Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Message_2530136.eml
|
RFC 822 mail, ASCII text, with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\~DF38AB43B42ACF7D22.TMP
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 21 06:17:53 2024, Security: 1
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B7A03CAD-6543-4C60-BF25-38626035E38C
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_A33E74DA7C968A4FAAD791D1C0A129DB.dat
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_4A85A5E98BE4C84F99CDDFFC3ACFA73B.dat
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_0F119158559B144896836EE907A91150.dat
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_7ED7791D466B8A47BBF65833E61D07BD.dat
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_C200F461658BC9418AAAA8CB800F9E3B.dat
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_01720CB8571FBF48877809DAA1DC6C55.dat
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1012C6BE.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CC0DDFD5-3D0F-4972-AF53-DE0678E32B30}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13e\AC\Temp\Diagnostics\EXCEL\App1729505697779110700_DCE9EDF8-48BE-4CAF-84B1-4D03C5B23859.log
|
ASCII text, with very long lines (563), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Temp\287956CB.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Temp\CB2F9930.xls:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Temp\Diagnostics\EXCEL\App1729505636383359600_3483C98B-92A0-40EF-9CCA-1F215D09DD70.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Temp\Diagnostics\EXCEL\App1729505636385287300_3483C98B-92A0-40EF-9CCA-1F215D09DD70.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_3791\AC\Temp\msoE356.tmp
|
Microsoft OOXML
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\A249939A.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729505625326018300_9371F6B2-A9CD-4E55-B9B4-04FBBA848210.log
|
ASCII text, with very long lines (858), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729505689505765300_BE67B350-6A09-46EC-9FE3-3627F83A8C3B.log
|
ASCII text, with very long lines (28737), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\E77AE17C.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0613450125-2852.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0614490322-68.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\olkB67A.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF5B3760A4DFB914C9.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFE86C8778867C5DC8.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\213B2CBD.tmp (copy)
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\32730000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\C3720000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\Excel15.xlb (copy)
|
Applesoft BASIC program data, first line number 16
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
|
data
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
There are 37 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
184.30.158.130
|
unknown
|
United States
|
||
52.113.194.132
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
52.168.117.175
|
unknown
|
United States
|
||
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
||
2.19.126.163
|
unknown
|
European Union
|
||
52.109.28.46
|
unknown
|
United States
|
||
2.19.126.160
|
unknown
|
European Union
|
||
20.189.173.18
|
unknown
|
United States
|
||
20.42.73.27
|
unknown
|
United States
|
||
52.109.76.243
|
unknown
|
United States
|
||
52.109.76.144
|
unknown
|
United States
|
||
20.50.201.204
|
unknown
|
United States
|
There are 3 hidden IPs, click here to show them.