Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0908140165-6432.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Downloads\097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp
|
vCalendar calendar file
|
dropped
|
||
C:\Users\user\Downloads\EventCalendarServlet.ics (copy)
|
vCalendar calendar file
|
dropped
|
||
C:\Users\user\Downloads\EventCalendarServlet.ics.crdownload (copy)
|
vCalendar calendar file
|
dropped
|
||
Chrome Cache Entry: 61
|
vCalendar calendar file
|
downloaded
|
There are 2 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D"
|
||
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Downloads\EventCalendarServlet.ics"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D
|
|||
http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FC
|
unknown
|
||
https://event.on24.com/eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D
|
199.83.44.71
|
||
https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1
|
unknown
|
||
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D
|
199.83.44.68
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
www.google.com
|
142.250.185.164
|
||
r-email.sg.on24event.com
|
199.83.44.68
|
||
r-event.on24.com
|
199.83.44.71
|
||
event.on24.com
|
unknown
|
||
email.sg.on24event.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
239.255.255.250
|
unknown
|
Reserved
|
||
199.83.44.71
|
r-event.on24.com
|
United States
|
||
142.250.185.164
|
www.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
192.168.2.9
|
unknown
|
unknown
|
||
199.83.44.68
|
r-email.sg.on24event.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6432
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|