Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
original.eml
|
SMTP mail, ASCII text, with very long lines (459), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6F93833F-9C68-46CD-BB2C-3880C5681D2E
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\27C049F6.dat
|
PNG image data, 52 x 52, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F1B6983.dat
|
PNG image data, 600 x 230, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7CC52189.dat
|
PNG image data, 230 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A06EA174.dat
|
PNG image data, 52 x 52, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DB41C57F.dat
|
PNG image data, 52 x 52, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E398DA8.dat
|
PNG image data, 406 x 229, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FE466AE5.dat
|
PNG image data, 91 x 90, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CXC60YIX\phish_alert_sp2_2.0.0.0 (002).eml:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CXC60YIX\phish_alert_sp2_2.0.0.0.eml
|
RFC 822 mail, ASCII text, with very long lines (2029), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1025230089-6688.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\msoA227.tmp
|
GIF image data, version 89a, 15 x 15
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\olk9BFC.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\olkC447.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\olkC457.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 13:25:31 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 13:25:31 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 13:25:31 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 13:25:31 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 13:25:31 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
There are 17 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ldm3tYZAAAAADLICh8Vk9NFIaO6jUtcwjYfl5Ee&co=aHR0cHM6Ly9jbHViLWRlcy1wZXRpdHMtZGVqZXVuZXJzLWJyZWFrZmFzdC1jbHViLW9mLWNhbmFkYS5mdW5ka3lhcHAuY29tOjQ0Mw..&hl=fr&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=c8em2t24aput
|
|||
|
https://www.bedardressources.com/
|
|||
|
about:blank
|
|||
|
https://forms.office.com/Pages/ResponsePage.aspx?id=--rWdRONa0uC_l6OTQt_f8H_aQQIcehHpjqCJPBbfq5UMUg2S1lXMlNBUFpGTjIxNFMwNjJQUjBTVy4u
|
|||
|
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fclub-des-petits-dejeuners-breakfast-club-of-canada.fundkyapp.com%2Ffr%2Fdons-cdpd-tailgate-2024&title=Dons%20CDPD%20Tailgate%202024%20%7C%20Club%20des%20Petits%20D%C3%A9jeuners%20%2F%20Breakfast%20Club%20of%20Canada&referrer=&muid=NA&sid=NA&version=6&preview=false
|
|||
|
https://m.stripe.network/inner.html#url=https%3A%2F%2Fclub-des-petits-dejeuners-breakfast-club-of-canada.fundkyapp.com%2Ffr%2Fdons-cdpd-tailgate-2024&title=Dons%20CDPD%20Tailgate%202024%20%7C%20Club%20des%20Petits%20D%C3%A9jeuners%20%2F%20Breakfast%20Club%20of%20Canada&referrer=&muid=NA&sid=NA&version=6&preview=false
|
|||
|
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fclub-des-petits-dejeuners-breakfast-club-of-canada.fundkyapp.com
|
|||
|
https://club-des-petits-dejeuners-breakfast-club-of-canada.fundkyapp.com/fr/dons-cdpd-tailgate-2024
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cpl-iubenda.b-cdn.net
|
169.150.247.36
|
||
|
sni1gl.wpc.alphacdn.net
|
152.199.21.175
|
||
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
||
|
cdn-iubenda.b-cdn.net
|
84.17.46.49
|
||
|
stats.g.doubleclick.net
|
108.177.15.154
|
||
|
s-part-0014.t-0009.t-msedge.net
|
13.107.246.42
|
||
|
scontent.xx.fbcdn.net
|
157.240.0.6
|
||
|
club-des-petits-dejeuners-breakfast-club-of-canada.fundkyapp.com
|
99.79.55.35
|
||
|
fundky.com
|
99.79.55.35
|
||
|
cdn.fundky.com
|
99.79.55.35
|
||
|
sni1gl.wpc.omegacdn.net
|
152.199.21.175
|
||
|
stripe.com
|
198.202.176.81
|
||
|
www.google.com
|
142.250.184.228
|
||
|
hits-iubenda.b-cdn.net
|
169.150.247.37
|
||
|
plus.l.google.com
|
142.250.181.238
|
||
|
microsoftwindows.112.2o7.net
|
63.140.62.222
|
||
|
tr-rc.lfeeder.com
|
18.244.140.113
|
||
|
aka.ms
|
92.122.18.57
|
||
|
s-part-0045.t-0009.t-msedge.net
|
13.107.246.73
|
||
|
cs491.wac.edgecastcdn.net
|
192.229.233.25
|
||
|
browser-update.org
|
104.26.12.241
|
||
|
nmediasolutions.github.io
|
185.199.108.153
|
||
|
syndication.twitter.com
|
104.244.42.72
|
||
|
stripecdn.map.fastly.net
|
151.101.64.176
|
||
|
can01.safelinks.eop-tm2.outlook.com
|
52.102.11.124
|
||
|
dja7ygzgr04yk.cloudfront.net
|
99.84.9.129
|
||
|
play.google.com
|
142.250.185.78
|
||
|
m.stripe.com
|
34.209.252.182
|
||
|
analytics.google.com
|
142.250.185.238
|
||
|
bedardressources.com
|
40.86.225.89
|
||
|
cs-iubenda.b-cdn.net
|
169.150.247.38
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
sapi.fundky.com
|
99.79.55.35
|
||
|
js.monitor.azure.com
|
unknown
|
||
|
cs.iubenda.com
|
unknown
|
||
|
m.stripe.network
|
unknown
|
||
|
assets.onestore.ms
|
unknown
|
||
|
cdn.forms.office.net
|
unknown
|
||
|
lists.office.com
|
unknown
|
||
|
c.office.com
|
unknown
|
||
|
www.bedardressources.com
|
unknown
|
||
|
platform.twitter.com
|
unknown
|
||
|
cpl.iubenda.com
|
unknown
|
||
|
sc.lfeeder.com
|
unknown
|
||
|
can01.safelinks.protection.outlook.com
|
unknown
|
||
|
forms.office.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
logincdn.msftauth.net
|
unknown
|
||
|
connect.facebook.net
|
unknown
|
||
|
mem.gfx.ms
|
unknown
|
||
|
c.s-microsoft.com
|
unknown
|
||
|
idb.iubenda.com
|
unknown
|
||
|
cdn.iubenda.com
|
unknown
|
||
|
support.content.office.net
|
unknown
|
||
|
dc.services.visualstudio.com
|
unknown
|
||
|
login.microsoftonline.com
|
unknown
|
||
|
amp.azure.net
|
unknown
|
||
|
js.stripe.com
|
unknown
|
||
|
apis.google.com
|
unknown
|
||
|
acctcdn.msftauth.net
|
unknown
|
There are 50 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.99
|
unknown
|
United States
|
||
|
108.177.15.154
|
stats.g.doubleclick.net
|
United States
|
||
|
52.168.117.174
|
unknown
|
United States
|
||
|
13.107.246.42
|
s-part-0014.t-0009.t-msedge.net
|
United States
|
||
|
151.101.0.176
|
unknown
|
United States
|
||
|
20.50.88.241
|
unknown
|
United States
|
||
|
95.101.149.131
|
unknown
|
European Union
|
||
|
20.223.35.26
|
unknown
|
United States
|
||
|
20.189.173.3
|
unknown
|
United States
|
||
|
13.107.6.194
|
unknown
|
United States
|
||
|
169.150.247.38
|
cs-iubenda.b-cdn.net
|
United States
|
||
|
18.244.140.113
|
tr-rc.lfeeder.com
|
United States
|
||
|
104.244.42.72
|
syndication.twitter.com
|
United States
|
||
|
169.150.247.36
|
cpl-iubenda.b-cdn.net
|
United States
|
||
|
169.150.247.37
|
hits-iubenda.b-cdn.net
|
United States
|
||
|
23.192.249.186
|
unknown
|
United States
|
||
|
63.140.62.222
|
microsoftwindows.112.2o7.net
|
United States
|
||
|
34.209.252.182
|
m.stripe.com
|
United States
|
||
|
23.192.243.7
|
unknown
|
United States
|
||
|
84.17.46.49
|
cdn-iubenda.b-cdn.net
|
United Kingdom
|
||
|
88.221.110.138
|
unknown
|
European Union
|
||
|
104.124.11.8
|
unknown
|
United States
|
||
|
142.250.184.228
|
www.google.com
|
United States
|
||
|
142.250.186.74
|
unknown
|
United States
|
||
|
88.221.110.179
|
unknown
|
European Union
|
||
|
204.79.197.237
|
unknown
|
United States
|
||
|
142.250.186.35
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
13.107.246.73
|
s-part-0045.t-0009.t-msedge.net
|
United States
|
||
|
216.58.206.40
|
unknown
|
United States
|
||
|
104.244.42.136
|
unknown
|
United States
|
||
|
104.26.12.241
|
browser-update.org
|
United States
|
||
|
142.250.185.238
|
analytics.google.com
|
United States
|
||
|
172.217.18.2
|
unknown
|
United States
|
||
|
151.101.128.176
|
unknown
|
United States
|
||
|
40.126.31.73
|
unknown
|
United States
|
||
|
40.86.225.89
|
bedardressources.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
20.190.160.22
|
unknown
|
United States
|
||
|
52.109.28.47
|
unknown
|
United States
|
||
|
198.202.176.81
|
stripe.com
|
United States
|
||
|
142.250.185.195
|
unknown
|
United States
|
||
|
152.199.21.175
|
sni1gl.wpc.alphacdn.net
|
United States
|
||
|
185.199.108.153
|
nmediasolutions.github.io
|
Netherlands
|
||
|
52.102.11.124
|
can01.safelinks.eop-tm2.outlook.com
|
United States
|
||
|
142.250.186.42
|
unknown
|
United States
|
||
|
52.109.76.240
|
unknown
|
United States
|
||
|
151.101.64.176
|
stripecdn.map.fastly.net
|
United States
|
||
|
142.250.186.46
|
unknown
|
United States
|
||
|
142.250.185.78
|
play.google.com
|
United States
|
||
|
142.250.185.206
|
unknown
|
United States
|
||
|
192.229.233.25
|
cs491.wac.edgecastcdn.net
|
United States
|
||
|
152.199.19.161
|
unknown
|
United States
|
||
|
142.250.186.170
|
unknown
|
United States
|
||
|
192.168.2.17
|
unknown
|
unknown
|
||
|
95.101.148.110
|
unknown
|
European Union
|
||
|
99.79.55.35
|
club-des-petits-dejeuners-breakfast-club-of-canada.fundkyapp.com
|
United States
|
||
|
20.189.173.13
|
unknown
|
United States
|
||
|
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
||
|
93.184.221.200
|
unknown
|
European Union
|
||
|
157.240.0.6
|
scontent.xx.fbcdn.net
|
United States
|
||
|
99.84.9.129
|
dja7ygzgr04yk.cloudfront.net
|
United States
|
||
|
184.28.89.233
|
unknown
|
United States
|
||
|
20.189.173.16
|
unknown
|
United States
|
||
|
142.250.181.238
|
plus.l.google.com
|
United States
|
||
|
40.126.31.67
|
unknown
|
United States
|
||
|
52.27.30.120
|
unknown
|
United States
|
||
|
20.189.173.18
|
unknown
|
United States
|
||
|
13.74.129.1
|
unknown
|
United States
|
||
|
142.250.186.131
|
unknown
|
United States
|
||
|
2.18.121.147
|
unknown
|
European Union
|
||
|
13.89.178.26
|
unknown
|
United States
|
||
|
23.211.8.208
|
unknown
|
United States
|
||
|
2.18.64.205
|
unknown
|
European Union
|
||
|
142.250.74.195
|
unknown
|
United States
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
142.250.110.84
|
unknown
|
United States
|
||
|
216.58.212.136
|
unknown
|
United States
|
||
|
18.239.83.7
|
unknown
|
United States
|
||
|
52.111.243.106
|
unknown
|
United States
|
||
|
142.250.185.132
|
unknown
|
United States
|
||
|
142.250.185.170
|
unknown
|
United States
|
||
|
23.211.9.92
|
unknown
|
United States
|
||
|
92.122.18.57
|
aka.ms
|
European Union
|
||
|
142.250.185.131
|
unknown
|
United States
|
||
|
20.105.99.58
|
unknown
|
United States
|
||
|
2.18.121.134
|
unknown
|
European Union
|
||
|
52.109.76.144
|
unknown
|
United States
|
There are 78 hidden IPs, click here to show them.