Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Action Desk Support 01 Nov.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
|
data
|
dropped
|
|
|
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
|
|
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_40RegularVersion 4.40;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\718D6FE6-9275-4AB0-A21A-CE0798AF029E
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\23767060.tmp
|
PNG image data, 10 x 18, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2EAC156E.tmp
|
PNG image data, 20 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\397713AC.tmp
|
PNG image data, 18 x 17, 8-bit/color RGBA, non-interlaced
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3D990608.tmp
|
PNG image data, 75 x 50, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B2094156.tmp
|
PNG image data, 10 x 115, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DF736902.tmp
|
PNG image data, 20 x 14, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E0806FD4.tmp
|
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{08E65AE4-42BE-4DDE-89F4-2EFBEAAA91F8}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{6C910AC0-F529-4485-9E2E-344218171E5C}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\open[1].gif
|
GIF image data, version 89a, 1 x 1
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730457841273974300_03117D69-347F-480A-BCC5-CDB3955EAA70.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730457841274734000_03117D69-347F-480A-BCC5-CDB3955EAA70.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241101T0644010037-6948.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DF3F6AA47A4B6E8DBE.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:44:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:44:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:44:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:44:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:44:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Action Desk Support 01 Nov.msg
|
CDFV2 Microsoft Outlook Message
|
dropped
|
||
|
Chrome Cache Entry: 108
|
ASCII text, with very long lines (47671)
|
dropped
|
||
|
Chrome Cache Entry: 109
|
HTML document, ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 112
|
PNG image data, 23 x 78, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
There are 34 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ir.nbaikp3.sa.com/delaw/lawn/koo/sf_rand_string_mixed(24)/maximilian.mueller@scanlab.de
|
82.197.65.139
|
||
|
http://ir.nbaikp3.sa.com/favicon.ico
|
82.197.65.139
|
||
|
https://ecoutura.sa.com/9o93/#Mmaximilian.mueller@scanlab.de
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ir.nbaikp3.sa.com
|
82.197.65.139
|
|
|
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
www.google.co.th
|
142.250.185.227
|
||
|
ecoutura.sa.com
|
188.114.96.3
|
||
|
challenges.cloudflare.com
|
104.18.95.41
|
||
|
www.google.com
|
142.250.186.164
|
||
|
u47331948.ct.sendgrid.net
|
167.89.118.106
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
82.197.65.139
|
ir.nbaikp3.sa.com
|
United Kingdom
|
|
|
|
52.113.194.132
|
unknown
|
United States
|
||
|
142.250.186.46
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
142.250.74.206
|
unknown
|
United States
|
||
|
167.89.118.106
|
u47331948.ct.sendgrid.net
|
United States
|
||
|
52.109.89.18
|
unknown
|
United States
|
||
|
142.250.186.163
|
unknown
|
United States
|
||
|
104.18.94.41
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
|
142.250.185.227
|
www.google.co.th
|
United States
|
||
|
52.109.68.129
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
2.19.126.151
|
unknown
|
European Union
|
||
|
188.114.96.3
|
ecoutura.sa.com
|
European Union
|
||
|
142.250.186.164
|
www.google.com
|
United States
|
||
|
20.42.73.27
|
unknown
|
United States
|
||
|
184.28.90.27
|
unknown
|
United States
|
||
|
142.250.184.227
|
unknown
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
66.102.1.84
|
unknown
|
United States
|
There are 12 hidden IPs, click here to show them.