Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
07762.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_39.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_39RegularVersion 4.39;O365
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.CampaignStates.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.GovernedChannelStates.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.Settings.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.SurveyEventActivityStats.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.SurveyHistoryStats.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\1380790193167760279.C4
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4F53E940-A73A-41B6-922A-6EEA243587F9
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db
|
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1713965022897946100_BE8F30FD-744E-4700-B501-AFAD5F00A642.log
|
ASCII text, with very long lines (3134), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1713965044583265800_EF75FD1E-BFAA-4CEA-98CF-ED056F751FF8.log
|
ASCII text, with very long lines (28833), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC490.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC490.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4A0.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4A0.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4A1.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4A1.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4A2.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4A2.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B3.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B3.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B4.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B4.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B5.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B5.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B6.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B6.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B7.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B7.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B8.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4B8.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4C8.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4C8.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4C9.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4C9.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CA.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CA.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CB.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CB.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CC.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CC.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CD.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4CD.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4DE.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC4DE.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC649.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC649.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC65A.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC65A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC65B.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC65B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC6BD.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC6BD.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC6BE.tmp\Frame.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC6BE.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC6BF.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC6BF.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC828.tmp\Parcel.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\TCDC828.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\~$9147.pptx
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC450.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC451.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC461.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC462.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC463.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC464.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC465.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC466.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC467.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC468.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC469.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC47A.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC47B.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC47C.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC47D.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC47E.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC47F.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC627.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC638.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC639.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC68B.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC68C.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC68D.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\cabC7F8.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\9147.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Normal, ctime=Sat Oct 17 14:49:02
2020, mtime=Wed Apr 24 12:24:04 2024, atime=Sat Oct 17 14:49:02 2020, length=2357301, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [folders]
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\C8WA1EKWE1M3KVTYW4LU.temp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms~RF2b6e2.TMP
(copy)
|
data
|
dropped
|
There are 110 hidden files, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
20.189.173.14
|
unknown
|
United States
|
||
52.109.8.89
|
unknown
|
United States
|
||
23.56.109.208
|
unknown
|
United States
|
||
23.206.6.29
|
unknown
|
United States
|
||
23.1.237.16
|
unknown
|
United States
|
||
52.109.0.142
|
unknown
|
United States
|