Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
original (1).eml
|
SMTP mail, ASCII text, with very long lines (459), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
|
|
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_40RegularVersion 4.40;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D9F95C05-CBFE-4448-8EB6-752D35897D1F}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728584504943197800_40569FE3-431E-4839-B2E0-E56988338FE8.log
|
ASCII text, with very long lines (28756), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728584504943970400_40569FE3-431E-4839-B2E0-E56988338FE8.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T1421440727-1084.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:22:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:22:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:22:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:22:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:22:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 176
|
ASCII text, with very long lines (13479), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 177
|
Web Open Font Format, CFF, length 34820, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 179
|
Unicode text, UTF-8 text, with very long lines (42039), with LF, NEL line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 180
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 181
|
ASCII text, with very long lines (544)
|
dropped
|
||
|
Chrome Cache Entry: 182
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
ASCII text, with very long lines (1251)
|
dropped
|
||
|
Chrome Cache Entry: 184
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 185
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
Unicode text, UTF-8 text, with very long lines (60845), with LF, NEL line terminators
|
dropped
|
||
|
Chrome Cache Entry: 188
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 189
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 190
|
ASCII text, with very long lines (65472)
|
downloaded
|
||
|
Chrome Cache Entry: 191
|
ASCII text, with very long lines (65468)
|
dropped
|
||
|
Chrome Cache Entry: 198
|
Web Open Font Format (Version 2), TrueType, length 29516, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 204
|
ASCII text, with very long lines (11376)
|
dropped
|
||
|
Chrome Cache Entry: 209
|
ASCII text, with very long lines (64565)
|
dropped
|
||
|
Chrome Cache Entry: 214
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 215
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 216
|
Web Open Font Format (Version 2), TrueType, length 31436, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
ASCII text, with very long lines (9001)
|
dropped
|
||
|
Chrome Cache Entry: 219
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 223
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 224
|
ASCII text, with very long lines (12153)
|
downloaded
|
||
|
Chrome Cache Entry: 225
|
ASCII text, with very long lines (65446), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 226
|
ASCII text, with very long lines (65451)
|
downloaded
|
||
|
Chrome Cache Entry: 227
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 228
|
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
Web Open Font Format, CFF, length 33752, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 231
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 232
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 234
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 236
|
Web Open Font Format (Version 2), TrueType, length 31644, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 237
|
PNG image data, 1 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 238
|
Unicode text, UTF-8 text, with very long lines (53570), with LF, NEL line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 239
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 242
|
ASCII text, with very long lines (4143)
|
dropped
|
||
|
Chrome Cache Entry: 246
|
ASCII text, with very long lines (39333)
|
dropped
|
||
|
Chrome Cache Entry: 247
|
ASCII text, with very long lines (605)
|
downloaded
|
||
|
Chrome Cache Entry: 248
|
ASCII text, with very long lines (21307)
|
dropped
|
There are 58 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://na4.docusign.net/Signing/EnvelopeIsVoid.aspx?ti=293233687b784c3e92f6ba3125cbb0ef
|
|||
|
https://apps.docusign.com/send/authentication?force_reauth=true
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
cdn.optimizely.com
|
104.18.66.57
|
||
|
www.google.com
|
172.217.18.4
|
||
|
api.mixpanel.com
|
130.211.34.183
|
||
|
account.docusign.com
|
unknown
|
||
|
app.docusign.com
|
unknown
|
||
|
telemetry.docusign.net
|
unknown
|
||
|
na4.docusign.net
|
unknown
|
||
|
docucdn-a.akamaihd.net
|
unknown
|
||
|
apps.docusign.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.100.63.156
|
unknown
|
European Union
|
||
|
142.250.186.67
|
unknown
|
United States
|
||
|
104.18.66.57
|
cdn.optimizely.com
|
United States
|
||
|
130.211.34.183
|
api.mixpanel.com
|
United States
|
||
|
172.217.16.138
|
unknown
|
United States
|
||
|
20.223.9.233
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
185.81.101.86
|
unknown
|
Germany
|
||
|
20.23.73.37
|
unknown
|
United States
|
||
|
74.125.206.84
|
unknown
|
United States
|
||
|
185.81.100.37
|
unknown
|
Germany
|
||
|
107.178.240.159
|
unknown
|
United States
|
||
|
162.248.184.187
|
unknown
|
United States
|
||
|
52.109.89.19
|
unknown
|
United States
|
||
|
162.248.184.189
|
unknown
|
United States
|
||
|
142.250.184.206
|
unknown
|
United States
|
||
|
199.232.210.172
|
bg.microsoft.map.fastly.net
|
United States
|
||
|
2.20.245.140
|
unknown
|
European Union
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
142.250.186.35
|
unknown
|
United States
|
||
|
34.104.35.123
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
172.217.18.4
|
www.google.com
|
United States
|
||
|
2.19.126.218
|
unknown
|
European Union
|
||
|
20.223.14.216
|
unknown
|
United States
|
||
|
185.81.101.38
|
unknown
|
Germany
|
||
|
2.19.126.151
|
unknown
|
European Union
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
52.109.28.48
|
unknown
|
United States
|
||
|
51.105.71.136
|
unknown
|
United Kingdom
|
There are 20 hidden IPs, click here to show them.