottjehl.github.io/picturefill | |
https://s.uicdn.com/mailint/9.1725.0/assets/consent/main.js | |
https://dl.gmx.com/permission/oneTrust/ | |
https://s.uicdn.com/permission/live/ | |
http://outlook.com/jdraw/OvXGpKzLxUlvc/5YmODYZ1/gEki0c5_2Bcj_2BJgBmclYf/4zl_2FiIGx/zg7_2FVzTFFpxQ0Zg/IVmTcFICtOu9/15kAqnW78YI/MXCY1lZONnEzVM/eyszldhHfL9FhdO1fFyz9/RRaqeJksBpKD0xlU/B2SSOZmmpvCp3sI/4IJYpEC_2BP8ptXo3E/E9fvTGTLb/WJ6m1MuHv/Uxoe1d.crw | |
http://www.amazon.com/ | |
https://s.uicdn.com/tcf/live/v1/js/tcf-api.js | |
http://www.twitter.com/ | |
https://dl.gmx.at/permission/oneTrust/ | |
https://www.mail.com/ | |
https://dl.gmx.es/permission/oneTrust/ | |
https://github.com/arv/DOM-URL-Polyfill/blob/master/src/url.js | |
https://www.mail.com/consentpage/event/error | |
https://dl.mail.com/tcf/live/v1/js/tcf-api.js | |
https://github.com/scottjehl/picturefill/blob/master/Authors.txt; | |
https://nct.ui-portal.de/mailcom/mailcom/s? | |
https://my.onetrust.com/s/article/UUID-185d63b9-1094-a9d3-e684-bb1f155ae6ad | |
http://taybhctdyehfhgthp2.xyz/jdraw/vPapbiz2Eh/ZPYySNPAkvOvIyVz2/tWl_2FHqiE2d/6ywtXMerrZg/ABJ_2FJE5Z | |
https://dl.gmx.co.uk/permission/oneTrust/ | |
https://url.spec.whatwg.org/#urlencoded-serializing | |
https://dl.gmx.ch/permission/oneTrust/ | |
https://dl.mail.com/permission/live/v1/ppp/js/permission-client.js | |
https://img.ui-portal.de/pos-cdn/tracklib/4.3.0/polyfills.min.js |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1] |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1] |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css |
ASCII text | # | |
Click to see the 81 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\consentpage[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bundle.min[1].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NewErrorPageTemplate[1] |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\t[1].gif |
GIF image data, version 89a, 1 x 1 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\promise.min[2].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\promise.min[1].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\permission-core.min[1].js |
UTF-8 Unicode text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\lt[1].htm |
HTML document, UTF-8 Unicode text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\logo_mobile[1].png |
PNG image data, 43 x 43, 8-bit colormap, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico |
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1] |
PNG image data, 15 x 15, 8-bit colormap, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\core[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\consent-management[1].js |
ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B[1].htm |
HTML document, ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\spinner[1].gif |
GIF image data, version 89a, 32 x 32 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\polyfills.min[1].js |
UTF-8 Unicode text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\permission-client[1].js |
UTF-8 Unicode text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\logo_mailcom[1].png |
PNG image data, 127 x 33, 8-bit colormap, non-interlaced | # | |
C:\Users\user\AppData\Local\Temp\~DF3B2B4B210D4677DA.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFFE16BBD1A669E84C.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFDC723F1443C4BAD9.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFADD0A24F1B043A66.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFA4B211933831C46D.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF9CCB71D7125A321B.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF867A60F063A0CB97.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF8670946C9A228354.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF60A783B178E5E3D4.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF5F3CA953B42C7490.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF3F423AA33482C50B.TMP |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1] |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\~DF2278B18D6A6BD7ED.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF134D6241D89374BD.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF0F318B5CCE001BBF.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tracklib.min[1].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tcf-api[1].js |
UTF-8 Unicode text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\styles[1].css |
ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\main[1].js |
ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\main.min[1].js |
HTML document, UTF-8 Unicode text, with very long lines, with NEL line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{79338731-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9821E83-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0214097-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A90D6F79-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A226C240-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AD72DED-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93B4E602-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9821E81-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0214095-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A90D6F77-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A226C23E-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9AD72DEB-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93B4E600-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7933872F-E0BA-11EB-90EB-ECF4BBEA1588}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\dl.mail[1].xml |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.mail[1].xml |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\down[1] |
PNG image data, 15 x 15, 8-bit colormap, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1] |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\dnserror[1] |
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\MAILCOM_content_tablet[1].jpg |
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 768x1024, frames 3 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\MAILCOM_content_smartphone[1].jpg |
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 375x1500, frames 3 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\url-polyfill[1].js |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tcf-api[1].js |
UTF-8 Unicode text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\picturefill.min[1].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\permission-layer.min[1].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\head.min[1].js |
ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\entry3[1].js |
Java source, ASCII text, with very long lines | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BACZYXTY\plus.mail[1].xml |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dnserror[1] |
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\adservice[1].js |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1] |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\B[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # |