Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Seeking Assistance for Legal Assistance in a Medical Matter.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\MW-3a472122-7dab-4a13-bbad-34a4c913bf53\files\b867728e2fb94adfa8d9d574fa44f90b$dpx$.tmp\393b823aa8821f409caf2aa8798668c0.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
|
|
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
|
|
|
C:\Windows\Installer\MSI900C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BA8BC689-4508-42A7-860E-72A84D5DEA87}.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727809889449589100_788F31EA-2F3C-4272-B9FF-0982A142ACBB.log
|
ASCII text, with very long lines (28767), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727809889450241600_788F31EA-2F3C-4272-B9FF-0982A142ACBB.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-3a472122-7dab-4a13-bbad-34a4c913bf53\files.cab
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 1700848 bytes, 1 file, at 0x2c +A "setup.exe", ID 17323, number 1,
20816 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-3a472122-7dab-4a13-bbad-34a4c913bf53\msiwrapper.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T1511290258-4868.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFC80FC6DE138A2545.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:11:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:11:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:11:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:11:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:11:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\16cd823e-e460-45af-bf8e-0b5f8d92a4e5.tmp
|
ASCII text, with very long lines (16384), with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\81057dd7-b350-4f69-b6a0-fcc073956d9a.tmp
|
ASCII text, with very long lines (32768), with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\MyCase_09.2024_825.js (copy)
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 200405.crdownload
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 3640.crdownload
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Windows\Installer\528ed3.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: install
1.12.645.4, Subject: install, Author: install, Keywords: Installer, Template: Intel;1033, Revision Number: {588221A1-0002-4909-A6D9-8C71C3F5A1C1},
Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of
Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
|
dropped
|
||
|
Chrome Cache Entry: 73
|
HTML document, Unicode text, UTF-8 (with BOM) text
|
downloaded
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (1014), with CRLF, CR, LF line terminators, with overstriking
|
dropped
|
There are 20 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://hub-res.selvas.com/market/fatalraid/zh-HK/hub.html?download_url=https://meatmsges.com
|
52.219.68.204
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
meatmsges.com
|
185.172.129.102
|
|
|
|
svc.ms-acdc-teams.office.com
|
52.123.243.81
|
||
|
urldefense.com
|
52.6.56.188
|
||
|
www.google.com
|
216.58.212.164
|
||
|
googlehosted.l.googleusercontent.com
|
142.250.185.193
|
||
|
s3-website-ap-northeast-1.amazonaws.com
|
52.219.68.204
|
||
|
clients2.googleusercontent.com
|
unknown
|
||
|
hub-res.selvas.com
|
unknown
|
||
|
bzib.nelreports.net
|
unknown
|
||
|
www.docusign.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
|
|
|
185.172.129.102
|
meatmsges.com
|
Russian Federation
|
|
|
|
52.113.194.132
|
unknown
|
United States
|
||
|
142.250.185.99
|
unknown
|
United States
|
||
|
52.219.68.204
|
s3-website-ap-northeast-1.amazonaws.com
|
United States
|
||
|
51.132.193.105
|
unknown
|
United Kingdom
|
||
|
216.58.212.164
|
www.google.com
|
United States
|
||
|
74.125.133.84
|
unknown
|
United States
|
||
|
142.250.181.227
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
52.6.56.188
|
urldefense.com
|
United States
|
There are 1 hidden IPs, click here to show them.