charge_12.01.2021.doc
| Full Report | Management Report | IOC Report | Engine | Info | Verdict | Score | Reports |
|---|---|---|---|---|---|---|---|
 |
|
||||||
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
|
64/100
|
||||
|
|
System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
|
100/100
|
||||
 |
|
13/44
|
| IP | Country | Detection |
|---|---|---|
| 194.62.42.207 | Russian Federation |  |
| Name | IP | Detection |
|---|---|---|
| winrentals2017b.com | 194.62.42.207 | |
| Name | Detection |
|---|---|
| https://api.powerbi.com/v1.0/myorg/groups | |
| https://web.microsoftstream.com/video/ | |
| https://api.addins.store.officeppe.com/addinstemplate | |
| Click to see the 97 hidden entries | |
| https://cortana.ai:$ | |
| https://graph.windows.net | |
| https://analysis.windows.net/powerbi/apidI | |
| https://login.windows.net/common/oauth2/authorizeA3V | |
| https://login.windows.net/common/oauth2/authorizecom7HQ | |
| https://api.onedrive.comcent | |
| https://login.windows.net/common/oauth2/authorize/a | |
| https://login.windows.net/common/oauth2/authorize5FW | |
| https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json | |
| https://devnull.onenote.comedOw | |
| https://substrate.office.comc | |
| https://ncus.contentsync. | |
| https://substrate.office.comL | |
| https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ | |
| http://weather.service.msn.com/data.aspx | |
| https://login.windows.net/common/oauth2/authorizeaE | |
| https://substrate.office.comP | |
| https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios | |
| https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml | |
| https://login.windows.net/common/oauth2/authorizea | |
| https://login.windows.net/common/oauth2/authorizec | |
| https://wus2.contentsync. | |
| https://login.windows.net/common/oauth2/authorizee | |
| https://clients.config.office.net/user/v1.0/ios | |
| https://login.windows.net/common/oauth2/authorizeg | |
| https://api.cortana.aiD# | |
| https://login.windows.net/common/oauth2/authorizeY | |
| https://login.windows.net/common/oauth2/authorizeZ | |
| https://o365auditrealtimeingestion.manage.office.com | |
| https://outlook.office365.com/api/v1.0/me/Activities | |
| https://api.addins.omex.office.net/appstate/queryr | |
| https://www.odwebp.svc.msom | |
| https://clients.config.office.net/user/v1.0/android/policies | |
| https://outlook.office.com7 | |
| https://login.windows.net/common/oauth2/authorizeT | |
| https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonT | |
| https://asgsmsproxyapi.azurewebsites.net/6 | |
| https://login.windows.net/common/oauth2/authorizeU | |
| https://entitlement.diagnostics.office.com | |
| https://login.windows.net/common/oauth2/authorizeH | |
| https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json | |
| https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksz | |
| https://login.windows.net/common/oauth2/authorizeJ | |
| https://outlook.office.com/ | |
| https://login.windows.net/common/oauth2/authorizeK | |
| https://storage.live.com/clientlogs/uploadlocation | |
| https://login.windows.net/common/oauth2/authorizeO | |
| https://substrate.office.com/search/api/v1/SearchHistory | |
| https://login.windows.net/common/oauth2/authorizeE | |
| https://login.windows.net/common/oauth2/authorizeF | |
| https://login.windows.net/common/oauth2/authorizepE | |
| https://login.windows.net/common/oauth2/authorize8 | |
| https://outlook.office.com1769 | |
| https://login.windows.net/common/oauth2/authorize9 | |
| https://login.windows.net/common/oauth2/authorize; | |
| https://login.windows.net/common/oauth2/authorize= | |
| https://login.windows.net/common/oauth2/authorize? | |
| https://substrate.office.com/search/api/v1/SearchHistory~j | |
| https://dataservice.o365filtering.com:7P | |
| https://login.windows.net/common/oauth2/authorize3 | |
| https://graph.windows.net/ | |
| https://login.windows.net/common/oauth2/authorize4 | |
| https://devnull.onenote.com | |
| https://shell.suite.office.com:1443 | |
| https://autodiscover-s.outlook.com/ | |
| https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr | |
| https://cdn.entity. | |
| https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ | |
| https://rpsticket.partnerservices.getmicrosoftkey.com | |
| https://lookup.onenote.com/lookup/geolocation/v1 | |
| https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile | |
| https://settings.outlook.comS | |
| http://winrentals2017b.com/ | |
| https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy | |
| https://api.aadrm.com/ | |
| https://substrate.office.comgz | |
| https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies | |
| https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp | |
| https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickrb | |
| https://api.microsoftstream.com/api/ | |
| https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive | |
| https://cr.office.com | |
| https://api.office.nets? | |
| https://login.windows.net/common/oauth2/authorizecG | |
| https://res.getmicrosoftkey.com/api/redemptionevents | |
| https://tasks.office.com | |
| https://officeci.azurewebsites.net/api/ | |
| https://login.windows.net/common/oauth2/authorize4EV | |
| https://login.windows.net/common/oauth2/authorizeN~ | |
| https://login.windows.net/common/oauth2/authorize$ | |
| https://login.windows.net/common/oauth2/authorize% | |
| https://store.office.cn/addinstemplate | |
| https://login.windows.net/common/oauth2/authorizeqF | |
| https://store.office.de/addinstemplateZ;p | |
| https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
| https://substrate.office.comm | |
| https://www.odwebp.svc.ms | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\charge_12.01.2021.doc.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Sep 23 14:11:40 2021, mtime=Thu Dec 2 11:26:56 2021, atime=Thu Dec 2 11:26:52 2021, length=33465, window=hide | # |  |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\youTube.hta.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Dec 2 11:26:58 2021, mtime=Thu Dec 2 11:26:58 2021, atime=Thu Dec 2 11:26:58 2021, length=3342, window=hide | # | |
C:\Users\Public\dowNext.jpg |
HTML document, ASCII text | # | |
| Click to see the 13 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7CC1B43E-0D2C-47F4-8AD2-E8873A50A321 |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7E8CFCDF.gif |
GIF image data, version 89a, 774 x 198 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{982F1FC3-FE5F-460D-815F-F7FB76116FDC}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{72E38456-4F34-4E52-A3A7-A6E417760002}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D7038A18-F087-45E8-BEBC-452C84E30D87}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\cab3[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 16:19:49 2019, mtime=Thu Dec 2 11:26:58 2021, atime=Thu Sep 23 14:11:48 2021, length=12288, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$arge_12.01.2021.doc |
data | # | |
C:\Users\user\Documents\youTube.hta (copy) |
HTML document, ASCII text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\Documents\~$ouTube.hta |
data | # | |
C:\Users\user\Documents\~WRD0000.tmp |
HTML document, ASCII text, with very long lines, with CRLF line terminators | # | |
