Engine | Download Report | Detection | Info |
---|---|---|---|
|
clean
Score: 0
|
System: unknown
|
|
|
clean
Score: 1
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
Name | Detection |
---|---|
https://login.windows.net/common/oauth2/authorizeS | |
https://contentstorage.osi.office.net/dynamiccanvas/progressui/index.html | |
https://api.diagnosticssdf.office.comO | |
Click to see the 97 hidden entries | |
http://www.jiyu-kobo.co.jp/TC | |
https://login.windows.net/common/oauth2/authorizeB | |
https://login.windows.net/common/oauth2/authorizeA | |
https://contentstorage.Jv | |
https://login.windows.net/common/oauth2/authorizeO | |
https://storage.live.com/clientlogs/uploadlocation | |
https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13xv | |
https://hubblecontent.osi.office.net/contentsvc/api/telemetry | |
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json | |
https://entitlement.diagnostics.office.com | |
https://login.windows.net/common/oauth2/authorize= | |
https://www.odwebp.svc.msom | |
https://login.windows.net/common/oauth2/authorizeQ | |
https://login.windows.net/common/oauth2/authorizerizeV | |
https://login.windows.net/common/oauth2/authorize_ | |
https://shell.suite.office.com:1443n | |
https://outlook.office365.com/api/v1.0/me/Activities | |
https://clients.config.office.net/user/v1.0/ios | |
https://login.windows.net/common/oauth2/authorizeb | |
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile$ | |
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml | |
https://osi.office.netst | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing | |
https://login.windows.net/common/oauth2/authorizey | |
https://login.windows.net/common/oauth2/authorizex | |
https://store.office.de/addinstemplate | |
https://api.diagnostics.office.com | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp0; | |
https://substrate.office.comrl | |
http://www.jiyu-kobo.co.jp/jp/ | |
https://powerlift-frontdesk.acompli.netPowerL | |
https://augloop.office.com | |
https://onedrive.live.com/embed? | |
https://visio.uservoice.com/forums/368202-visio-on-devices | |
https://skyapi.live.net/Activity/ | |
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios | |
https://contentstorage.osi.office.net/dynamiccanvas/documentvirality/prod/index.htmlTellMeSu | |
https://login.windows.net/common/oauth2/authorize) | |
https://store.officeppe.com/addinstemplateB | |
https://messaging.office.com/ | |
https://devnull.onenote.com | |
https://graph.windows.net/ | |
http://www.sandoll.co.kr | |
https://login.windows.net/common/oauth2/authorize3 | |
https://login.windows.net/common/oauth2/authorize1 | |
https://login.windows.net/common/oauth2/authorize0 | |
https://globaldisco.crm.dynamics.comi | |
https://login.windows-ppe.net/common/oauth2/authorizedN | |
https://outlook.office365.com/ourshod | |
http://www.jiyu-kobo.co.jp/) | |
https://cr.office.com | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive | |
https://api.microsoftstream.com/api/ | |
https://cr.office.comsR | |
http://www.founder.com.cn/cnht | |
https://api.aadrm.com/ | |
https://devnull.onenote.comId | |
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy | |
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile | |
http://schemas.open | |
https://settings.outlook.comq | |
https://lookup.onenote.com/lookup/geolocation/v1 | |
http://www.sandoll.co.kr) | |
https://rpsticket.partnerservices.getmicrosoftkey.com | |
https://incidents.diagnostics.office.com) | |
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ | |
https://cdn.entity. | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr | |
https://entity.osi.office.net/t | |
http://www.goodfont.co.krmTF? | |
https://login.windows-ppe.net/common/oauth2/authorizeuN | |
https://hubblecontent.osi.office.net/contentsvc/microsofticon? | |
https://web.microsoftstream.com/video/ | |
http://weather.service.msn.com/data.aspx | |
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ | |
https://powerlift.acompli.nety | |
http://www.jiyu-kobo.co.jp/iv | |
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json | |
http://www.jiyu-kobo.co.jp/x | |
https://substrate.office.comz | |
https://substrate.office.coms | |
https://onedrive.live.com/embed?s | |
https://graph.windows.net | |
https://management.azure.comW | |
http://www.jiyu-kobo.co.jp/kCS | |
https://shell.suite.office.com:1443 | |
https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3dw | |
https://api.powerbi.com/v1.0/myorg/groups | |
https://www.odwebp.svc.ms | |
https://hubblecontent.osi.office.net/contentsvc/browse? | |
https://wus2-000.pagecontentsync. | |
https://login.windows.net/common/oauth2/authorize& | |
https://store.office.cn/addinstemplate | |
https://ogma.osi.office.net/TradukoApi/api/v1.0/ | |
https://officeci.azurewebsites.net/api/ | |
https://tasks.office.com | |
https://res.getmicrosoftkey.com/api/redemptionevents |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5C7C860B-3C29-4594-A69A-9D254ADEAC32 |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml |
XML 1.0 document, ASCII text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db |
SQLite 3.x database, last written using SQLite version 3019003 | # | |
Click to see the 12 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-wal |
SQLite Write-Ahead Log, version 3007000 | # | |
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db.session |
SQLite 3.x database, last written using SQLite version 3019003 | # | |
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db.session-journal |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2CF84973.bin |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D8181D6D.wmf |
Targa image data - Map - RLE 28 x 65536 x 0 +3 "\005" | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\t8qMNrxKz5.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu May 23 20:37:23 2019, mtime=Fri Oct 11 02:57:55 2019, atime=Fri Oct 11 02:57:43 2019, length=481572, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC |
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators | # | |
C:\Users\user\Desktop\ppt4A51.tmp |
data | # | |
C:\Users\user\Desktop\ppt4A51.tmp:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\Desktop\~$t8qMNrxKz5.pptx |
data | # |