Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
phish_alert_sp2_2.0.0.0.eml
|
RFC 822 mail, ASCII text, with very long lines (2221), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{81D9BCCF-B08D-4EE6-95D2-9F86C78F70FE}.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{98B6FBED-2D3A-45E2-9B29-B7ED8A38B307}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\AIP_AlertEmail_Image_2024[1].jpg
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 600x250, components
3
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\icon-three-circle[1].png
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\icon-one-circle[1].png
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\icon-radar[1].png
|
PNG image data, 136 x 136, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\webimage-Image-logo_aip_without_beacon_white_reg[1].png
|
PNG image data, 405 x 133, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\aip-logo-gray[1].png
|
PNG image data, 600 x 196, 4-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\icon-two-circle[1].png
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\open[1].gif
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727885489857496200_70992848-2829-4916-A199-5DC427DA936B.log
|
ASCII text, with very long lines (28743), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727885489858206600_70992848-2829-4916-A199-5DC427DA936B.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T1211290643-6696.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
There are 16 hidden files, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
d3orhvfyxudxxq.cloudfront.net
|
13.33.187.2
|
||
|
url9951.aip.com
|
104.18.24.226
|
||
|
aip.getbynder.com
|
18.66.122.121
|
||
|
images.ctfassets.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
52.113.194.132
|
unknown
|
United States
|
||
|
104.18.24.226
|
url9951.aip.com
|
United States
|
||
|
2.19.126.151
|
unknown
|
European Union
|
||
|
52.109.28.47
|
unknown
|
United States
|
||
|
18.66.122.121
|
aip.getbynder.com
|
United States
|
||
|
52.111.243.43
|
unknown
|
United States
|
||
|
13.33.187.2
|
d3orhvfyxudxxq.cloudfront.net
|
United States
|
||
|
52.182.141.63
|
unknown
|
United States
|