Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
original (4).eml
|
SMTP mail, ASCII text, with very long lines (443), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6DE6B2D2-1137-4FD2-973D-0F974698284B
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\153 - NM West Area Ops Full Spreadsheet (002).xlsx
|
Microsoft Excel 2007+
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\153 - NM West Area Ops Full Spreadsheet (002).xlsx:Zone.Identifier
(copy)
|
RFC 822 mail, ASCII text, with very long lines (793), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\phish_alert_sp2_2.0.0.0.eml
|
RFC 822 mail, ASCII text, with very long lines (793), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\phish_alert_sp2_2.0.0.0.eml:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\~$153 - NM West Area Ops Full Spreadsheet.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db
|
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Temp\Diagnostics\EXCEL\App1720043457776199400_0F62FBFF-425F-4B2B-A5BD-9B1B92FC4C81.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\Diagnostics\EXCEL\App1720043461978768000_7901C45E-FEF4-45AA-96D3-8FC7FA867CA5.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\Diagnostics\EXCEL\App1720043461980990400_7901C45E-FEF4-45AA-96D3-8FC7FA867CA5.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\msoFE6F.tmp
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043443196736200_7AB9C2C0-9FA7-4FE4-B8ED-443E982C27DF.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1750430023-7088.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1750540022-2304.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF1934EE0408D94E8E.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFF82DFCCBA15D9A46.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\5FD20000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\Excel15.xlb (copy)
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
There are 27 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
52.182.143.209
|
unknown
|
United States
|
||
52.109.28.47
|
unknown
|
United States
|
||
52.109.32.97
|
unknown
|
United States
|
||
2.19.126.160
|
unknown
|
European Union
|
||
52.109.89.119
|
unknown
|
United States
|
||
20.189.173.3
|
unknown
|
United States
|
||
184.28.90.27
|
unknown
|
United States
|
||
199.232.210.172
|
bg.microsoft.map.fastly.net
|
United States
|
||
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
There are 1 hidden IPs, click here to show them.