Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Microsoft account password reset.eml
|
RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with very long lines (537), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BD8B9D8B-7081-4C48-9C71-7E1E97913319}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716391221505305300_868CD212-180C-4629-8AD2-457A2641255B.log
|
ASCII text, with very long lines (28774), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716391221506206300_868CD212-180C-4629-8AD2-457A2641255B.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240522T1120210296-5948.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:21:21 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:21:21 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:21:21 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:21:21 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:21:21 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
There are 7 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
nam04.safelinks.protection.outlook.com
|
104.47.73.156
|
||
www.google.com
|
142.250.185.68
|
||
c.s-microsoft.com
|
unknown
|
||
assets.onestore.ms
|
unknown
|
||
i.s-microsoft.com
|
unknown
|
||
ajax.aspnetcdn.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
142.250.185.68
|
www.google.com
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
152.199.19.160
|
unknown
|
United States
|
||
88.221.125.143
|
unknown
|
European Union
|
||
2.16.164.83
|
unknown
|
European Union
|
||
172.217.16.206
|
unknown
|
United States
|
||
23.43.61.127
|
unknown
|
United States
|
||
20.189.173.4
|
unknown
|
United States
|
||
142.251.5.84
|
unknown
|
United States
|
||
192.168.2.18
|
unknown
|
unknown
|
||
104.119.109.218
|
unknown
|
United States
|
||
23.197.124.141
|
unknown
|
United States
|
||
23.43.62.58
|
unknown
|
United States
|
||
184.28.89.233
|
unknown
|
United States
|
||
88.221.169.152
|
unknown
|
European Union
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
172.217.23.99
|
unknown
|
United States
|
||
104.47.73.156
|
nam04.safelinks.protection.outlook.com
|
United States
|
There are 9 hidden IPs, click here to show them.