Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
original.eml
|
SMTP mail, ASCII text, with very long lines (941), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\07A5AFD8-2E51-46B8-BB9A-5A78114994E4
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\DAFUMPZW\Metalus ACH PAYMENT REAPPLICATION ACCOUNT
#8c54702006c6e13e9d9945016....eml (16.0 KB).msg
|
CDFV2 Microsoft Outlook Message
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\DAFUMPZW\Metalus Remittance_7420249835_11053465 (002).html
|
HTML document, ASCII text, with very long lines (3626), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\DAFUMPZW\Metalus Remittance_7420249835_11053465 (002).html:Zone.Identifier
(copy)
|
HTML document, ASCII text, with very long lines (3626), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\DAFUMPZW\Metalus Remittance_7420249835_11053465 (004).html:Zone.Identifier
(copy)
|
RFC 822 mail, ASCII text, with very long lines (1945), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\DAFUMPZW\Metalus Remittance_7420249835_11053465.html:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\DAFUMPZW\phish_alert_sp2_2.0.0.0.eml
|
RFC 822 mail, ASCII text, with very long lines (1945), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728304518635339000_0F67800D-E4E6-4C95-834E-C44BFA0F4F4C.log
|
ASCII text, with very long lines (28729), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728304518636101500_0F67800D-E4E6-4C95-834E-C44BFA0F4F4C.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T0835180437-6728.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T0835520183-3424.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF00E272ED4C663D98.TMP
|
CDFV2 Microsoft Outlook Message
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF2441CA5237FA7951.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFC31B669EF588DD16.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 11:35:35 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 11:35:35 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 11:35:35 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 11:35:35 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 11:35:35 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 182
|
ASCII text, with very long lines (48316), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 183
|
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 184
|
Unicode text, UTF-16, little-endian text, with very long lines (32681), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 185
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
|
dropped
|
||
|
Chrome Cache Entry: 186
|
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 187
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 193
|
Unicode text, UTF-16, little-endian text, with very long lines (31781)
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
GIF image data, version 89a, 960 x 540
|
dropped
|
||
|
Chrome Cache Entry: 196
|
PNG image data, 80 x 7, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 198
|
Web Open Font Format (Version 2), TrueType, length 22904, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 199
|
ASCII text, with very long lines (65447)
|
dropped
|
||
|
Chrome Cache Entry: 204
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
ASCII text, with very long lines (2674)
|
downloaded
|
||
|
Chrome Cache Entry: 209
|
ASCII text, with very long lines (65451)
|
downloaded
|
||
|
Chrome Cache Entry: 214
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
ASCII text, with very long lines (65398)
|
dropped
|
||
|
Chrome Cache Entry: 219
|
ASCII text, with very long lines (6341), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 220
|
ASCII text, with very long lines (14377), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 221
|
ASCII text, with very long lines (2230), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
ASCII text, with very long lines (14627), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 223
|
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 225
|
ASCII text, with very long lines (3176), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 226
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 228
|
ASCII text, with very long lines (3637)
|
dropped
|
||
|
Chrome Cache Entry: 229
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 231
|
very short file (no magic)
|
downloaded
|
||
|
Chrome Cache Entry: 234
|
ASCII text, with very long lines (4873), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 236
|
ASCII text, with very long lines (2824)
|
dropped
|
||
|
Chrome Cache Entry: 237
|
Unicode text, UTF-8 text, with very long lines (45900)
|
dropped
|
||
|
Chrome Cache Entry: 238
|
ASCII text, with very long lines (34235), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 239
|
ASCII text, with very long lines (1329), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 240
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 241
|
HTML document, ASCII text, with very long lines (1158)
|
downloaded
|
||
|
Chrome Cache Entry: 242
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 149676
|
dropped
|
||
|
Chrome Cache Entry: 244
|
ASCII text, with very long lines (47992), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 245
|
Web Open Font Format (Version 2), TrueType, length 36748, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 246
|
Unicode text, UTF-8 (with BOM) text, with very long lines (26071), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 247
|
ASCII text, with very long lines (65460)
|
downloaded
|
||
|
Chrome Cache Entry: 249
|
Unicode text, UTF-8 (with BOM) text, with very long lines (10387), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 251
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 252
|
Unicode text, UTF-8 text, with very long lines (64241)
|
downloaded
|
||
|
Chrome Cache Entry: 253
|
ASCII text, with very long lines (1789), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 256
|
ASCII text, with very long lines (4370), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 257
|
PNG image data, 350 x 67, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 258
|
ASCII text, with very long lines (2974), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 259
|
ASCII text, with very long lines (17287), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 260
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 261
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 263
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 267
|
ASCII text, with very long lines (65394)
|
downloaded
|
||
|
Chrome Cache Entry: 268
|
Unicode text, UTF-8 text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 269
|
ASCII text, with very long lines (20235), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 270
|
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 272
|
HTML document, ASCII text, with very long lines (13521), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 273
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 279
|
ASCII text, with very long lines (6125), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 280
|
ASCII text, with very long lines (780), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 284
|
ASCII text, with very long lines (42133)
|
downloaded
|
||
|
Chrome Cache Entry: 285
|
Unicode text, UTF-8 text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 286
|
PNG image data, 262 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 288
|
ASCII text, with very long lines (1313), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 289
|
Unicode text, UTF-8 text, with very long lines (56015)
|
dropped
|
||
|
Chrome Cache Entry: 290
|
ASCII text, with very long lines (47261)
|
downloaded
|
||
|
Chrome Cache Entry: 291
|
Web Open Font Format (Version 2), TrueType, length 29888, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 292
|
ASCII text, with very long lines (503)
|
dropped
|
||
|
Chrome Cache Entry: 293
|
ASCII text, with very long lines (2389), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 294
|
Web Open Font Format, TrueType, length 26288, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 296
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 297
|
PNG image data, 12 x 47, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 299
|
ASCII text, with very long lines (30237)
|
downloaded
|
||
|
Chrome Cache Entry: 300
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 304
|
ASCII text, with very long lines (13140)
|
downloaded
|
||
|
Chrome Cache Entry: 305
|
ASCII text, with very long lines (3385), with no line terminators
|
downloaded
|
There are 96 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://cyt.sprenumen.ru/wJPIeL/#V#dlaurence.brochu@metalus.qc.ca
|
|
||
|
https://cyt.sprenumen.ru/wJPIeL/#I#dlaurence.brochu@metalus.qc.ca
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
s-part-0044.t-0009.fb-t-msedge.net
|
13.107.253.72
|
||
|
xqe94soygyl0xmmn7oi0raibl6rn1ojg7he0qyjbvy1xxkrsv028hloblup.zentriva.su
|
188.114.96.3
|
||
|
microsoftwindows.112.2o7.net
|
63.140.62.17
|
||
|
sni1gl.wpc.alphacdn.net
|
152.199.21.175
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
||
|
aka.ms
|
92.122.18.57
|
||
|
s-part-0039.t-0009.t-msedge.net
|
13.107.246.67
|
||
|
noon.com
|
104.17.200.204
|
||
|
web10.pro
|
69.49.245.172
|
||
|
code.jquery.com
|
151.101.66.137
|
||
|
cdnjs.cloudflare.com
|
104.17.24.14
|
||
|
cyt.sprenumen.ru
|
188.114.97.3
|
||
|
challenges.cloudflare.com
|
104.18.95.41
|
||
|
sni1gl.wpc.omegacdn.net
|
152.199.21.175
|
||
|
www.google.com
|
142.250.74.196
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
js.monitor.azure.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
logincdn.msftauth.net
|
unknown
|
||
|
assets.onestore.ms
|
unknown
|
||
|
mem.gfx.ms
|
unknown
|
||
|
c.s-microsoft.com
|
unknown
|
||
|
support.content.office.net
|
unknown
|
||
|
login.microsoftonline.com
|
unknown
|
||
|
acctcdn.msftauth.net
|
unknown
|
||
|
www.noon.com
|
unknown
|
There are 18 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
52.168.117.174
|
unknown
|
United States
|
||
|
142.250.186.68
|
unknown
|
United States
|
||
|
13.107.246.45
|
s-part-0017.t-0009.t-msedge.net
|
United States
|
||
|
95.101.149.131
|
unknown
|
European Union
|
||
|
20.223.35.26
|
unknown
|
United States
|
||
|
2.16.164.121
|
unknown
|
European Union
|
||
|
88.221.110.176
|
unknown
|
European Union
|
||
|
151.101.66.137
|
code.jquery.com
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
52.109.20.38
|
unknown
|
United States
|
||
|
104.102.52.100
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
13.89.179.14
|
unknown
|
United States
|
||
|
74.125.133.84
|
unknown
|
United States
|
||
|
52.109.68.130
|
unknown
|
United States
|
||
|
69.49.245.172
|
web10.pro
|
United States
|
||
|
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
|
63.140.62.17
|
microsoftwindows.112.2o7.net
|
United States
|
||
|
216.58.206.46
|
unknown
|
United States
|
||
|
13.107.253.72
|
s-part-0044.t-0009.fb-t-msedge.net
|
United States
|
||
|
2.19.126.151
|
unknown
|
European Union
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
188.114.97.3
|
cyt.sprenumen.ru
|
European Union
|
||
|
52.182.143.210
|
unknown
|
United States
|
||
|
152.199.21.175
|
sni1gl.wpc.alphacdn.net
|
United States
|
||
|
2.19.224.93
|
unknown
|
European Union
|
||
|
52.109.76.243
|
unknown
|
United States
|
||
|
104.17.25.14
|
unknown
|
United States
|
||
|
2.18.64.214
|
unknown
|
European Union
|
||
|
104.102.41.166
|
unknown
|
United States
|
||
|
104.18.94.41
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
95.101.148.110
|
unknown
|
European Union
|
||
|
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
||
|
104.17.200.204
|
noon.com
|
United States
|
||
|
172.217.23.110
|
unknown
|
United States
|
||
|
184.28.89.233
|
unknown
|
United States
|
||
|
142.250.186.131
|
unknown
|
United States
|
||
|
151.101.194.137
|
unknown
|
United States
|
||
|
142.250.74.196
|
www.google.com
|
United States
|
||
|
142.250.186.138
|
unknown
|
United States
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
13.107.253.45
|
s-part-0017.t-0009.fb-t-msedge.net
|
United States
|
||
|
142.250.181.227
|
unknown
|
United States
|
||
|
20.190.159.4
|
unknown
|
United States
|
||
|
20.190.159.2
|
unknown
|
United States
|
||
|
92.122.18.57
|
aka.ms
|
European Union
|
||
|
188.114.96.3
|
xqe94soygyl0xmmn7oi0raibl6rn1ojg7he0qyjbvy1xxkrsv028hloblup.zentriva.su
|
European Union
|
||
|
20.103.156.88
|
unknown
|
United States
|
||
|
88.221.110.129
|
unknown
|
European Union
|
There are 41 hidden IPs, click here to show them.