Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
9A - Khensu - (Pachons) 2025.docx
|
Microsoft Word 2007+
|
initial sample
|
||
|
/Users/bernard/Desktop/~$ - Khensu - (Pachons) 2025.docx
|
data
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/FontCache/systemfontmetadata.json
|
JSON data
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (13112), with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectbronze_apple.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectgalaxy_apple.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectgold_apple.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectlava_apple.jpg
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectocean_apple.jpg
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectrainbowglitter_apple.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectrosegold_apple.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/CloudGraphicsResources/Graphics/inkeffectsilver_apple.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 405x405, components
3
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/GraphicsCache/1/oart.json
|
JSON data
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/Word.CampaignStates.json
|
JSON data
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/WebServiceCache/AllUsers/officeclient.microsoft.com/BBF98802-4CD4-CD4C-9154-911C4F032D58
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml
|
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Temp/~WRS{4FACBB30-11D3-734D-8C23-8C750BE30DEE}
|
data
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Temp/~WRS{BA4279CA-9775-9046-9C80-6F4D100CD6B3}
|
data
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Caches/Microsoft/uls/com.microsoft.Word/logs/apple-device-log-20240703-0049.log
|
ASCII text, with very long lines (786), with CRLF line terminators
|
dropped
|
||
|
/Users/bernard/Library/Containers/com.microsoft.Word/Data/Library/Caches/com.microsoft.ctrlstrcaches/com.microsoft.Word.ctrlstrcache.en.plist
|
Apple binary property list
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/Custom Dictionary
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/MeContact.plist
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/ar.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/cs.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/da.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/de.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/el.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/en.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/es.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/fi.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/fr.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/he.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/hu.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/id.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/it.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/ja.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/ko.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/nl.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/no.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/pl.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/pt.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/pt_PT.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/ru.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/sk.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/sv.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/th.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/tr.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/zh_CN.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/User Content.localized/Proofing Tools.localized/.localized/zh_TW.strings
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
/Users/bernard/Library/Group Containers/UBF8T346G9.Office/~$stom Dictionary
|
data
|
dropped
|
||
|
/Users/bernard/Library/Keychains/login.keychain-db.sb-07d82885-p2be2j
|
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 963362762505407623593984.000000, slope 303834226087943251262072422400.000000
|
dropped
|
||
|
/dev/null
|
ASCII text, with very long lines (347)
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.microsoft.Word/mds/mdsDirectory.db_
|
Mac OS X Keychain File
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.microsoft.Word/mds/mdsObject.db_
|
Mac OS X Keychain File
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/10B0228C.png
|
TIFF image data, big-endian, direntries=16, height=54, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/10EDDAE8.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=115
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/11841C1E.png
|
PNG image data, 100 x 220, 8-bit colormap, non-interlaced
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/16131B96.png
|
TIFF image data, big-endian, direntries=16, height=49, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/174AAD05.png
|
TIFF image data, big-endian, direntries=16, height=90, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=104
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/1AF758DA.png
|
TIFF image data, big-endian, direntries=16, height=47, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=38
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/1F48DC9.png
|
TIFF image data, big-endian, direntries=16, height=87, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=68
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/2B23EC66.png
|
TIFF image data, big-endian, direntries=16, height=54, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/31B18231.png
|
TIFF image data, big-endian, direntries=16, height=78, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=71
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/3D1B5633.png
|
TIFF image data, big-endian, direntries=16, height=81, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=80
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/3FFBCC4A.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=115
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/40773BBF.png
|
TIFF image data, big-endian, direntries=16, height=87, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=68
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/42DA7FF5.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=47
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/44151D64.png
|
TIFF image data, big-endian, direntries=16, height=80, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=92
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/44D5CC0F.png
|
TIFF image data, big-endian, direntries=16, height=92, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=97
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/45D76187.png
|
TIFF image data, big-endian, direntries=16, height=54, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/4845C5EB.png
|
TIFF image data, big-endian, direntries=16, height=49, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/4E635021.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=43
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/51F7A8A0.png
|
TIFF image data, big-endian, direntries=16, height=88, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=93
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/5AC8C20D.png
|
TIFF image data, big-endian, direntries=16, height=78, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=71
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/603137AE.png
|
TIFF image data, big-endian, direntries=16, height=88, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=93
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/628A4936.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=52
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/6661891D.png
|
TIFF image data, big-endian, direntries=16, height=81, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=80
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/69B6B298.png
|
TIFF image data, big-endian, direntries=16, height=54, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/6D9C2A9F.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=84
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/736A847A.png
|
TIFF image data, big-endian, direntries=16, height=54, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/7AC9F467.png
|
TIFF image data, big-endian, direntries=16, height=78, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=71
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/815ACE50.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=115
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/82AB6A5B.png
|
TIFF image data, big-endian, direntries=16, height=45, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/838BF041.png
|
TIFF image data, big-endian, direntries=16, height=52, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/8668DBC3.png
|
TIFF image data, big-endian, direntries=16, height=47, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=43
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/868F71A9.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=84
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/870A5CF7.png
|
TIFF image data, big-endian, direntries=16, height=81, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=80
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/8CC808AA.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=50
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/91B1733C.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=50
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/96F9A52F.png
|
TIFF image data, big-endian, direntries=16, height=85, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=88
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/99405F13.png
|
TIFF image data, big-endian, direntries=16, height=92, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=97
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/9A47A1B9.png
|
TIFF image data, big-endian, direntries=16, height=85, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=88
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/9BA056C4.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=115
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/9D8322B4.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=52
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/A3107B25.png
|
TIFF image data, big-endian, direntries=16, height=87, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=68
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/A8EBEACB.png
|
TIFF image data, big-endian, direntries=16, height=48, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=41
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/A9AFEC.png
|
TIFF image data, big-endian, direntries=16, height=86, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=88
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/B2362CA3.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=84
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/B70165F8.png
|
TIFF image data, big-endian, direntries=16, height=47, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=44
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/BD8C5615.png
|
TIFF image data, big-endian, direntries=16, height=49, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/CC59AEF0.png
|
TIFF image data, big-endian, direntries=16, height=80, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=92
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/CEEAFD99.png
|
TIFF image data, big-endian, direntries=16, height=92, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=97
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/D2C1F6FD.png
|
TIFF image data, big-endian, direntries=16, height=86, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=88
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/D45E140.png
|
TIFF image data, big-endian, direntries=16, height=82, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=82
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/D537C742.png
|
TIFF image data, big-endian, direntries=16, height=45, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/D553FD7B.png
|
TIFF image data, big-endian, direntries=16, height=52, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/DF83FEE2.png
|
TIFF image data, big-endian, direntries=16, height=82, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=82
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/E2FABDDC.png
|
TIFF image data, big-endian, direntries=16, height=90, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=104
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/E5A05A11.png
|
TIFF image data, big-endian, direntries=16, height=87, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=68
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/E62E194E.png
|
TIFF image data, big-endian, direntries=16, height=82, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=82
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/E6EAD6C6.png
|
TIFF image data, big-endian, direntries=16, height=45, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=49
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/EEAD27D7.png
|
TIFF image data, big-endian, direntries=16, height=45, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=40
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/F279BD12.png
|
TIFF image data, big-endian, direntries=16, height=80, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=92
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/F3011D72.png
|
TIFF image data, big-endian, direntries=16, height=79, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=115
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/F3708414.png
|
TIFF image data, big-endian, direntries=16, height=45, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=45
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/F6AC227E.png
|
TIFF image data, big-endian, direntries=16, height=49, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/F8DD4C2D.png
|
TIFF image data, big-endian, direntries=16, height=48, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=41
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/Content.MSO/FE743648.png
|
TIFF image data, big-endian, direntries=16, height=46, bps=0, compression=none, PhotometricIntepretation=RGB, orientation=upper-left,
width=46
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/TemporaryItems/(A Document Being Saved By Word)/ProofingPrefs.plist
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/TemporaryItems/(A Document Being Saved By Word)/ci.plist
|
Apple binary property list
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/TemporaryItems/(A Document Being Saved By Word)/com.microsoft.Word.securebookmarks.plist
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.microsoft.Word/mso00025981
|
GIF image data, version 89a, 15 x 15
|
dropped
|
||
|
/private/var/log/wifi.log.0.bz2
|
bzip2 compressed data, block size = 900k
|
dropped
|
There are 113 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/libexec/xpcproxy
|
-
|
||
|
/usr/libexec/nsurlstoraged
|
/usr/libexec/nsurlstoraged --privileged
|
||
|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
-
|
||
|
/usr/bin/open
|
/usr/bin/open /Users/bernard/Desktop/9A - Khensu - (Pachons) 2025.docx
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
|
/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
|
||
|
/usr/bin/bzip2
|
-
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/usr/libexec/firmwarecheckers/eficheck/eficheck
|
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/connectors
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://ic3.teams.office.com
|
unknown
|
||
|
https://www.yammer.com
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
|
https://otelrules.svc.static.microsoft
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
|
unknown
|
||
|
https://edge.skype.com/registrar/prod
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://api.scheduler.
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://edge.skype.com/rps
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://substrate.office.com
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://d.docs.live.net
|
unknown
|
||
|
https://safelinks.protection.outlook.com/api/GetPolicy
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officepyservice.office.net/service.functionality
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://templatesmetadata.office.net/
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://pushchannel.1drv.ms
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://make.powerautomate.com
|
unknown
|
||
|
https://api.addins.omex.office.net/api/addins/search
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://login.windows.local
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
appledownload.map.fastly.net
|
151.101.67.8
|
||
|
h3.apis.apple.map.fastly.net
|
151.101.3.6
|
||
|
updates.cdn-apple.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
151.101.67.8
|
appledownload.map.fastly.net
|
United States
|
||
|
151.101.3.6
|
h3.apis.apple.map.fastly.net
|
United States
|
||
|
151.101.131.6
|
unknown
|
United States
|
||
|
184.51.216.242
|
unknown
|
United States
|
||
|
151.101.67.6
|
unknown
|
United States
|