Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order Confirmed.eml
|
RFC 822 mail, ASCII text, with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1F6E52D4.dat
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x1912,
components 3
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{92A02C0B-46B5-4B28-8385-AD6890527AA6}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716414838845389500_792DC315-C800-4C15-BBB9-989084541A30.log
|
ASCII text, with very long lines (28771), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716414838846078500_792DC315-C800-4C15-BBB9-989084541A30.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240522T1753580643-6952.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\olkD01C.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
PDP-11 separate I&D executable not stripped
|
dropped
|
There are 3 hidden files, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
52.113.194.132
|
unknown
|
United States
|
||
|
20.189.173.8
|
unknown
|
United States
|