Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
EFT Payment Notification - May 2_ 2024.eml
|
RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\48F943CC-973B-4082-A517-9598C5352480
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715106546336901500_EAA4BB55-280F-43F0-9D13-E22B7C7813F4.log
|
ASCII text, with very long lines (28760), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715106546339351700_EAA4BB55-280F-43F0-9D13-E22B7C7813F4.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240507T2029060142-6336.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
52.109.52.131
|
unknown
|
United States
|
||
20.189.173.7
|
unknown
|
United States
|