35.0.0 Citrine
IR
686208
CloudBasic
10:44:00
18/08/2022
3BgX69C870
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
d805b55d60f9ca73ae71ed68ff692175
947691dbba33dfeb974babcb43d3ceb7991dae29
6a0acf2389d95abc590c8b6a327521312c4de176efce271468817c840745a096
Word Microsoft Office Open XML Format document (49504/1) 49.01%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
false
E88B0DB57BD8675D626F241A6DE70B77
A905F7B1FE5C94F5EB3D065C6A0C45C310A324D4
E0F862F742FB0A23119306427F50BC351CC9D4A75641B0A2D0EC223A2DA455C1
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{18325489-8F7D-4DDB-A0BA-943F66DE838D}.FSD
false
4E51082DA6651E300B6C91259223A9F5
0FD415C74D18EBF8112CFDB8451CCB6152997D72
34FAB831A61A9FBEAA60DC7688ABEDA8B8CA3A89003B751CE1D12A57765E6BA1
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
false
4F6DB96FDF66F7A6788031D2D5CC0232
D0F1CC860AFCAE629276405D2DA64E03F3982DB6
CEC9440988E986CBA29C346683E7FF21BE973AB95A3D67DE7A77445B60FB9274
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
false
64F56300F83EAAE5CB4770F023FD03A0
AE8D9FA45CBFBD8C1C1E3A26AEAD897AAB28CACB
4D8512C5B86DC08807105EC85E96BBAE98A28727A7DF0D40DCCD72102F1768E7
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{1B7B41A5-9895-47A6-B199-1C3C2D73F38A}.FSD
false
656A91268490890538FDA8214268BD9D
93F9AD21F70617632CF7A28BADBFB5730244CED5
BB7045980D9DED29076811A7B4A90A8ED256886DC75B646A271A3A8A82BE3B38
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
false
997672D88598225C3FA2F51B1E3BD35E
D36469237EE014C361BE1D97F07B13097CB7BD55
245EDC20169C2604F500F382CCEC9105CA5E93E799F99E56823282A5FB672EEF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\index[1].htm
true
FBDACF8FB5CCA0ABFED43223D32F89DD
72A038DF096C97FBF7514808D181D6AD356C5443
30FCFA7F6292D3D62578F625F181BE62A222B0E6EA20A469E27FC1B23B94DBAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\739101BE.emf
false
EB1198A6B05E17758FE7464367AD7D5F
933D38674C516990F9E65B2D30C5F88C47D594E0
DF3CE08C1EEA90005CF71F477D1FE40E2A43C0FC826003A8C2263A275CDBCA5C
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\951D3BEA.htm
true
FBDACF8FB5CCA0ABFED43223D32F89DD
72A038DF096C97FBF7514808D181D6AD356C5443
30FCFA7F6292D3D62578F625F181BE62A222B0E6EA20A469E27FC1B23B94DBAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB03D47C.htm
true
FBDACF8FB5CCA0ABFED43223D32F89DD
72A038DF096C97FBF7514808D181D6AD356C5443
30FCFA7F6292D3D62578F625F181BE62A222B0E6EA20A469E27FC1B23B94DBAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{CAFD337F-CA0A-421A-962F-5A83F314B963}.tmp
false
59A7B83F205331057BEA523D3278CF97
699F1642486E7B192C1EA3F43BC6B3C29E65B785
3F87C5353FAC6F858A4C09090326AD220E6968E5D0A1BF830C6F51157F8DA052
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{27621888-E8BB-4FE6-AECB-5EEE72734B15}.tmp
false
13E2E20732A6309682DD5C15F9F6D98A
AD38FF2C76AD28A9A6F386079F685C4A907C48E8
DC56243772C94E385579D36ACE9D7B6FEE2D2C3D32D1296568F3B3E351A5258E
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5F4EA255-C5EC-4225-B349-94755FC9E7B4}.tmp
false
5D4D94EE7E06BBB0AF9584119797B23A
DBB111419C704F116EFA8E72471DD83E86E49677
4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Temp\{1745517E-048D-4BB7-909A-157B39D88B65}
false
83775F54893895A78EFFE9F812647586
7490E5AA0027EFB37EECBC531C50640B0EB337BE
F626D8232CDE87185CA591A1465567D1CA65545EEE48DEA9B348B5AC2B55E5F4
C:\Users\user\AppData\Local\Temp\{3030D6C8-DC9E-4CCC-8285-A68F140AE3A2}
false
6EE917386A8FA5D27D420C50459CA68B
925B897B79026C15EB7ECC5F665D5405E0AE3F4B
FC7C7F5A5DF336010466652E52A13390B83E626E2DA3BE7993A1A003566068F5
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\3BgX69C870.LNK
false
C6AFCFF431D2AD77DBD16B768CA7A5D3
7D4958E0A91002B859737C73111F496376935119
1F8BFA4304CA8986F5FED27006B34A414307240AFD9C9EEE37A95A317E3D31A1
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
5DD5FC2ECB0B586CBAD963A7F61B53DF
EF9B7CB148FD107EF933A72170AD667EC7247051
AA4697402C69F0571055F140707E6B800F70222BB9A960EC96C3D841E7F35B9B
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
false
D9C8F93ADB8834E5883B5A8AAAC0D8D9
23684CCAA587C442181A92E722E15A685B2407B1
116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
C:\Users\user\Desktop\~$gX69C870.docx
false
D9C8F93ADB8834E5883B5A8AAAC0D8D9
23684CCAA587C442181A92E722E15A685B2407B1
116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
50.31.246.2
ascota.cc
true
50.31.246.2
https://ascota.cc/index.html
true
50.31.246.2
https://ascota.cc/index.htmlyX
true
unknown
Antivirus / Scanner detection for submitted sample
Contains an external reference to another file
Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Antivirus detection for dropped file
Detected suspicious Microsoft Office reference URL
Snort IDS alert for network traffic