Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 48
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 96
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass
|
IP | Country | Detection |
---|---|---|
167.172.38.18 | United States |
Name | IP | Detection |
---|---|---|
gtr.antoinfer.com | 167.172.38.18 |
Name | Detection |
---|---|
http://gtr.antoinfer.com/favicon.ico | |
http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2 | |
http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2FaVCd/bp1e8aV2PI_2/FY5oP4oo0f6/GeARX2_2FlA_2F/2BhurwBe_2BrsQ1B1bUK7/wilinEmmYIdaZ6lz/71Mw33QzoCtr9s9/ULFilVIFcIxUDJIsEo/crrSiFkaK/6sQSCYti3ETwug18IBlk/b94MQVqQ698rgMibrOo/RMBVkg8AFrK4uT2Dq6pO06/OdceZPFn8QQWz/SARUSfJd/dirYBJB3Uuu4IivFAYs9FmV/Pmcsy6YvBv/Lcgiqf1bUTKnYCeNL/dikDMv66Bty/6H | |
Click to see the 12 hidden entries | |
http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2FaVCd | |
http://gtr.antoinfer.com/Pl9Eori10/TWROVDxUXG0e5P8cvyge/ZU2BrrTT9UbiVqqjDG4/pcVLHkjQ_2FTIEKMeI9p0c/u | |
http://gtr.antoinfer.com/4khtvsQ0u/_2Bibxls4V27IXxwFbLo/MVAeZiN_2BcOXrnrV8V/qJdJNxZ6Bgv5NEeycuU5RT/x | |
http://nuget.org/NuGet.exe | |
http://pesterbdd.com/images/Pester.png | |
http://www.apache.org/licenses/LICENSE-2.0.html | |
https://contoso.com/ | |
https://nuget.org/nuget.exe | |
https://contoso.com/License | |
https://contoso.com/Icon | |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
https://github.com/Pester/Pester |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\a[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\Documents\20210712\PowerShell_transcript.992547.S0FaV4MQ.20210712115054.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\~DFBCEA36BA3DC5EC74.TMP |
data | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\AppData\Local\Temp\~DFA4D21E6A958BB9F9.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF7A8FA428499FD9A8.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DF5A692A62F2D75F35.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a5sxjpc1.1lo.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4pzye43c.itc.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\SgPLk[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_8e10347d3010a05cec57e2a7338104047e76f62_82810a17_01564e18\Report.wer |
Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\6H[1].htm |
ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08A52036-E342-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08A52034-E342-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08A52032-E342-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{08A52030-E342-11EB-90E4-ECF4BB862DED}.dat |
Microsoft Word Document | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3840.tmp.xml |
XML 1.0 document, ASCII text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3457.tmp.WERInternalMetadata.xml |
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators | # | |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A24.tmp.dmp |
Mini DuMP crash report, 14 streams, Mon Jul 12 18:49:35 2021, 0x1205a4 type | # |