Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Salary Increment.eml
|
RFC 822 mail, ASCII text, with very long lines (2605), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AB36553B-113B-4FC0-8717-141CCFCB4A92
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2E692B08-ADC1-427A-B043-AA533C88DD47}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724782392370735200_49B920F3-1C52-40CE-93C5-B72621957C81.log
|
ASCII text, with very long lines (28758), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724782392372650800_49B920F3-1C52-40CE-93C5-B72621957C81.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1413120126-6884.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:13:27 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
Chrome Cache Entry: 101
|
Web Open Font Format, CFF, length 34820, version 0.0
|
downloaded
|
||
Chrome Cache Entry: 102
|
ASCII text, with very long lines (65446), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 103
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 104
|
ASCII text, with very long lines (13479), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 105
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 107
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 87
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 88
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 90
|
Web Open Font Format, CFF, length 33752, version 0.0
|
downloaded
|
||
Chrome Cache Entry: 92
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 93
|
Web Open Font Format, TrueType, length 37560, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 94
|
Web Open Font Format, TrueType, length 47748, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 95
|
PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 96
|
ASCII text
|
downloaded
|
There are 22 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://ca.docusign.net/Signing/Error.aspx?scope=e6fb5c34-17d2-4062-9499-68bfb8add554
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
www.google.com
|
142.250.185.164
|
||
api.mixpanel.com
|
35.186.241.51
|
||
linkprotect.cudasvc.com
|
3.121.135.153
|
||
docucdn-a.akamaihd.net
|
unknown
|
||
ca.docusign.net
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
35.186.241.51
|
api.mixpanel.com
|
United States
|
||
142.250.185.206
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
23.47.50.225
|
unknown
|
United States
|
||
2.16.238.157
|
unknown
|
European Union
|
||
192.168.2.17
|
unknown
|
unknown
|
||
173.194.76.84
|
unknown
|
United States
|
||
192.168.2.18
|
unknown
|
unknown
|
||
142.250.181.227
|
unknown
|
United States
|
||
20.50.201.200
|
unknown
|
United States
|
||
107.178.240.159
|
unknown
|
United States
|
||
108.177.122.139
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.185.163
|
unknown
|
United States
|
||
142.250.185.164
|
www.google.com
|
United States
|
||
52.109.28.46
|
unknown
|
United States
|
||
3.121.135.153
|
linkprotect.cudasvc.com
|
United States
|
||
52.235.63.109
|
unknown
|
United States
|
There are 9 hidden IPs, click here to show them.