Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
email.eml
|
RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_40RegularVersion 4.40;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\35C5BC82.tmp
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\502ADF6E.dat
|
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8SZEA0ME\940-CJV-000-GEN-MOS-00001_DRS (A) - Copy
(002).xlsx:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8SZEA0ME\~$940-CJV-000-GEN-MOS-00001_DRS (A) - Copy.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{04AA47F8-4D19-44A1-B5E3-33F1447083B5}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\1924FFB3.png
|
PNG image data, 352 x 332, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\358ED395.png
|
PNG image data, 155 x 116, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\4923B0E4.png
|
PNG image data, 270 x 87, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\4A1B1C92.png
|
PNG image data, 221 x 258, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\72E293E6.png
|
PNG image data, 369 x 137, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\8DE526AF.png
|
PNG image data, 527 x 96, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\Diagnostics\EXCEL\App1729504271598345200_5C856275-EEE5-4A24-8349-DBC88E78744F.log
|
ASCII text, with very long lines (857), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\Diagnostics\EXCEL\App1729504271601968200_5C856275-EEE5-4A24-8349-DBC88E78744F.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\E9928739.png
|
PNG image data, 3331 x 673, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\FD3D4E18.png
|
PNG image data, 411 x 397, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\mso8747.tmp
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\79D18FE0.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0550250967-6964.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\olkD368.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Excel\Excel15.xlb (copy)
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Excel\FC630000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:52:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:52:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:52:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:52:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:52:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 967
|
ASCII text, with very long lines (4226)
|
downloaded
|
||
|
Chrome Cache Entry: 968
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 969
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 970
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 971
|
ASCII text, with very long lines (5162), with no line terminators
|
downloaded
|
There are 40 hidden files, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
plus.l.google.com
|
142.250.184.206
|
||
|
play.google.com
|
142.250.185.142
|
||
|
www.google.com
|
172.217.16.196
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
52.113.194.132
|
unknown
|
United States
|
||
|
88.221.125.185
|
unknown
|
European Union
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
52.182.141.63
|
unknown
|
United States
|
||
|
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
||
|
23.211.8.90
|
unknown
|
United States
|
||
|
52.109.28.48
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
52.109.28.47
|
unknown
|
United States
|
||
|
2.19.126.160
|
unknown
|
European Union
|
||
|
52.109.28.46
|
unknown
|
United States
|
||
|
52.168.112.67
|
unknown
|
United States
|
||
|
172.217.16.196
|
www.google.com
|
United States
|
||
|
2.18.64.138
|
unknown
|
European Union
|
There are 4 hidden IPs, click here to show them.