Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Chrome Cache Entry: 53
|
ASCII text, with very long lines (32077)
|
downloaded
|
||
|
Chrome Cache Entry: 54
|
ASCII text, with very long lines (65277), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 55
|
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 56
|
PNG image data, 26 x 26, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 57
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 58
|
PNG image data, 11 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 59
|
ASCII text, with very long lines (32042), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 60
|
Web Open Font Format, TrueType, length 29464, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 61
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 62
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 63
|
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 64
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 65
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 66
|
Web Open Font Format, TrueType, length 34924, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 67
|
ASCII text, with very long lines (65291), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 68
|
ASCII text, with very long lines (32077)
|
dropped
|
||
|
Chrome Cache Entry: 69
|
PNG image data, 11 x 14, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 70
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 71
|
assembler source, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 72
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 73
|
PNG image data, 26 x 26, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 74
|
ASCII text, with very long lines (32042), with CRLF, LF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 75
|
HTML document, ASCII text, with very long lines (340), with CRLF line terminators
|
downloaded
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2240,i,11962410349638849435,3318013894265169833,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=mboucher%40steptoe.com&senderemailaddress=dereke_tsao%40huntsman.com&senderorganization=AwGDAAAAAn8AAAADAQAAAPQatcJHlwdCptXo%2b7xVAphPVT1odW50c21hbmNvcnAub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1FVVJQUjAxQTAwOSxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NyrJ2HfG4vEyrMrRAFDrBykNOPUNvbmZpZ3VyYXRpb24sQ049aHVudHNtYW5jb3JwLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9RVVSUFIwMUEwMDksREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cDU2PR01MB86075C61B8B92D853A1D5A4DED202%40DU2PR01MB8607.eurprd01.prod.exchangelabs.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40huntsmancorp.onmicrosoft.com&consumerEncryption=false&senderorgid=b5477562-3f93-4544-8cb3-a772ec1d321a&urldecoded=1&e4e_sdata=dn6V8ynRC8bYW5qHPPdQ0L0GUZTuk1t50jBxyjq%2brOxHfZ6k8xmrg9bEV5MSwkpw37zDNdYPZlIqW9fR%2fwfYlu9rlD9wfFbfG3dTjjy0%2bVy2fcsQb0QckfksQH0JiZ%2fLJk8FDD2Fk7EpvJ4R%2f2TPe%2fPE5U8Mt6BDSwepOEsdXYr%2fpKy2PoqevtDqpHh3GbVhG6j9Fg5f3libxKupS%2fqEO76YMUGlVym9aiRZ%2bVwmM6qW%2bjV7gsk9%2fTymBMsqNW2fk0wiUprRjt6X9ovZIiP9h1uCzpSBb5XpfsBPbLGOC%2b7eRJMlDmJzGFcBkxHXqIYNs%2fGfD7XPnbwuDRFngZre6Q%3d%3d"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=mboucher%40steptoe.com&senderemailaddress=dereke_tsao%40huntsman.com&senderorganization=AwGDAAAAAn8AAAADAQAAAPQatcJHlwdCptXo%2b7xVAphPVT1odW50c21hbmNvcnAub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1FVVJQUjAxQTAwOSxEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NyrJ2HfG4vEyrMrRAFDrBykNOPUNvbmZpZ3VyYXRpb24sQ049aHVudHNtYW5jb3JwLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9RVVSUFIwMUEwMDksREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cDU2PR01MB86075C61B8B92D853A1D5A4DED202%40DU2PR01MB8607.eurprd01.prod.exchangelabs.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40huntsmancorp.onmicrosoft.com&consumerEncryption=false&senderorgid=b5477562-3f93-4544-8cb3-a772ec1d321a&urldecoded=1&e4e_sdata=dn6V8ynRC8bYW5qHPPdQ0L0GUZTuk1t50jBxyjq%2brOxHfZ6k8xmrg9bEV5MSwkpw37zDNdYPZlIqW9fR%2fwfYlu9rlD9wfFbfG3dTjjy0%2bVy2fcsQb0QckfksQH0JiZ%2fLJk8FDD2Fk7EpvJ4R%2f2TPe%2fPE5U8Mt6BDSwepOEsdXYr%2fpKy2PoqevtDqpHh3GbVhG6j9Fg5f3libxKupS%2fqEO76YMUGlVym9aiRZ%2bVwmM6qW%2bjV7gsk9%2fTymBMsqNW2fk0wiUprRjt6X9ovZIiP9h1uCzpSBb5XpfsBPbLGOC%2b7eRJMlDmJzGFcBkxHXqIYNs%2fGfD7XPnbwuDRFngZre6Q%3d%3d
|
|||
|
https://r1.res.office365.com/owa/prem/15.20.8158.23/resources/styles/fonts/office365icons.eot?#iefix
|
unknown
|
||
|
https://static2.sharepointonline.com/files/fabric/office-ui-fabric-js/1.2.0/css/fabric.components.mi
|
unknown
|
||
|
https://outlook.office365.com/Encryption/lock.png
|
52.98.243.34
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=1736cb2d-2432-4361-a5b0-8e7
|
unknown
|
||
|
https://outlook.office365.com/Encryption/authentication.css
|
52.98.243.34
|
||
|
https://o365exchange.visualstudio.com/IP%20Engineering/_queries/edit/1648312
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
|
unknown
|
||
|
https://outlook.office365.com/Encryption/default.aspx?itemID=E4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32
|
52.98.243.34
|
||
|
https://outlook.office365.com/Encryption/help.png
|
52.98.243.34
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-semibold.ttf
|
unknown
|
||
|
https://outlook.office365.com/Encryption/OTPSend.ashx?itemID=E4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32&OTPRef=SigninPage
|
52.98.243.34
|
||
|
https://r1.res.office365.com/owa/prem/15.20.8158.23/resources/images/0/favicon.ico
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-light.ttf
|
unknown
|
||
|
https://outlook.office365.com/Encryption/liveid.png
|
52.98.243.34
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-bold.ttf
|
unknown
|
||
|
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.12.4.min.js
|
unknown
|
||
|
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32&e4e_sdata=Th2fvZ%2bmQVvlI8bF567qR5n%2bQmgm101F9JdiW4RnGhIH9yzZaboffc29zt0TRNfUrcsE00jWq7RkZfdDNNXWU5I1xlXgFkMHRZzmAUGSN5aSDOv0GkDVVvzX7jbao0EIKllmDwG9%2fHr%2bjuu3O16YRaXAioiKb7uVYPI5N9EDUJd3mpftyFT13qGwiMrYLLwFHy8dnikm3hwUa3hAU%2b%2fPp7jm83x%2fBKBMHQGVTxAbL37kKGUmVdErcilE757T6eG8PkiZCt9mErn92boP9JDCPG8XgiHysoTJDjNGvCQpvwIv9Uz%2f5c%2b2LhD9Gvh7yaQyr%2b8yoDqohaGcJq5P0wAFAg%3d%3d
|
|||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-semibold.woff
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/15.20.8158.23/resources/styles/fonts/office365icons.ttf
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-regular.ttf
|
unknown
|
||
|
https://static2.sharepointonline.com/files/fabric/office-ui-fabric-js/1.2.0/css/fabric.min.css
|
unknown
|
||
|
https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32
|
|||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-regular.woff
|
unknown
|
||
|
https://outlook.office365.com/Encryption/base.css
|
52.98.243.34
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-semilight.woff
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/15.20.8158.23/resources/styles/fonts/office365icons.woff
|
unknown
|
||
|
https://outlook.office365.com/Encryption/arrow.png
|
52.98.243.34
|
||
|
https://static2.sharepointonline.com/files/fabric/office-ui-fabric-js/1.2.0/js/fabric.min.js
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-bold.woff
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-semilight.ttf
|
unknown
|
||
|
https://r1.res.office365.com/owa/prem/fonts/segoeui-light.woff
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ooc-g2.tm-4.office.com
|
52.98.243.34
|
||
|
CDG-efz.ms-acdc.office.com
|
40.99.220.50
|
||
|
www.google.com
|
142.250.185.100
|
||
|
static2.sharepointonline.com
|
unknown
|
||
|
r1.res.office365.com
|
unknown
|
||
|
ajax.aspnetcdn.com
|
unknown
|
||
|
outlook.office365.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
40.99.220.50
|
CDG-efz.ms-acdc.office.com
|
United States
|
||
|
142.250.185.100
|
www.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
52.98.243.34
|
ooc-g2.tm-4.office.com
|
United States
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32&e4e_sdata=Th2fvZ%2bmQVvlI8bF567qR5n%2bQmgm101F9JdiW4RnGhIH9yzZaboffc29zt0TRNfUrcsE00jWq7RkZfdDNNXWU5I1xlXgFkMHRZzmAUGSN5aSDOv0GkDVVvzX7jbao0EIKllmDwG9%2fHr%2bjuu3O16YRaXAioiKb7uVYPI5N9EDUJd3mpftyFT13qGwiMrYLLwFHy8dnikm3hwUa3hAU%2b%2fPp7jm83x%2fBKBMHQGVTxAbL37kKGUmVdErcilE757T6eG8PkiZCt9mErn92boP9JDCPG8XgiHysoTJDjNGvCQpvwIv9Uz%2f5c%2b2LhD9Gvh7yaQyr%2b8yoDqohaGcJq5P0wAFAg%3d%3d
|
||
|
https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32&OTPMessageId=6eb52f52-f7c6-44fd-9845-afc005539d17%40PAXPR01MB8758.eurprd01.prod.exchangelabs.com&OTPReferenceId=5218
|
||
|
https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_a61c3983-1735-46d9-87c8-13c9e0001b32
|
||
|
https://outlook.office365.com/Encryption/ErrorPage.aspx?src=5&code=20&be=PAXPR01MB8758&fe=FR0P281CA0177.DEUP281.PROD.OUTLOOK.COM&hrs=24
|