Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
original.eml
|
SMTP mail, ASCII text, with very long lines (459), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\E41GSA0M\phish_alert_sp2_2.0.0.0 (002).eml:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\E41GSA0M\phish_alert_sp2_2.0.0.0.eml
|
RFC 822 mail, ASCII text, with very long lines (2009), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0210319F-BF98-40B1-8B69-082CEDF86276}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{29D18D83-050A-4C3A-B675-A4D88D873E87}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8847089B-1D7C-40C3-AE0C-23C9CC21C1AF}.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728587032161820100_1EBEEAE7-3F40-40AC-A73C-D7A02729BCB9.log
|
ASCII text, with very long lines (28776), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728587032162706300_1EBEEAE7-3F40-40AC-A73C-D7A02729BCB9.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T1503510922-7040.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T1504020068-6780.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:04:14 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:04:14 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:04:14 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:04:14 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:04:14 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 126
|
Web Open Font Format (Version 2), TrueType, length 29088, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
Unicode text, UTF-8 text, with very long lines (65521), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 128
|
HTML document, ASCII text, with very long lines (4766)
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
ASCII text, with very long lines (64995)
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
PNG image data, 973 x 163, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 135
|
HTML document, Unicode text, UTF-8 text, with very long lines (1183)
|
downloaded
|
||
|
Chrome Cache Entry: 136
|
Web Open Font Format (Version 2), TrueType, length 29452, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 141
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 142
|
ASCII text, with very long lines (2345), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 145
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 147
|
HTML document, Unicode text, UTF-8 text, with very long lines (1183)
|
downloaded
|
||
|
Chrome Cache Entry: 148
|
ASCII text, with very long lines (64695)
|
downloaded
|
||
|
Chrome Cache Entry: 151
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
ASCII text, with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 153
|
PNG image data, 170 x 170, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 154
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 155
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 157
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 159
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 164
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 166
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
ASCII text, with very long lines (6187)
|
dropped
|
||
|
Chrome Cache Entry: 174
|
ASCII text, with very long lines (505)
|
downloaded
|
||
|
Chrome Cache Entry: 176
|
Web Open Font Format (Version 2), TrueType, length 29604, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 177
|
Web Open Font Format (Version 2), TrueType, length 53724, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 178
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 180
|
ASCII text, with very long lines (413)
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
Unicode text, UTF-8 text, with very long lines (41169)
|
dropped
|
||
|
Chrome Cache Entry: 183
|
ASCII text, with very long lines (34202)
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
ASCII text, with very long lines (4201)
|
dropped
|
||
|
Chrome Cache Entry: 185
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 186
|
ASCII text, with very long lines (2878)
|
dropped
|
||
|
Chrome Cache Entry: 187
|
Unicode text, UTF-8 text, with very long lines (1064)
|
dropped
|
||
|
Chrome Cache Entry: 191
|
ASCII text, with very long lines (4201)
|
downloaded
|
||
|
Chrome Cache Entry: 193
|
ASCII text, with very long lines (9217)
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
HTML document, Unicode text, UTF-8 text, with very long lines (1183)
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
ASCII text, with very long lines (5552)
|
downloaded
|
There are 50 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-rencontre-informative-manfred?utm_campaign=outreach&utm_medium=email_signature&utm_content=signature_link&utm_source=helloDarwin&uuid=3da671d7-eae0-412e-88e4-a6d1a2500401
|
|||
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-rencontre-informative-manfred?uuid=deb22342-af38-47f9-b8a2-bf947bf43d35
|
|||
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-rencontre-informative-manfred
|
|||
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-informative-meeting-grants-manfred?utm_campaign=outreach&utm_medium=email_signature&utm_content=signature_link&utm_source=helloDarwin&uuid=b5295abd-b266-41cc-9c52-93472f0e3374
|
|||
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-rencontre-informative-manfred?uuid=a1a64b30-db27-497f-b90c-40f8660966d4
|
|||
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-informative-meeting-grants-manfred?utm_campaign=outreach&utm_medium=email_signature&utm_content=signature_link&utm_source=helloDarwin
|
|||
|
https://meetings.hubspot.com/manfred-jeanty/acquisition-client-rencontre-informative-manfred?utm_campaign=outreach&utm_medium=email_signature&utm_content=signature_link&utm_source=helloDarwin
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
js.hs-banner.com
|
104.18.40.240
|
||
|
star-mini.c10r.facebook.com
|
157.240.251.35
|
||
|
meetings.hubspot.com
|
104.16.118.116
|
||
|
static.hsappstatic.net
|
104.17.173.91
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
21902860.fs1.hubspotusercontent-na1.net
|
104.18.41.124
|
||
|
app.hubspot.com
|
104.16.117.116
|
||
|
metrics-fe-na1.hubspot.com
|
104.16.118.116
|
||
|
js.hubspot.com
|
104.16.117.116
|
||
|
js.hsadspixel.net
|
104.17.223.152
|
||
|
d2b5gx04.na1.hs-sales-engage.com
|
104.18.38.91
|
||
|
exceptions.hubspot.com
|
104.16.117.116
|
||
|
js.hs-analytics.net
|
104.16.160.168
|
||
|
can01.safelinks.eop-tm2.outlook.com
|
104.47.75.220
|
||
|
api.hubspot.com
|
104.16.118.116
|
||
|
scontent.xx.fbcdn.net
|
157.240.0.6
|
||
|
avatars.hubspot.net
|
104.18.87.62
|
||
|
track.hubspot.com
|
104.16.117.116
|
||
|
googleads.g.doubleclick.net
|
142.250.181.226
|
||
|
js.hs-scripts.com
|
104.16.137.209
|
||
|
api.hubapi.com
|
104.18.241.108
|
||
|
www.google.com
|
142.250.185.164
|
||
|
js.usemessages.com
|
104.16.79.142
|
||
|
td.doubleclick.net
|
142.250.185.98
|
||
|
can01.safelinks.protection.outlook.com
|
unknown
|
||
|
www.facebook.com
|
unknown
|
||
|
www.linkedin.com
|
unknown
|
||
|
connect.facebook.net
|
unknown
|
||
|
px.ads.linkedin.com
|
unknown
|
||
|
snap.licdn.com
|
unknown
|
There are 20 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.74.202
|
unknown
|
United States
|
||
|
216.58.206.72
|
unknown
|
United States
|
||
|
104.16.79.142
|
js.usemessages.com
|
United States
|
||
|
172.217.18.14
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
52.109.89.119
|
unknown
|
United States
|
||
|
142.250.185.226
|
unknown
|
United States
|
||
|
157.240.0.6
|
scontent.xx.fbcdn.net
|
United States
|
||
|
142.250.181.232
|
unknown
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
104.16.118.116
|
meetings.hubspot.com
|
United States
|
||
|
104.18.40.240
|
js.hs-banner.com
|
United States
|
||
|
142.250.185.164
|
www.google.com
|
United States
|
||
|
104.16.160.168
|
js.hs-analytics.net
|
United States
|
||
|
142.250.186.131
|
unknown
|
United States
|
||
|
13.89.178.26
|
unknown
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
104.16.138.209
|
unknown
|
United States
|
||
|
104.17.128.172
|
unknown
|
United States
|
||
|
88.221.110.136
|
unknown
|
European Union
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
104.18.87.62
|
avatars.hubspot.net
|
United States
|
||
|
142.250.110.84
|
unknown
|
United States
|
||
|
104.18.41.41
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
104.18.38.91
|
d2b5gx04.na1.hs-sales-engage.com
|
United States
|
||
|
104.18.241.108
|
api.hubapi.com
|
United States
|
||
|
157.240.0.35
|
unknown
|
United States
|
||
|
104.16.137.209
|
js.hs-scripts.com
|
United States
|
||
|
104.16.77.142
|
unknown
|
United States
|
||
|
13.107.42.14
|
unknown
|
United States
|
||
|
142.250.181.226
|
googleads.g.doubleclick.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
104.17.173.91
|
static.hsappstatic.net
|
United States
|
||
|
104.18.41.124
|
21902860.fs1.hubspotusercontent-na1.net
|
United States
|
||
|
104.47.75.220
|
can01.safelinks.eop-tm2.outlook.com
|
United States
|
||
|
104.17.175.91
|
unknown
|
United States
|
||
|
142.250.184.238
|
unknown
|
United States
|
||
|
157.240.253.35
|
unknown
|
United States
|
||
|
104.16.117.116
|
app.hubspot.com
|
United States
|
||
|
104.17.223.152
|
js.hsadspixel.net
|
United States
|
||
|
157.240.251.35
|
star-mini.c10r.facebook.com
|
United States
|
||
|
172.217.16.195
|
unknown
|
United States
|
||
|
142.250.185.98
|
td.doubleclick.net
|
United States
|
There are 34 hidden IPs, click here to show them.