Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
165.232.183.49 | United States | |
162.241.253.78 | United States |
Name | IP | Detection |
---|---|---|
gtr.antoinfer.com | 165.232.183.49 | |
free.mynowministries.com | 162.241.253.78 |
Name | Detection |
---|---|
http://gtr.antoinfer.com/IW0KvL6zqxcwdal5Ue/sV05YuqDL/CUY_2FYXWgTEAN2MleRL/cOthmAfIFOrxcxXsh59/ | |
http://gtr.antoinfer.com/favicon.ico | |
http://gtr.antoinfer.com/7lD6H27N_2/BPcjmtAv0Zw4YWBW5/_2Fxf1uK6WCO/_2Fjr90UDnf/fvsahgiWLN_2Bo/Vmn_2FfIBHwVISTOJqyyE/yxzQpB4UhTtBihgn/15wt67RuhdWC2bp/AA4QTb7hSSc7ibwOLz/pdYBrbn9P/IhNkxf132wscOBr5M107/x3K_2BnAOaEK3ZrGH_2/BhQbh5Iq3KL0HGqeYocdUa/aitTSocVb3Ei8/K8Yn7wxH/8ZzNnAARdlf1lpPkD_2FTSI/88hMX1xgXx/WKheFQm4ijbivR_2F/Zqk2tiAD1SrE/7_2FLrw5q4N/ROSXMe9TmWNzIt/lpE2Vas7vRgwYKuDJRzfN/M8anWcq | |
Click to see the 97 hidden entries | |
http://gtr.antoinfer.com/xFDxUxdbnv/F6OYsZZ54L9nW_2Fn/67TmggSh_2FJ/XC_2BJ4ptUf/_2Bn4_2BufrBke/X9TaUV | |
http://gtr.antoinfer.com/7lD6H27N_2/BPcjmtAv0Zw4YWBW5/_2Fxf1uK6WCO/_2Fjr90UDnf/fvsahgiWLN_2Bo/Vmn_2F | |
http://gtr.antoinfer.com/k_2Bld_2B868iR7p/iSLerqiJRFRfRPj/I3sykOYq_2B_2BHlkm/lN1n6_2F_/2BoCebPKrVZFk5Ykbc8d/ir2ifxTr4LNwVXB57AO/naMzNC0NRqAZpafqf_2BA_/2Be4kMQ_2Bs4v/p3vimkya/tnJRXZOQhgPrD4eJIIoOBmz/6_2FqS0VmH/GdEp4ZZJMOcj3fIll/Gr7XyTEKPabp/aWzveP_2B5R/CbkrZ6KMbYewce/4JBfvb8ftJcY5XJZOep1x/uKyVwvTYfdKUGuNG/Emm_2BOgQKRpwFp/DFm1TypwhIB6euZx4o/ZnwoOdebK/P2zkNdJ1mC1FOPRaBbHj/tGtvylAtqDtqZZGz2/K | |
http://gtr.antoinfer.com/k_2Bld_2B868iR7p/iSLerqiJRFRfRPj/I3sykOYq_2B_2BHlkm/lN1n6_2F_/2BoCebPKrVZFk | |
http://gtr.antoinfer.com/h_2F93afXj4zv0agU5uGcex/4RttysT472/M4H0F6I1ZWhRsl9Mq/gKfk1C7c8_2F/gare | |
http://gtr.antoinfer.com/h_2F93afXj4zv0agU5uGcex/4RttysT472/M4H0F6I1ZWhRsl9Mq/gKfk1C7c8_2F/gareL3qIH | |
http://gtr.antoinfer.com/MpeUKSeGn_2/Bk4DEtluQu8Y9R/36MpR_2BhUMN_2FXN2dO6/hANnmINzHP5reb6i/6KJxoqvLx | |
https://analysis.windows.net/powerbi/api | |
https://globaldisco.crm.dynamics.com | |
https://ncus.contentsync. | |
http://www.youtube.com/ | |
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json | |
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios | |
https://outlook.office365.com/autodiscover/autodiscover.json | |
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
https://prod-global-autodetect.acompli.net/autodetect | |
https://dev0-api.acompli.net/autodetect | |
https://officesetup.getmicrosoftkey.com | |
http://weather.service.msn.com/data.aspx | |
https://github.com/Pester/Pester | |
https://dataservice.o365filtering.com/ | |
https://graph.windows.net | |
https://web.microsoftstream.com/video/ | |
https://store.officeppe.com/addinstemplate | |
https://api.powerbi.com/v1.0/myorg/groups | |
https://www.odwebp.svc.ms | |
https://o365auditrealtimeingestion.manage.office.com | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005 | |
https://substrate.office.com/search/api/v2/init | |
http://www.twitter.com/ | |
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json | |
https://entitlement.diagnostics.office.com | |
http://www.amazon.com/ | |
https://clients.config.office.net/user/v1.0/android/policies | |
https://asgsmsproxyapi.azurewebsites.net/ | |
https://incidents.diagnosticssdf.office.com | |
https://api.office.net | |
https://outlook.office365.com/api/v1.0/me/Activities | |
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false | |
https://insertmedia.bing.office.net/odc/insertmedia | |
https://clients.config.office.net/user/v1.0/ios | |
https://incidents.diagnostics.office.com | |
https://wus2.contentsync. | |
https://management.azure.com | |
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml | |
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios | |
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks | |
https://apis.live.net/v5.0/ | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20 | |
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ | |
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication | |
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy | |
https://entitlement.diagnosticssdf.office.com | |
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile | |
https://cloudfiles.onenote.com/upload.aspx | |
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince | |
https://cortana.ai | |
https://lookup.onenote.com/lookup/geolocation/v1 | |
https://rpsticket.partnerservices.getmicrosoftkey.com | |
https://powerlift.acompli.net | |
https://api.aadrm.com/ | |
https://clients.config.office.net/user/v1.0/tenantassociationkey | |
https://api.addins.omex.office.net/appinfo/query | |
https://cdn.entity. | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr | |
https://autodiscover-s.outlook.com/ | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200 | |
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize | |
https://shell.suite.office.com:1443 | |
https://login.microsoftonline.com/ | |
https://api.diagnosticssdf.office.com | |
http://www.reddit.com/ | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
http://pesterbdd.com/images/Pester.png | |
https://store.office.cn/addinstemplate | |
https://free.mynowministries.com/app.dll | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | |
https://sr.outlook.office.net/ws/speech/recognize/assistant/work | |
https://officeci.azurewebsites.net/api/ | |
https://tasks.office.com | |
https://powerlift-frontdesk.acompli.net | |
https://res.getmicrosoftkey.com/api/redemptionevents | |
https://graph.ppe.windows.net | |
https://outlook.office.com/autosuggest/api/v1/init?cvid= | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://portal.office.com/account/?ref=ClientMeControl | |
https://cr.office.com | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive | |
https://api.microsoftstream.com/api/ | |
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o | |
https://ofcrecsvcapi-int.azurewebsites.net/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\zctvvvtu\zctvvvtu.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\Public\Documents\decrypt.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\app[1].dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
Click to see the 47 hidden entries | |||
C:\Users\user\AppData\Local\Temp\zctvvvtu\zctvvvtu.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\Documents\20210708\PowerShell_transcript.632922.yKWYpH3L.20210708154747.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\UZ97[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\Documents\20210708\PowerShell_transcript.632922.jVqfQyN1.20210708154748.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iu1bwi3u.hs4.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqu4u5sp.pln.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pfa1axxq.cvf.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xm5ssgy3.k4v.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\a2r2fkec\a2r2fkec.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\a2r2fkec\a2r2fkec.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\a2r2fkec\a2r2fkec.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Desktop\~$documentation_39236.xlsb |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\K[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\zctvvvtu\zctvvvtu.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\~DF2EB1C9CA29BD00CF.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF436C4ACF406520B7.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF4AB9BBFB5CFFE773.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF6208F46269C5D052.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF903C43FA17F64456.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF97CC7EC2853BA6EC.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF99BD870E81A4914B.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFA7B5BF1FB774EA36.TMP |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5DCD6FF6-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7879BAA2-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DCD6FF8-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7879BAA4-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7879BAA6-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7879BAA8-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7879BAAA-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7879BAAC-E03E-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\othn[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml |
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3A4E1985-998D-4759-B374-77BB71813A62 |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E633A7EE.jpg |
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1684x1191, frames 3 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FCD9B161.jpg |
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1684x1191, frames 3 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\o596c7z[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\M8anWcq[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gWg[1].htm |
ASCII text, with very long lines, with no line terminators | # |