Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
original (3).eml
|
SMTP mail, ASCII text, with very long lines (443), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_40RegularVersion 4.40;O365
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\open[1].gif
|
GIF image data, version 89a, 1 x 1
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\R_only_3923939944900779299[1].png
|
PNG image data, 115 x 136, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 21:00:32 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 21:00:32 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 21:00:32 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 21:00:32 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 21:00:32 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
There are 7 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcvpW0nAAAAAMdjeor9kycixdFzk33K1G_hmOM_&co=aHR0cHM6Ly93d3cuY2xvdmVyLmNvbTo0NDM.&hl=en&type=image&v=rKbTvxTxwcw5VqzrtN-ICwWt&theme=light&size=invisible&badge=bottomright&cb=82nue22mxl4z
|
|||
https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=PAYMENT_REQUEST_BUTTON&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%7D&paymentRequest=%7B%22total%22%3A%7B%22label%22%3A%22Clover%20checkout%22%2C%22amount%22%3A25750%7D%2C%22merchantHostname%22%3A%22www.clover.com%22%7D&locale=en
|
|||
https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=INTERMEDIATE&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&locale=en
|
|||
https://pay.google.com/gp/p/generate_gpay_btn_img?buttonColor=default&browserLocale=en&hl=en&buttonSizeMode=fill&enableGpayNewButtonAsset=false&gpayButtonVariantType=1&gpayButtonType=long
|
|||
https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_DATE&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en
|
|||
about:blank
|
|||
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fcheckout.clover.com&mid=
|
|||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LcvpW0nAAAAAMdjeor9kycixdFzk33K1G_hmOM_
|
|||
https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_POSTAL_CODE&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en
|
|||
https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_CVV&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en
|
|||
https://www.clover.com/checkout/0552f742-a361-4d4b-a3ae-90d09d1e75d2
|
|||
https://checkout.clover.com/widget.html?baseOrigin=https%3A%2F%2Fcheckout.clover.com&element=CARD_NUMBER&origin=https%3A%2F%2Fwww.clover.com&apiKey=bc22012281f7c86f7aa9b5c865b718c0&mId=TFBPCD63SEK91&styles=%7B%22.hydrated%22%3A%7B%22display%22%3A%22block%22%2C%22height%22%3A%222em%22%2C%22overflow%22%3A%22hidden%22%7D%2C%22input%22%3A%7B%22backgroundColor%22%3A%22transparent%22%2C%22boxShadow%22%3A%22none%22%2C%22fontSize%22%3A%2215px%22%2C%22height%22%3A%221.2em%22%2C%22width%22%3A%22100%25%22%7D%2C%22img%22%3A%7B%22height%22%3A%221.2em%20!important%22%2C%22width%22%3A%221.8em%22%7D%7D&locale=en
|
There are 2 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
google.com
|
142.250.184.206
|
||
checkout.clover.com
|
35.241.51.22
|
||
u17060778.ct.sendgrid.net
|
167.89.115.147
|
||
pay.sandbox.google.com
|
66.102.1.81
|
||
play.google.com
|
142.250.186.174
|
||
pay.google.com
|
64.233.167.92
|
||
www.google.com
|
142.250.185.100
|
||
api.clover.com
|
166.73.4.198
|
||
cloverstatic.com
|
166.73.4.207
|
||
www.clover.com
|
166.73.4.197
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.186.68
|
unknown
|
United States
|
||
108.177.15.92
|
unknown
|
United States
|
||
142.250.186.174
|
play.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
20.42.65.84
|
unknown
|
United States
|
||
142.250.185.100
|
www.google.com
|
United States
|
||
142.250.185.227
|
unknown
|
United States
|
||
172.217.23.99
|
unknown
|
United States
|
||
166.73.4.198
|
api.clover.com
|
United States
|
||
64.233.184.92
|
unknown
|
United States
|
||
2.19.126.160
|
unknown
|
European Union
|
||
166.73.4.197
|
www.clover.com
|
United States
|
||
64.233.167.92
|
pay.google.com
|
United States
|
||
52.109.89.19
|
unknown
|
United States
|
||
35.241.51.22
|
checkout.clover.com
|
United States
|
||
142.250.184.206
|
google.com
|
United States
|
||
142.250.186.74
|
unknown
|
United States
|
||
52.113.194.132
|
unknown
|
United States
|
||
142.250.184.195
|
unknown
|
United States
|
||
23.212.194.8
|
unknown
|
United States
|
||
66.102.1.81
|
pay.sandbox.google.com
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
173.194.76.92
|
unknown
|
United States
|
||
167.89.115.147
|
u17060778.ct.sendgrid.net
|
United States
|
||
172.217.16.206
|
unknown
|
United States
|
||
142.250.186.163
|
unknown
|
United States
|
||
172.217.18.3
|
unknown
|
United States
|
||
2.19.126.137
|
unknown
|
European Union
|
||
142.250.185.238
|
unknown
|
United States
|
||
216.58.206.46
|
unknown
|
United States
|
||
64.233.167.84
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.185.195
|
unknown
|
United States
|
||
142.250.186.164
|
unknown
|
United States
|
||
172.217.16.196
|
unknown
|
United States
|
||
166.73.4.207
|
cloverstatic.com
|
United States
|
||
172.217.16.195
|
unknown
|
United States
|
There are 27 hidden IPs, click here to show them.