Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
original (2).eml
|
SMTP mail, ASCII text, with very long lines (459), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\5E30ZTPO\phish_alert_iocp_v1.10.14 (002).eml:Zone.Identifier
(copy)
|
RFC 822 mail, Unicode text, UTF-8 text, with very long lines (1875), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\5E30ZTPO\phish_alert_iocp_v1.10.14.eml
|
RFC 822 mail, Unicode text, UTF-8 text, with very long lines (1875), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\5E30ZTPO\phish_alert_iocp_v1.10.14.eml:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{4173B987-1056-46A0-92F8-7C240E003E68}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A7ADD1E1-557E-4A86-9F39-193D696B5623}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EC1762B6-512D-48FF-9859-DC58BA902F2B}.tmp
|
DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, userbration:
offset 0.000000, slope 9223372036854775808.000000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727787062561585600_E0D5FC5E-BFFB-4E6F-AE7A-D5ACAA82C21F.log
|
ASCII text, with very long lines (28743), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727787062562460600_E0D5FC5E-BFFB-4E6F-AE7A-D5ACAA82C21F.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T0851020322-7004.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T0851220301-6768.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 11:51:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 11:51:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 11:51:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 11:51:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 11:51:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 204
|
Unicode text, UTF-8 text, with very long lines (63903), with LF, NEL line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
ASCII text, with very long lines (27269)
|
dropped
|
||
|
Chrome Cache Entry: 209
|
ASCII text, with very long lines (340), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 211
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 214
|
HTML document, ASCII text, with very long lines (65448)
|
dropped
|
||
|
Chrome Cache Entry: 217
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 219
|
HTML document, ASCII text, with very long lines (375), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 225
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 226
|
ASCII text, with very long lines (631), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
ASCII text, with very long lines (65443)
|
downloaded
|
||
|
Chrome Cache Entry: 231
|
ASCII text, with very long lines (65438)
|
downloaded
|
||
|
Chrome Cache Entry: 232
|
ASCII text, with very long lines (65453)
|
dropped
|
||
|
Chrome Cache Entry: 234
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 236
|
ASCII text, with very long lines (55759)
|
dropped
|
||
|
Chrome Cache Entry: 237
|
Unicode text, UTF-8 text, with very long lines (62224)
|
downloaded
|
||
|
Chrome Cache Entry: 238
|
Web Open Font Format, TrueType, length 47748, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 239
|
PNG image data, 280 x 160, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 240
|
PNG image data, 79 x 79, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 242
|
ASCII text, with very long lines (7932)
|
dropped
|
||
|
Chrome Cache Entry: 244
|
ASCII text, with very long lines (9320)
|
downloaded
|
||
|
Chrome Cache Entry: 245
|
GIF image data, version 89a, 145 x 60
|
dropped
|
||
|
Chrome Cache Entry: 247
|
ASCII text, with very long lines (65443)
|
downloaded
|
||
|
Chrome Cache Entry: 248
|
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 252
|
Web Open Font Format, TrueType, length 13780, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 255
|
Unicode text, UTF-8 text, with very long lines (16131)
|
downloaded
|
||
|
Chrome Cache Entry: 256
|
Web Open Font Format, CFF, length 33752, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 257
|
ASCII text, with very long lines (65448)
|
downloaded
|
||
|
Chrome Cache Entry: 258
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 260
|
Unicode text, UTF-8 text, with very long lines (62585), with LF, NEL line terminators
|
dropped
|
||
|
Chrome Cache Entry: 263
|
ASCII text, with very long lines (16402)
|
dropped
|
||
|
Chrome Cache Entry: 267
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 268
|
Unicode text, UTF-8 text, with very long lines (65169)
|
downloaded
|
||
|
Chrome Cache Entry: 269
|
Unicode text, UTF-8 text, with very long lines (65448)
|
downloaded
|
||
|
Chrome Cache Entry: 272
|
ASCII text, with very long lines (16730)
|
downloaded
|
||
|
Chrome Cache Entry: 273
|
ASCII text, with very long lines (65448)
|
downloaded
|
||
|
Chrome Cache Entry: 274
|
ASCII text, with very long lines (65440)
|
downloaded
|
||
|
Chrome Cache Entry: 277
|
Unicode text, UTF-8 text, with very long lines (65442)
|
dropped
|
||
|
Chrome Cache Entry: 278
|
Unicode text, UTF-8 text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 279
|
Unicode text, UTF-8 text, with very long lines (65456)
|
dropped
|
||
|
Chrome Cache Entry: 280
|
ASCII text, with very long lines (9662)
|
downloaded
|
||
|
Chrome Cache Entry: 284
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 285
|
ASCII text, with very long lines (11711)
|
downloaded
|
||
|
Chrome Cache Entry: 286
|
ASCII text, with very long lines (65448)
|
downloaded
|
||
|
Chrome Cache Entry: 287
|
ASCII text, with very long lines (12920)
|
dropped
|
||
|
Chrome Cache Entry: 289
|
Unicode text, UTF-8 text, with very long lines (31005)
|
dropped
|
||
|
Chrome Cache Entry: 292
|
ASCII text, with very long lines (47599)
|
downloaded
|
||
|
Chrome Cache Entry: 293
|
ASCII text, with very long lines (65448)
|
dropped
|
||
|
Chrome Cache Entry: 296
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 297
|
ASCII text, with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 298
|
Web Open Font Format, TrueType, length 37560, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 300
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 302
|
ASCII text, with very long lines (16870)
|
downloaded
|
||
|
Chrome Cache Entry: 303
|
Unicode text, UTF-8 text, with very long lines (48118)
|
dropped
|
||
|
Chrome Cache Entry: 304
|
ASCII text, with very long lines (65449)
|
dropped
|
||
|
Chrome Cache Entry: 305
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 306
|
ASCII text, with very long lines (65446)
|
downloaded
|
There are 73 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://eu.docusign.net/Signing/?ti=ac774c8c722f4d669a0896b5dea00f7a
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jpn01.safelinks.eop-tm2.outlook.com
|
52.102.13.60
|
||
|
www.google.com
|
142.250.74.196
|
||
|
api.mixpanel.com
|
107.178.240.159
|
||
|
arya-1323461286.us-west-2.elb.amazonaws.com
|
52.24.162.179
|
||
|
jpn01.safelinks.protection.outlook.com
|
unknown
|
||
|
eu.docusign.net
|
unknown
|
||
|
a.docusign.com
|
unknown
|
||
|
docucdn-a.akamaihd.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
52.113.194.132
|
unknown
|
United States
|
||
|
142.250.186.35
|
unknown
|
United States
|
||
|
34.104.35.123
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
142.251.5.84
|
unknown
|
United States
|
||
|
216.58.206.67
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
52.39.148.28
|
unknown
|
United States
|
||
|
52.109.32.7
|
unknown
|
United States
|
||
|
216.58.206.42
|
unknown
|
United States
|
||
|
52.102.13.60
|
jpn01.safelinks.eop-tm2.outlook.com
|
United States
|
||
|
2.19.126.135
|
unknown
|
European Union
|
||
|
142.250.181.238
|
unknown
|
United States
|
||
|
107.178.240.159
|
api.mixpanel.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
2.19.126.151
|
unknown
|
European Union
|
||
|
142.250.185.174
|
unknown
|
United States
|
||
|
2.16.168.6
|
unknown
|
European Union
|
||
|
52.24.162.179
|
arya-1323461286.us-west-2.elb.amazonaws.com
|
United States
|
||
|
185.81.100.28
|
unknown
|
Germany
|
||
|
52.109.76.144
|
unknown
|
United States
|
||
|
142.250.74.196
|
www.google.com
|
United States
|
||
|
104.208.16.95
|
unknown
|
United States
|
There are 13 hidden IPs, click here to show them.