Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 84
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 100
|
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering
|
IP | Country | Detection |
---|---|---|
68.65.122.211 | United States | |
217.160.0.18 | Germany | |
209.99.40.222 | United States | |
Click to see the 5 hidden entries | ||
199.192.29.215 | United States | |
198.23.49.173 | United States | |
180.76.247.231 | China | |
185.53.179.171 | Germany | |
203.170.86.89 | Australia |
Name | IP | Detection |
---|---|---|
www.clickleaser.com | 198.23.49.173 | |
www.liesdevocalist.store | 0.0.0.0 | |
www.gpusforfun.com | 0.0.0.0 | |
Click to see the 16 hidden entries | ||
www.projectduckling.com | 0.0.0.0 | |
www.thebeautystore.store | 0.0.0.0 | |
www.actu-infomail.com | 0.0.0.0 | |
www.revboxx.com | 0.0.0.0 | |
www.tandelawnmaintenance.com | 0.0.0.0 | |
www.schnellekreditfinanz.com | 0.0.0.0 | |
www.shantelleketodietofficial.site | 0.0.0.0 | |
www.dujh.xyz | 180.76.247.231 | |
www.linqxw.com | 209.99.40.222 | |
barsam.com.au | 203.170.86.89 | |
www.getsuzamtir.xyz | 199.192.29.215 | |
www.repaircilinic.com | 185.53.179.171 | |
schnellekreditfinanz.com | 68.65.122.211 | |
www.borneadomicile.com | 217.160.0.18 | |
e-0009.e-msedge.net | 13.107.5.88 | |
dual-a-0001.a-msedge.net | 13.107.21.200 |
Name | Detection |
---|---|
http://barsam.com.au/ | |
http://barsam.com.au/bin_FCWtLoO90.bin | |
http://www.linqxw.com/wn19/ | |
Click to see the 91 hidden entries | |
http://www.schnellekreditfinanz.com/wn19/ | |
http://www.repaircilinic.com/wn19/ | |
http://www.borneadomicile.com/wn19/?AVnXAh=A9tPw5wW+2gVzhiAst2uEYMxl8Qbhtbs4UZqv+cXLFe4/YHx2PgN7R7cqpKWqQ64E5aF&Vb3pDf=BHT0MRp | |
http://www.schnellekreditfinanz.com/wn19/?AVnXAh=VPEU4GtrlSiNcAkb3jQiBQiB6wsnkRv+1lt8CI/dwo4hrc1cBv2ecJ2q6A5CexHOXEVq&Vb3pDf=BHT0MRp | |
http://pesterbdd.com/images/Pester.png | |
http://www.getsuzamtir.xyz/wn19/ | |
http://www.repaircilinic.com/wn19/?AVnXAh=rBunXcp5a8HG2eTY65iWvy6khmWv9on3XutAN+/kdojtSOLKRRt/04yNs8WYDZYu6HpH&Vb3pDf=BHT0MRp | |
http://www.clickleaser.com/wn19/ | |
http://www.borneadomicile.com/wn19/ | |
www.shantelleketodietofficial.site/wn19/ | |
http://www.clickleaser.com/wn19/?AVnXAh=q67zoIOMf4+mO4D8EIqIf3d7IvOeBQOSx5x5Cm6B2nNhbRkYSectWIWbwYJ7UqoIixMy&Vb3pDf=BHT0MRp | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.ttf | |
http://barsam.com.au/bin_FCWtLoO90.binC: | |
https://android.notify.windows.com/iOS | |
http://i3.cdn-image.com/__media__/pics/12471/libg.png) | |
http://www.dujh.xyz/wn19/?AVnXAh=a63aDXt/KdVd8/vhoA3n5O0XH1EsSnoV0YHdqlzRS6BKHLBCb088tgqJ | |
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o | |
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.otf | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?#iefix | |
https://github.com/Pester/Pester | |
http://www.foreca.com | |
http://www.dujh.xyz/ | |
http://go.microsoft.c | |
http://www.linqxw.com/Designer_Apparel.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSyWJX | |
http://www.linqxw.com/find_a_tutor.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSyWJXVl4% | |
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/ | |
https://contoso.com/Icon | |
http://go.microsoft.ce | |
https://api.msn.com/v1/news/Feed/Windows? | |
http://purlorg/dc/elements/1.1/ | |
http://doma813348.china.myorderbox.com/linkhandler/servlet/RenewDomainServlet?validatenow=false& | |
https://mozilla.org0 | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff2 | |
https://www.msn.com:443/en-us/feed | |
https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5 | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff2 | |
http://www.linqxw.com/display.cfm | |
http://i3.cdn-image.com/__media__/js/min.js?v2.3 | |
http://www.linqxw.com/Work_from_Home.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSyWJXVl | |
https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa | |
https://windows.msn.com:443/shell | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.woff | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.svg#ubuntu-r | |
https://api.msn.com/ | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.svg#ubuntu-b | |
https://aka.ms/pscore6lB2l | |
http://www.linqxw.com/Contact_Lens.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSyWJXVl4% | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.woff | |
http://i3.cdn-image.com/__media__/pics/12471/kwbg.jpg) | |
http://i3.cdn-image.com/__media__/pics/12471/libgh.png) | |
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant | |
http://barsam.com.au/bin_FCWtLoO90.bin4 | |
https://www.msn.com/en-us/news/politics/white-house-chaos-as-video-shows-joe-biden-aides-stop-report | |
http://i3.cdn-image.com/__media__/pics/12471/arrow.png) | |
http://www.linqxw.com/wn19/?AVnXAh=041CpAoA8aE4nytHYFLnZX | |
http://schemas.micro | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.ttf | |
http://barsam.com.au/bin_FCWtLoO90.bink | |
https://excel.office.com | |
http://i3.cdn-image.com/__media__/pics/12471/logo.png) | |
https://outlook.comjU | |
http://barsam.com.au/bin_FCWtLoO90.binf | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.otf | |
http://www.linqxw.com/Accident_Lawyers.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSyWJX | |
https://contoso.com/License | |
https://api.msn.com:443/v1/news/Feed/Windows? | |
https://wns.windows.com/ClassId | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot | |
http://barsam.com.au/bin_FCWtLoO90.binzs | |
http://nuget.org/NuGet.exe | |
http://www.linqxw.com | |
https://go.micro | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
https://crash-reports.mozilla.com/submit?id= | |
http://www.linqxw.com/Healthy_Weight_Loss.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSy | |
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin | |
https://www.msn. | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot | |
http://www.linqxw.com/song_lyrics.cfm?fp=pMtm9Aill7qNES4xv4SZ9a1LesnLw1GnvHqwQeAm1ypMqjqXlSyWJXVl4%2 | |
http://i3.cdn-image.com/__media__/pics/12471/bodybg.png) | |
http://i3.cdn-image.com/__media__/pics/12471/search-icon.png) | |
https://aka.ms/odirm% | |
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg | |
http://www.linqxw.com/px.js?ch=2 | |
http://www.linqxw.com/px.js?ch=1 | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
http://www.linqxw.com/sk-logabpstatus.php?a=endjMmRmQ2JsNGxkU0gxbkFJUVVyVlRxZ1c3ZnhHTGFGdFNIOFdpSjRR | |
http://i3.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?#iefix | |
https://nuget.org/nuget.exe | |
https://contoso.com/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Roaming\2LMM06TC\2LMlogrf.ini |
data | # | |
C:\Users\user\AppData\Roaming\2LMM06TC\2LMlogri.ini |
data | # | |
C:\Users\user\AppData\Roaming\2LMM06TC\2LMlogrv.ini |
data | # | |
Click to see the 13 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
C:\Users\user\AppData\Local\Temp\DB1 |
SQLite 3.x database, last written using SQLite version 3036000 | # | |
C:\Users\user\AppData\Local\Temp\Hetero3.dat |
data | # | |
C:\Users\user\AppData\Local\Temp\RES2E9C.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f0xsdwy4.l4z.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tjjzqpmp.eor.psm1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\gkb1wfd4\CSC1FB6CDA7423C41F280B0C76B8C389BB7.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\gkb1wfd4\gkb1wfd4.0.cs |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\gkb1wfd4\gkb1wfd4.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\gkb1wfd4\gkb1wfd4.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\gkb1wfd4\gkb1wfd4.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Roaming\2LMM06TC\2LMlogim.jpeg |
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, frames 3 | # | |
C:\Users\user\AppData\Roaming\2LMM06TC\2LMlogrg.ini |
data | # |