Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SPECIAL PARTY INVITATION FROM DON & LINDA HUFFMAN.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E4E1DAE.dat
|
PNG image data, 552 x 112, 8-bit colormap, interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\387F9BF8.dat
|
PNG image data, 266 x 220, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3AB943F6.htm
|
GIF image data, version 87a, 1 x 1
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3DCF7A8.htm
|
PNG image data, 510 x 120, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\524BFB83.htm
|
PNG image data, 435 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5FC8D5D7.dat
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6C4D8389.y3RhnFQ--~D
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 524x372, components
3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\808FD4FD.dat
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8EA47CC6.dat
|
PNG image data, 66 x 74, 8-bit colormap, interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A2DF9EDA.dat
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C46585EC.dat
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E1EFED13.dat
|
PNG image data, 225 x 220, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F1D7BB99.dat
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 222x220,
components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8DF620A4-404F-4668-A4E5-FE4F2BED226F}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732121438864112800_85883C4F-2985-45B4-904A-62F0670E1BC6.log
|
ASCII text, with very long lines (28773), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732121438864929300_85883C4F-2985-45B4-904A-62F0670E1BC6.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241120T1150380600-6284.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFFFE5D97A2F82A9A5.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 102
|
ASCII text, with very long lines (26548)
|
downloaded
|
||
Chrome Cache Entry: 103
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 104
|
ASCII text, with very long lines (32038)
|
dropped
|
||
Chrome Cache Entry: 107
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 108
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 91
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 93
|
ASCII text, with very long lines (9476)
|
downloaded
|
||
Chrome Cache Entry: 96
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 97
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 99
|
PNG image data, 250 x 92, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 34 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://clicktime.cloud.postoffice.net/clicktime.php?U=https://punchmeetdirect.info/&E=mbaker%40firstfedweb.com&X=XID170CkgR4R5051Xd2&T=FF1001&HV=U,E,X,T&H=7657709960056573da15999e9daa042b06812829
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
google.com
|
142.250.181.110
|
||
fd-geo-ec.gy1.b.yahoodns.net
|
87.248.114.16
|
||
cloud.postoffice.net
|
165.212.65.209
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
clicktime.cloud.postoffice.net
|
165.212.65.140
|
||
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
www.google.com
|
142.250.181.68
|
||
augloop.office.com
|
unknown
|
||
punchmeetdirect.info
|
unknown
|
||
ecp.yusercontent.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
172.217.19.238
|
unknown
|
United States
|
||
165.212.65.209
|
cloud.postoffice.net
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
172.217.17.35
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
52.111.252.7
|
unknown
|
United States
|
||
52.111.252.16
|
unknown
|
United States
|
||
216.58.208.234
|
unknown
|
United States
|
||
165.212.65.140
|
clicktime.cloud.postoffice.net
|
United States
|
||
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
8.8.8.8
|
unknown
|
United States
|
||
52.109.68.129
|
unknown
|
United States
|
||
74.125.205.84
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
87.248.114.16
|
fd-geo-ec.gy1.b.yahoodns.net
|
United Kingdom
|
||
52.109.32.97
|
unknown
|
United States
|
||
142.250.181.68
|
www.google.com
|
United States
|
||
172.217.21.35
|
unknown
|
United States
|
||
51.116.253.168
|
unknown
|
United Kingdom
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 11 hidden IPs, click here to show them.