Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SBAFLA TeamCALL marcia.main__ (lo).msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C9133CE7-819D-41F5-9574-BE9873051092
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6788252A.dat
|
PNG image data, 1334 x 550, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{5CDC9F25-2014-45E2-8226-259FFE99C17A}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732134295747013900_24E81801-333B-4186-961E-002732A96AE6.log
|
ASCII text, with very long lines (859), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732134295747861100_24E81801-333B-4186-961E-002732A96AE6.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241120T1524550500-6956.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\~DF11452DC757FBA597.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 104
|
gzip compressed data, from Unix, original size modulo 2^32 190271
|
dropped
|
||
Chrome Cache Entry: 105
|
gzip compressed data, from Unix, original size modulo 2^32 449980
|
downloaded
|
||
Chrome Cache Entry: 107
|
gzip compressed data, from Unix, original size modulo 2^32 113378
|
downloaded
|
||
Chrome Cache Entry: 108
|
gzip compressed data, original size modulo 2^32 3651
|
dropped
|
||
Chrome Cache Entry: 109
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 110
|
gzip compressed data, from Unix, original size modulo 2^32 26681
|
downloaded
|
||
Chrome Cache Entry: 111
|
PNG image data, 305 x 174, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 112
|
gzip compressed data, from Unix, original size modulo 2^32 142365
|
dropped
|
||
Chrome Cache Entry: 113
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 114
|
gzip compressed data, from Unix, original size modulo 2^32 15768
|
downloaded
|
||
Chrome Cache Entry: 115
|
gzip compressed data, from Unix, original size modulo 2^32 3600
|
downloaded
|
||
Chrome Cache Entry: 121
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1527x872, components 3
|
dropped
|
||
Chrome Cache Entry: 122
|
gzip compressed data, from Unix, original size modulo 2^32 407099
|
downloaded
|
||
Chrome Cache Entry: 123
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 124
|
gzip compressed data, original size modulo 2^32 1864
|
dropped
|
||
Chrome Cache Entry: 127
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 129
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
Chrome Cache Entry: 130
|
gzip compressed data, original size modulo 2^32 513
|
downloaded
|
||
Chrome Cache Entry: 93
|
MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24
with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 94
|
gzip compressed data, from Unix, original size modulo 2^32 57443
|
downloaded
|
||
Chrome Cache Entry: 99
|
GIF image data, version 89a, 352 x 3
|
dropped
|
There are 38 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://safrareal.com.br/favicon.ico
|
191.252.128.160
|
||
https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/login
|
|||
https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=true
|
|||
http://safrareal.com.br/yoya/peaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$
|
|||
https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com
|
209.38.225.84
|
||
l1ve.almajapharma.com
|
209.38.225.84
|
||
www.google.com.kw
|
142.250.181.99
|
||
f1e241f6-a55f19a1.almajapharma.com
|
209.38.225.84
|
||
05548fe0-a55f19a1.almajapharma.com
|
209.38.225.84
|
||
09122261-a55f19a1.almajapharma.com
|
209.38.225.84
|
||
19124626-a55f19a1.almajapharma.com
|
209.38.225.84
|
||
www.google.com
|
172.217.21.36
|
||
d63b3b3c-a55f19a1.almajapharma.com
|
209.38.225.84
|
||
0e36e665-a55f19a1.almajapharma.com
|
209.38.225.84
|
||
safrareal.com.br
|
191.252.128.160
|
||
25ea7021-a55f19a1.almajapharma.com
|
209.38.225.84
|
There are 2 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
209.38.225.84
|
l1ve.almajapharma.com
|
United States
|
||
52.113.194.132
|
unknown
|
United States
|
||
172.217.19.206
|
unknown
|
United States
|
||
172.217.19.227
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
172.217.17.46
|
unknown
|
United States
|
||
172.217.17.35
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
20.189.173.12
|
unknown
|
United States
|
||
191.252.128.160
|
safrareal.com.br
|
Brazil
|
||
74.125.205.84
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
52.109.32.97
|
unknown
|
United States
|
||
2.19.126.160
|
unknown
|
European Union
|
||
172.217.19.170
|
unknown
|
United States
|
||
172.217.21.36
|
www.google.com
|
United States
|
||
142.250.181.99
|
www.google.com.kw
|
United States
|
||
52.109.76.243
|
unknown
|
United States
|
There are 8 hidden IPs, click here to show them.