Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
You have a newly assigned document from Frey Navarro P.L.L.C. .msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\5BGJVHD5\You have a newly assigned document from Frey
Navarro P.L.L.C._.msg
|
CDFV2 Microsoft Outlook Message
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\5BGJVHD5\You have a newly assigned document from Frey
Navarro P.L.L.C._.msg:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF852CBF365BA68408.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 18:10:46 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 18:10:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 18:10:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 18:10:46 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 18:10:45 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
There are 2 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://2763e5d7.4cedadd30c243fcb98593ff6.workers.dev/
|
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a13vu/0x4AAAAAAAXUh7M7FeIw-AKs/auto/normal
|
|||
|
https://app.nearpod.com/presentation?pin=3276AF3CA76BC90253BC6881D8A1A0C2-1
|
|||
|
about:blank
|
|||
|
https://outlook.office365.com/owa/prefetch.aspx
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
d3o14ydqp9l5t3.cloudfront.net
|
108.139.15.29
|
||
|
2763e5d7.4cedadd30c243fcb98593ff6.workers.dev
|
104.21.92.80
|
||
|
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
|
druftchg73f9l.cloudfront.net
|
3.161.163.28
|
||
|
auth.nearpod.com
|
104.18.26.72
|
||
|
np1.nearpod.com
|
104.18.26.72
|
||
|
stats.g.doubleclick.net
|
74.125.138.154
|
||
|
scontent.xx.fbcdn.net
|
31.13.88.13
|
||
|
af3fff3fa63804fcfb4c2e0f3fefe7b1-1455064212.us-east-1.elb.amazonaws.com
|
54.221.7.233
|
||
|
o245736.ingest.sentry.io
|
34.120.195.249
|
||
|
script.hotjar.com
|
18.64.236.128
|
||
|
www.google.com
|
172.217.215.105
|
||
|
part-0023.t-0009.t-msedge.net
|
13.107.213.51
|
||
|
cdn.mxpnl.com
|
35.186.235.23
|
||
|
nearpod.com
|
104.18.26.72
|
||
|
api.nearpod.com
|
104.18.26.72
|
||
|
js.intercomcdn.com
|
18.164.78.19
|
||
|
static-cdn.hotjar.com
|
108.138.106.101
|
||
|
star-mini.c10r.facebook.com
|
31.13.65.36
|
||
|
dxg0fu9ktxs6d.cloudfront.net
|
3.162.103.76
|
||
|
plus.l.google.com
|
64.233.177.138
|
||
|
api-js.mixpanel.com
|
107.178.240.159
|
||
|
widget.intercom.io
|
18.238.171.15
|
||
|
LYH-efz.ms-acdc.office.com
|
52.96.173.162
|
||
|
youtube-ui.l.google.com
|
172.253.124.93
|
||
|
analytics-alv.google.com
|
216.239.38.181
|
||
|
app.nearpod.com
|
104.18.26.72
|
||
|
hub.nearpod.com
|
104.18.26.72
|
||
|
challenges.cloudflare.com
|
104.17.3.184
|
||
|
qa38kaqxuo5.northriverside.store
|
51.89.72.164
|
||
|
d38ybj8g0p5z3m.cloudfront.net
|
3.161.136.51
|
||
|
www.nearpod.com
|
unknown
|
||
|
r.nearpod.com
|
unknown
|
||
|
contentstorage.onenote.office.net
|
unknown
|
||
|
js.live.net
|
unknown
|
||
|
html.nearpod.com
|
unknown
|
||
|
static.hotjar.com
|
unknown
|
||
|
www.youtube.com
|
unknown
|
||
|
www.facebook.com
|
unknown
|
||
|
r4.res.office365.com
|
unknown
|
||
|
www.linkedin.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
connect.facebook.net
|
unknown
|
||
|
px.ads.linkedin.com
|
unknown
|
||
|
outlook.office365.com
|
unknown
|
||
|
snap.licdn.com
|
unknown
|
||
|
cf.nearpod.com
|
unknown
|
||
|
analytics.google.com
|
unknown
|
||
|
mfe.nearpod.com
|
unknown
|
||
|
apis.google.com
|
unknown
|
There are 40 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.217.215.100
|
unknown
|
United States
|
||
|
3.161.163.28
|
druftchg73f9l.cloudfront.net
|
United States
|
||
|
52.109.4.7
|
unknown
|
United States
|
||
|
172.217.215.105
|
www.google.com
|
United States
|
||
|
104.21.92.80
|
2763e5d7.4cedadd30c243fcb98593ff6.workers.dev
|
United States
|
||
|
64.233.177.138
|
plus.l.google.com
|
United States
|
||
|
3.162.103.49
|
unknown
|
United States
|
||
|
31.13.88.13
|
scontent.xx.fbcdn.net
|
Ireland
|
||
|
3.161.163.76
|
unknown
|
United States
|
||
|
74.125.138.154
|
stats.g.doubleclick.net
|
United States
|
||
|
74.125.138.94
|
unknown
|
United States
|
||
|
104.18.27.72
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
23.76.45.254
|
unknown
|
United States
|
||
|
64.233.176.84
|
unknown
|
United States
|
||
|
18.64.236.128
|
script.hotjar.com
|
United States
|
||
|
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
|
13.107.42.14
|
unknown
|
United States
|
||
|
64.233.185.101
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
3.162.103.76
|
dxg0fu9ktxs6d.cloudfront.net
|
United States
|
||
|
104.17.2.184
|
unknown
|
United States
|
||
|
51.89.72.164
|
qa38kaqxuo5.northriverside.store
|
France
|
||
|
216.239.34.178
|
unknown
|
United States
|
||
|
31.13.65.36
|
star-mini.c10r.facebook.com
|
Ireland
|
||
|
142.250.105.84
|
unknown
|
United States
|
||
|
192.168.2.17
|
unknown
|
unknown
|
||
|
216.239.38.181
|
analytics-alv.google.com
|
United States
|
||
|
173.222.249.9
|
unknown
|
United States
|
||
|
104.17.3.184
|
challenges.cloudflare.com
|
United States
|
||
|
107.178.240.159
|
api-js.mixpanel.com
|
United States
|
||
|
52.96.173.162
|
LYH-efz.ms-acdc.office.com
|
United States
|
||
|
142.250.9.94
|
unknown
|
United States
|
||
|
108.139.15.29
|
d3o14ydqp9l5t3.cloudfront.net
|
United States
|
||
|
20.72.98.42
|
unknown
|
United States
|
||
|
18.238.171.15
|
widget.intercom.io
|
United States
|
||
|
31.13.88.35
|
unknown
|
Ireland
|
||
|
40.126.28.20
|
unknown
|
United States
|
||
|
52.178.17.235
|
unknown
|
United States
|
||
|
35.186.235.23
|
cdn.mxpnl.com
|
United States
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
172.253.124.97
|
unknown
|
United States
|
||
|
74.125.136.95
|
unknown
|
United States
|
||
|
3.161.136.51
|
d38ybj8g0p5z3m.cloudfront.net
|
United States
|
||
|
108.138.106.101
|
static-cdn.hotjar.com
|
United States
|
||
|
108.139.15.3
|
unknown
|
United States
|
||
|
172.253.124.93
|
youtube-ui.l.google.com
|
United States
|
||
|
172.253.124.95
|
unknown
|
United States
|
||
|
35.190.25.25
|
unknown
|
United States
|
||
|
18.164.78.19
|
js.intercomcdn.com
|
United States
|
||
|
96.7.224.9
|
unknown
|
United States
|
||
|
54.221.7.233
|
af3fff3fa63804fcfb4c2e0f3fefe7b1-1455064212.us-east-1.elb.amazonaws.com
|
United States
|
||
|
34.120.195.249
|
o245736.ingest.sentry.io
|
United States
|
||
|
104.18.26.72
|
auth.nearpod.com
|
United States
|
There are 44 hidden IPs, click here to show them.