flash

DHLForm.ppt

Status: finished
Submission Time: 15.09.2021 15:26:15
Malicious
Exploiter
Evader
Trojan
AgentTesla

Comments

Tags

  • Powershell
  • ppt
  • PS-3losh-rat
  • Rat

Details

  • Analysis ID:
    483878
  • API (Web) ID:
    851446
  • Analysis Started:
    15.09.2021 15:34:22
  • Analysis Finished:
    15.09.2021 16:08:18
  • MD5:
    5a5ff1cffdb0ea343fd5ab32c6eeb740
  • SHA1:
    e372c4f53febe5c4d74a01eb6985e80a31d52e25
  • SHA256:
    9e4134fbb243efdb6d965eec21d98b4ad702e7fca13b5f1af47d30e3b0019585
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
80/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
100/100

malicious
13/59

malicious
10/45

IPs

IP Country Detection
172.217.168.13
United States
142.250.186.35
United States
172.217.168.36
United States
Click to see the 5 hidden entries
104.192.141.1
United States
216.58.215.225
United States
216.58.215.233
United States
142.250.203.110
United States
67.199.248.15
United States

Domains

Name IP Detection
gstaticadssl.l.google.com
142.250.186.35
bitbucket.org
104.192.141.1
accounts.google.com
172.217.168.13
Click to see the 12 hidden entries
www-google-analytics.l.google.com
142.250.203.110
bitly.com
67.199.248.15
blogspot.l.googleusercontent.com
216.58.215.225
www.google.com
172.217.168.36
blogger.l.google.com
216.58.215.233
ghostbackbone123.blogspot.com
0.0.0.0
startthepartyup.blogspot.com
0.0.0.0
backbones1234511a.blogspot.com
0.0.0.0
randikhanaekminar.blogspot.com
0.0.0.0
johonathahogyaabagebarhomeintum.blogspot.com
0.0.0.0
www.blogger.com
0.0.0.0
resources.blogblog.com
0.0.0.0

URLs

Name Detection
https://resources.blogblog.com/img/triangle_ltr.gifcr
https://www.blogger.com/static/v1/widgets/1667664774-css_bundle_v2.css
https://backbones1234511a.blogspot.com/p/ayoolaback.html%22w
Click to see the 97 hidden entries
https://docs.google.com/presentation/?usp=slides_alc7vD
https://backbones1234511a.blogspot.com/p/ayoolaback.html%22x
https://csp.withgoogle.com/csp/blogger-tech
https://www.blogger.com/static/v1/widgets/4164007864-widgets.jsa
https://www.google.com/css/maia.cssQQC:
https://contacts.google.com/?hl=en-GB&tab=jC
https://startthepartyup.blogspot.com/R
https://www.blogger.com/img/share_buttons_20_3.png/
https://ghostbackbone123.blogspot.com/js/cookienotice.js3r
https://backbones1234511a.blogspot.com/O
https://startthepartyup.blogspot.com/g
https://www.blogger.com/img/blogger-logotype-color-black-1x.pngs
https://www.blogger.comisAlternateRenderinglightboxModuleUrlrtdisableGCommentsateShare
https://startthepartyup.blogspot.com/h
https://www.blogger.com/img/share_buttons_20_3.png9
https://tagassistant.google.com/E
http://crl.pki.goog/gsr2/gsr2.crl0?
https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22/res
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1690726786805467605&zx=1fe0aef2-8b4f-4693-89a0-5b335e695da7
https://resources.blogblog.com/0
https://startthepartyup.blogspot.com/feeds/posts/defaultq
https://startthepartyup.blogspot.com/feeds/posts/defaultp
https://www.blogger.com/blogger.gh
https://www.blogger.com/go/contentpolicyPz
https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22714
https://backbones1234511a.blogspot.com/p/ayoolaback.html%22
https://www.google.co.uk/intl/en-GB/about/products?tab=jhw6D
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhtt
https://twitter.com/intent/tweet?text=
https://www.blogger.com/static/v1/v-css/281434096-static_pages.cssC:
https://ghostbackbone123.blogspot.com/js/cookienotice.jslogID=1690726786805467605&zx=1fe0aef2-8b4f-4
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js0
https://startthepartyup.blogspot.com//p/backbone16.html%22
https://www.blogger.com/share-post.g?blogID=8965474558532949541&pageID=3337584593152806955&target=em
http://backbones1234511a.blogspot.com/p/ayoolaback.html%22
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.jsss
https://www.blogger.com/go/helpcenter4X
https://backbones1234511a.blogspot.com/p/ayoolaback.html%2522&type=blogP
https://www.blogger.com
https://www.blogger.com/go/privacy
https://myaccount.google.com/?utm_source=OGB&tab=jk&utm_medium=app
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.jsOSZZl
https://ghostbackbone123.blogspot.com/se
https://www.blogger.com/blogin.g?blogspotURL=https://backbones1234511a.blogspot.com/p/ayoolaback.html%2522&type=blog
https://apis.googl
https://backbones1234511a.blogspot.com/p/ayoolaback.html%22o?
https://www.google.co.uk/saveL
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.html%26type%3Dblog%26bpli%3D1&passive=true&go=true
https://ampcid.google.com/v1/publisher:getClientId
https://docs.google.com/document/?usp=docs_alcSyH
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png)
https://www.google.com/support/accounts/bin/answer.py?hl
https://www.blogger.com/feeds/4778963473423104316/posts/default
https://bitly.com/yuiwqhdsavbdjaghMar
https://johonathahogyaabagebarhomeintum.blogspot.com/feeds/posts/defaultays%2C%20mualollfl%0A%27Task
https://www.blogger.com/blogin.g?blogspotURL=https://backbones1234511a.blogspot.com/p/ayoolaback.htm
https://www.blogger.com/go/helpcenterW
https://www.google.com/css/maia.css
https://resources.blogblog.com/i
https://stadia.google.com/?Q
https://resources.blogblog.com/img/widgets/s_top.png
https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ghostbackbone123.blogspot.com/p/ghostbackup15
https://backbones1234511a.blogspot.com/p/ayoolaback.html%2522&type=blogc
https://www.blogger.com/img/blogger-logotype-color-black-1x.pngC:
https://resources.blogblog.com/b
https://ghostbackbone123.blogspot.com/search
https://www.blogger.com/content.g&
https://www.blogger.com/go/helpcenterh
https://www.blogger.com/static/v1/widgets/4164007864-widgets.js/
https://www.blogger.com/go/devapiz
https://bitbucket.org
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.jsC:
https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.pngK
https://www.blogger.com/static/v1/widgets/4164007864-widgets.js1
https://www.blogger.com/static/v1/widgets/4164007864-widgets.js0
https://www.blogger.com/static/v1/widgets/4164007864-widgets.js2
https://www.blogger.com/img/share_buttons_20_3.pngmple/gradients_light.pngight.pngGradientType=0blog
https://meet.google.com/?hs=197Mw
https://stadia.google.com/
https://ads.google.com/home/?subid=ww-ww-et-g-aw-a-vasquette_ads_cons_1
https://ghostbackbone123.blogspot.com/feeds/posts/defaultX
https://www.blogger.com/img/blogger-logotype-color-black-1x.pngc~
https://www.blogger.com/img/blogger-logotype-color-black-1x.png~wy
https://www.google.co.uk/intl/en-GB/about/products?tab=jhhe
http://randikhanaekminar.blogspot.com/p/ayoola.html
https://www.blogger.com/rpc_relay.html
https://backbones1234511a.blogspot.com/p/ayoolaback.html%22bw_
https://startthepartyup.blogspot.com/p/backbone16.html%2522&type=blog
https://pki.goog/repository/0
https://www.google.%/ads/ga-audiences2
https://www.blogger.com/blogger.g&ec=GAZAHg
https://www.blogger.com/static/v1/widgets/4164007864-widgets.jsU
https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/
https://backbones1234511a.blogspot.com/p/ayoolaback.html%2522&type=blogy
https://www.blogger.com/static/v1/widgets/4164007864-widgets.js680886694920034828&zx=ad70dca0-0e6f-4
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7680886694920034828&zx=ad70dca0-0e6f-

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\dtsgyyde\dtsgyyde.0.cs
C++ source, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\uz5edm2y\uz5edm2y.0.cs
C++ source, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\DHLForm.ppt.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:45 2020, mtime=Wed Sep 15 21:50:26 2021, atime=Wed Sep 15 21:50:06 2021, length=83456, window=hide
#
C:\Users\user\Desktop\~$DHLForm.ppt
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AC5AD669-56E7-460E-948A-F065066565C4
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ayoolaayoola[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ayoolaback[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\blogin[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\blogin[3].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\blogin[4].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\blogin[5].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\error[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\error[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\error[3]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ghostbackup15[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\icon18_edit_allbkg[1].gif
GIF image data, version 89a, 18 x 18
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\maia[1].css
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\warning[1]
GIF image data, version 89a, 36 x 38
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\warning[2]
GIF image data, version 89a, 36 x 38
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1621653182-comment_from_post_iframe[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4164007864-widgets[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ayoolaback[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\blogin[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cookienotice[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cookienotice[2].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\error[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\error[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem5YaGs126MiZpBA-UN_r8OUuht[1].eot
Embedded OpenType (EOT), Open Sans Light family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\warning[1]
GIF image data, version 89a, 36 x 38
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\warning[2]
GIF image data, version 89a, 36 x 38
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\1667664774-css_bundle_v2[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\3101730221-analytics_autotrack[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ayoola[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\blogger-logotype-color-black-1x[1].png
PNG image data, 112 x 27, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\blogin[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\blogin[3].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\blogin[4].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\blogin[5].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\body_gradient_tile_light[1].png
PNG image data, 10 x 10, 1-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\cookienotice[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ghostbackup15[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\warning[1]
GIF image data, version 89a, 36 x 38
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\281434096-static_pages[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\403901366-ieretrofit[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxO[1].eot
Embedded OpenType (EOT), Roboto family
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ayoola[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cookienotice[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cookienotice[2].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\error[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gradients_light[1].png
PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\share_buttons_20_3[1].png
PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\warning[1]
GIF image data, version 89a, 36 x 38
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\yuiwqhdsavbdjagh[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\RES63A1.tmp
data
#
C:\Users\user\AppData\Local\Temp\RES797A.tmp
data
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hytk1gx.3rm.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2kvm3p0y.qld.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5mvqwry1.chd.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bcbx0wqh.kwh.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gxuccqjn.nsx.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_idn0qbc4.rvw.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ja0cqkkh.20u.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxaqbzcb.ynk.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\a0uccovc\CSCCC0B7B204924196A28CF024B8788083.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\a0uccovc\a0uccovc.0.cs
C++ source, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\a0uccovc\a0uccovc.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\a0uccovc\a0uccovc.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\a0uccovc\a0uccovc.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\dtsgyyde\dtsgyyde.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\dtsgyyde\dtsgyyde.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\kzmhhkkm\kzmhhkkm.0.cs
C++ source, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\kzmhhkkm\kzmhhkkm.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\kzmhhkkm\kzmhhkkm.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\lmts0v03\CSCCA8985A0394D48BFA864CA75A5282D3A.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.0.cs
C++ source, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\uz5edm2y\uz5edm2y.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\uz5edm2y\uz5edm2y.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3G8FI1QOCY21WA8OKU7M.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msS (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msy/ (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VVV1ONIXQSS6F9SBSEW6.temp
data
#
C:\Users\user\Documents\20210915\PowerShell_transcript.813848.B+5qUPvm.20210915155048.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210915\PowerShell_transcript.813848.gb1KMLRN.20210915155122.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20210915\PowerShell_transcript.813848.sfG6n45m.20210915155054.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#