Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Quarantined Messages(8).zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.Settings.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyHistoryStats.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\992A986F-F13D-4D7D-B6B4-75ACE5DB9E0C
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5DF1C581.dat
|
PNG image data, 602 x 202, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7A2A62C1-D473-41E9-8156-2DD4C4966561}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727883091921341600_28D11753-6F25-4B07-994E-B8F050AFB998.log
|
ASCII text, with very long lines (28724), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727883091922167800_28D11753-6F25-4B07-994E-B8F050AFB998.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T1131310739-6224.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:31:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:31:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:31:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:31:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:31:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
C:\Users\user\Downloads\4b4887e5-e657-4b5a-ac01-92e1067eefaf.tmp
|
PDF document, version 1.4, 1 pages
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf (copy)
|
PDF document, version 1.4, 1 pages
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf.crdownload (copy)
|
PDF document, version 1.4, 1 pages
|
dropped
|
||
Chrome Cache Entry: 176
|
Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 177
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 178
|
Unicode text, UTF-8 text, with very long lines (64537)
|
downloaded
|
||
Chrome Cache Entry: 180
|
PNG image data, 134 x 43, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 181
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 75", baseline, precision 8, 420x594, components 3
|
dropped
|
||
Chrome Cache Entry: 182
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 75", baseline, precision 8, 420x594, components 3
|
downloaded
|
||
Chrome Cache Entry: 183
|
ASCII text, with very long lines (35046), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 184
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 185
|
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 187
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 189
|
Web Open Font Format (Version 2), TrueType, length 18588, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 190
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 192
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 195
|
ASCII text, with very long lines (3115)
|
dropped
|
||
Chrome Cache Entry: 196
|
PNG image data, 1653 x 1013, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 199
|
C++ source, ASCII text, with very long lines (2873)
|
downloaded
|
||
Chrome Cache Entry: 202
|
ASCII text, with very long lines (3115)
|
downloaded
|
||
Chrome Cache Entry: 209
|
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 211
|
C++ source, ASCII text, with very long lines (2015)
|
dropped
|
||
Chrome Cache Entry: 213
|
ASCII text, with very long lines (19948), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 216
|
ASCII text, with very long lines (2586)
|
dropped
|
||
Chrome Cache Entry: 217
|
ASCII text, with very long lines (681), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 219
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
Chrome Cache Entry: 220
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 221
|
ASCII text, with very long lines (2611)
|
dropped
|
||
Chrome Cache Entry: 222
|
ASCII text, with very long lines (786)
|
dropped
|
||
Chrome Cache Entry: 223
|
ASCII text, with very long lines (22860), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 225
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 229
|
ASCII text, with very long lines (4013)
|
downloaded
|
||
Chrome Cache Entry: 231
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 75", baseline, precision 8, 420x594, components 3
|
dropped
|
||
Chrome Cache Entry: 232
|
ASCII text, with very long lines (2079)
|
downloaded
|
||
Chrome Cache Entry: 234
|
ASCII text, with very long lines (62770), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 235
|
Web Open Font Format (Version 2), TrueType, length 130396, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 237
|
HTML document, ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 242
|
ASCII text, with very long lines (8444), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 245
|
ASCII text, with very long lines (5945)
|
dropped
|
||
Chrome Cache Entry: 251
|
JPEG image data, progressive, precision 8, 336x280, components 3
|
dropped
|
||
Chrome Cache Entry: 256
|
ASCII text, with very long lines (46290), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 257
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 258
|
ASCII text, with very long lines (3888)
|
dropped
|
||
Chrome Cache Entry: 263
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 265
|
HTML document, ASCII text, with very long lines (841), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 266
|
HTML document, ASCII text, with very long lines (829), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 268
|
ASCII text, with very long lines (2090)
|
downloaded
|
||
Chrome Cache Entry: 269
|
ASCII text, with very long lines (3819), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 271
|
Web Open Font Format (Version 2), TrueType, length 34184, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 273
|
ASCII text, with very long lines (4816)
|
downloaded
|
||
Chrome Cache Entry: 274
|
HTML document, ASCII text, with very long lines (1763)
|
downloaded
|
||
Chrome Cache Entry: 275
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 75", baseline, precision 8, 420x594, components 3
|
downloaded
|
||
Chrome Cache Entry: 279
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 282
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 284
|
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 285
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 287
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 288
|
ASCII text, with very long lines (4013)
|
dropped
|
||
Chrome Cache Entry: 289
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 291
|
HTML document, ASCII text, with very long lines (634)
|
downloaded
|
||
Chrome Cache Entry: 292
|
ASCII text, with very long lines (1055)
|
downloaded
|
||
Chrome Cache Entry: 296
|
ASCII text, with very long lines (53259)
|
dropped
|
||
Chrome Cache Entry: 297
|
ASCII text, with very long lines (350), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 304
|
ASCII text, with very long lines (1572)
|
downloaded
|
||
Chrome Cache Entry: 307
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1200x849, components
3
|
downloaded
|
||
Chrome Cache Entry: 308
|
ASCII text, with very long lines (5945)
|
downloaded
|
||
Chrome Cache Entry: 311
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 399x209, components
3
|
dropped
|
||
Chrome Cache Entry: 312
|
HTML document, Unicode text, UTF-8 text, with very long lines (65168), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 318
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 320
|
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 322
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 326
|
ASCII text, with very long lines (2222)
|
dropped
|
||
Chrome Cache Entry: 329
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 332
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 333
|
ASCII text, with very long lines (2015)
|
dropped
|
||
Chrome Cache Entry: 334
|
HTML document, ASCII text, with very long lines (624), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 335
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 337
|
GIF image data, version 89a, 256 x 256
|
dropped
|
||
Chrome Cache Entry: 340
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 341
|
ASCII text, with very long lines (2238)
|
downloaded
|
||
Chrome Cache Entry: 342
|
ASCII text, with very long lines (3557)
|
downloaded
|
||
Chrome Cache Entry: 343
|
HTML document, ASCII text, with very long lines (841), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 344
|
HTML document, ASCII text, with very long lines (2008)
|
downloaded
|
||
Chrome Cache Entry: 345
|
HTML document, ASCII text, with very long lines (436), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 346
|
ASCII text, with very long lines (1382)
|
downloaded
|
||
Chrome Cache Entry: 349
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 351
|
HTML document, ASCII text, with very long lines (645), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 352
|
HTML document, ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 353
|
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 354
|
ASCII text, with very long lines (52992)
|
downloaded
|
||
Chrome Cache Entry: 355
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
There are 109 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Downloads/downloaded.pdf
|
|||
https://qr.me-qr.com/za0r2Ead?#google_vignette
|
|||
https://qr.me-qr.com/za0r2Ead?
|
|||
https://cdn2.me-qr.com/pdf/15629776.pdf?time=1687170965
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
um.simpli.fi
|
35.204.158.49
|
||
s.tribalfusion.com
|
172.64.150.63
|
||
static.cloudflareinsights.com
|
104.16.79.73
|
||
cdn2.me-qr.com
|
49.12.126.78
|
||
user-data-eu.bidswitch.net
|
35.214.136.108
|
||
dsp.adkernel.com
|
174.137.133.49
|
||
cdn.w55c.net
|
3.75.111.38
|
||
gcm.ctnsnet.com
|
35.186.193.173
|
||
cm.g.doubleclick.net
|
142.250.186.162
|
||
www.google.com
|
142.250.185.100
|
||
cdn.me-qr.com
|
78.46.57.143
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
ad.doubleclick.net
|
142.250.181.230
|
||
qr.me-qr.com
|
188.114.96.3
|
||
me-qr.com
|
188.114.97.3
|
||
googleads.g.doubleclick.net
|
142.250.184.194
|
||
www3.l.google.com
|
142.250.185.142
|
||
dsum-sec.casalemedia.com
|
172.64.151.101
|
||
ads.travelaudience.com
|
35.190.0.66
|
||
presentation-ams1.turn.com
|
46.228.164.11
|
||
a.tribalfusion.com
|
172.64.150.63
|
||
outspot2-ams.adx.opera.com
|
82.145.213.8
|
||
match.adsby.bidtheatre.com
|
64.227.64.62
|
||
me-ticket.com
|
188.114.97.3
|
||
ib.anycast.adnxs.com
|
37.252.171.21
|
||
s0.2mdn.net
|
142.250.185.134
|
||
impssl.constantcontact.com
|
unknown
|
||
t.adx.opera.com
|
unknown
|
||
pm.w55c.net
|
unknown
|
||
fundingchoicesmessages.google.com
|
unknown
|
||
x.bidswitch.net
|
unknown
|
||
r.turn.com
|
unknown
|
||
c1.adform.net
|
unknown
|
||
ad.turn.com
|
unknown
|
||
ib.adnxs.com
|
unknown
|
||
sync-tm.everesttech.net
|
unknown
|
There are 26 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
35.190.0.66
|
ads.travelaudience.com
|
United States
|
||
35.204.158.49
|
um.simpli.fi
|
United States
|
||
104.18.37.193
|
unknown
|
United States
|
||
142.250.185.100
|
www.google.com
|
United States
|
||
20.189.173.1
|
unknown
|
United States
|
||
142.250.185.226
|
unknown
|
United States
|
||
104.16.80.73
|
unknown
|
United States
|
||
142.250.185.142
|
www3.l.google.com
|
United States
|
||
142.250.186.70
|
unknown
|
United States
|
||
104.18.42.5
|
unknown
|
United States
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
142.250.186.33
|
unknown
|
United States
|
||
174.137.133.49
|
dsp.adkernel.com
|
United States
|
||
142.250.184.230
|
unknown
|
United States
|
||
142.250.184.194
|
googleads.g.doubleclick.net
|
United States
|
||
185.89.210.244
|
unknown
|
Germany
|
||
172.217.18.4
|
unknown
|
United States
|
||
172.217.18.3
|
unknown
|
United States
|
||
172.217.18.6
|
unknown
|
United States
|
||
172.64.150.63
|
s.tribalfusion.com
|
United States
|
||
3.75.111.38
|
cdn.w55c.net
|
United States
|
||
142.250.185.193
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
188.114.97.3
|
me-qr.com
|
European Union
|
||
142.250.185.195
|
unknown
|
United States
|
||
52.109.76.240
|
unknown
|
United States
|
||
82.145.213.8
|
outspot2-ams.adx.opera.com
|
United Kingdom
|
||
172.217.16.198
|
unknown
|
United States
|
||
35.214.136.108
|
user-data-eu.bidswitch.net
|
United States
|
||
216.58.206.72
|
unknown
|
United States
|
||
142.250.185.200
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
142.250.181.230
|
ad.doubleclick.net
|
United States
|
||
172.64.151.101
|
dsum-sec.casalemedia.com
|
United States
|
||
142.250.181.238
|
unknown
|
United States
|
||
46.228.164.11
|
presentation-ams1.turn.com
|
United Kingdom
|
||
142.250.185.163
|
unknown
|
United States
|
||
104.16.79.73
|
static.cloudflareinsights.com
|
United States
|
||
172.217.18.98
|
unknown
|
United States
|
||
66.102.1.84
|
unknown
|
United States
|
||
142.250.186.98
|
unknown
|
United States
|
||
52.113.194.132
|
unknown
|
United States
|
||
49.12.126.78
|
cdn2.me-qr.com
|
Germany
|
||
142.250.185.134
|
s0.2mdn.net
|
United States
|
||
142.250.185.138
|
unknown
|
United States
|
||
35.186.193.173
|
gcm.ctnsnet.com
|
United States
|
||
142.250.181.226
|
unknown
|
United States
|
||
142.250.181.227
|
unknown
|
United States
|
||
142.250.185.174
|
unknown
|
United States
|
||
78.46.57.143
|
cdn.me-qr.com
|
Germany
|
||
188.114.96.3
|
qr.me-qr.com
|
European Union
|
||
64.227.64.62
|
match.adsby.bidtheatre.com
|
United States
|
||
37.252.171.21
|
ib.anycast.adnxs.com
|
European Union
|
There are 43 hidden IPs, click here to show them.