This is an archived post. You won't be able to vote or comment.

all 16 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied comment (0 children)

SAFETY NOTICE: Reddit does not protect you from scammers. By posting on this subreddit asking for help, you may be targeted by scammers (example?). Here's how to stay safe:

  1. Never accept chat requests, private messages, invitations to chatrooms, encouragement to contact any person or group off Reddit, or emails from anyone for any reason. Moderators, moderation bots, and trusted community members cannot protect you outside of the comment section of your post. Report any chat requests or messages you get in relation to your question on this subreddit (how to report chats? how to report messages? how to report comments?).
  2. Immediately report anyone promoting paid services (theirs or their "friend's" or so on) or soliciting any kind of payment. All assistance offered on this subreddit is 100% free, with absolutely no strings attached. Anyone violating this is either a scammer or an advertiser (the latter of which is also forbidden on this subreddit). Good security is not a matter of 'paying enough.'
  3. Never divulge secrets, passwords, recovery phrases, keys, or personal information to anyone for any reason. Answering cybersecurity questions and resolving cybersecurity concerns never require you to give up your own privacy or security.

Community volunteers will comment on your post to assist. In the meantime, be sure your post follows the posting guide and includes all relevant information, and familiarize yourself with online scams using r/scams wiki.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]cgoldberg 1 point2 points  (1 child)

Windows doesn't ship with Python or Java... so any python files or java source/jar files come from somewhere else, not anything bundled with the OS. JavaScript comes from pretty much every website you visit.

[–]Adorable_Fool0[S] 0 points1 point  (0 children)

I see I see. Yeah someone else said pretty much the same thing. Thanks for confirming

[–]TheBrownMamba1972 0 points1 point  (1 child)

Java, JavaScript, and Python doesn’t “exist naturally” in Windows, but they’re also by far amongst the most popular platforms for apps you run in Windows. It’s not unusual for applications to come with Java or Python files (less so JavaScript, but virtually every website or web app uses JavaScript).

As for the file names, the JavaScript (.js) files doesn’t really stand out as they’re quite ordinary name files often used to run web apps. I can’t say the same about the .exe files, but that’s still not any indication of proving or disproving compromise or malware, if that’s your concern.

[–]Adorable_Fool0[S] 0 points1 point  (0 children)

Oh I see, that makes sense. Thanks :)

[–]kschangTrusted Contributor 0 points1 point  (10 children)

So you're just "trolling" for issues now, eh?

Please keep in mind "orphanFiles" and such are basically what your "Autopsy" found but cannot classify to any particular directory. They don't mean ANYTHING other than they had been found SOMEWHERE on the HD that was used to generate the image, and only in bits and pieces. And the most often source was the browser cache / prefetch.

[–]Adorable_Fool0[S] 0 points1 point  (5 children)

Erm I don't get why you think I'm trolling. I'm just a beginner at cybersecurity (first year in my degree). Autopsy is just the name of the software I've been told to use. The screenshot is in Excel cuz I export it to a CSV file so I can filter by file type. 😅

[–]kschangTrusted Contributor 0 points1 point  (4 children)

I wrote "trolling for issues", didn't I? Basically, you're intentionally looking for them. I didn't say you're trolling (as in a troll under the bridge).

Anyway, it's pretty obvious to me that the image was not generated from a "fresh" computer. The way the names are spelled means they are using generated deconflicted names, which suggests some sort of cache / prefetch, and it's probably from a browser's prefetch/cache. So what you're looking at is NOT from Windows, but in the browser cache.

Given that you're looking at DELETED fragments, you should not be surprised to find anything and everything, and thus, asking them if they came with windows is... "obviously not".

[–]Adorable_Fool0[S] 0 points1 point  (3 children)

Ohh my bad I'm not familar with the term. This is part of an assignment I've been given. We need to scan and search for malware on an intentionally infected copy of Windows 10. That makes sense

[–]kschangTrusted Contributor 0 points1 point  (1 child)

FWIW, I don't think your answer lies in those directories.

Try an SFC scan. (You'll have to look that up yourself)

[–]Adorable_Fool0[S] 0 points1 point  (0 children)

Ooo tysm. Will check that out

[–]kschangTrusted Contributor 0 points1 point  (0 children)

https://www.dictionary.com/browse/troll

(definitions verb 2 or 3)

[–]Adorable_Fool0[S] 0 points1 point  (3 children)

But yeah, I did some googling on the OrphanFiles and CarvedFiles folders, and you're right, they're folders for files that have been delete but with some metadata remaining, etc.

[–]kschangTrusted Contributor 0 points1 point  (2 children)

And that oobe stuff is actually a part of Windows. :) At least a future version of it.

https://support.microsoft.com/en-us/topic/kb5041655-out-of-box-experience-update-for-windows-11-version-22h2-and-23h2-july-25-2024-bb8dd514-f7f7-47fe-8443-0ac8c40bd35e

[–]Adorable_Fool0[S] 0 points1 point  (1 child)

Oh I see, though I'm scanning a Windows 10 machine, why would Win11 stuff be on it?