Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1368B89F-AE73-49E4-9D63-B10E380A2DC7
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 107
|
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 109
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
|
Chrome Cache Entry: 112
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
ASCII text, with very long lines (65329), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 114
|
ASCII text, with very long lines (45563)
|
downloaded
|
||
|
Chrome Cache Entry: 115
|
ASCII text, with very long lines (39257), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 117
|
ASCII text, with very long lines (37521)
|
downloaded
|
||
|
Chrome Cache Entry: 118
|
HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1500x1013,
components 3
|
dropped
|
||
|
Chrome Cache Entry: 120
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 121
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 123
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 124
|
ASCII text, with very long lines (64612)
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
ASCII text, with very long lines (61177)
|
downloaded
|
||
|
Chrome Cache Entry: 128
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text
|
downloaded
|
||
|
Chrome Cache Entry: 130
|
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 131
|
ASCII text, with very long lines (64616)
|
downloaded
|
||
|
Chrome Cache Entry: 133
|
ASCII text, with very long lines (43896)
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
Unicode text, UTF-8 text, with very long lines (32153)
|
downloaded
|
||
|
Chrome Cache Entry: 136
|
HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
ASCII text, with very long lines (17444)
|
downloaded
|
||
|
Chrome Cache Entry: 139
|
ASCII text, with very long lines (14735)
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
ASCII text, with CRLF line terminators
|
downloaded
|
There are 28 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA
|
|||
|
https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9
|
|||
|
https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=true
|
|||
|
https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dual-spo-0005.spo-msedge.net
|
13.107.136.10
|
||
|
part-0013.t-0009.t-msedge.net
|
13.107.213.41
|
||
|
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
|
www.google.com
|
74.125.136.103
|
||
|
autologon.microsoftazuread-sso.com
|
40.126.32.136
|
||
|
identity.nel.measure.office.net
|
unknown
|
||
|
hilton-my.sharepoint.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
login.microsoftonline.com
|
unknown
|
||
|
m365cdn.nel.measure.office.net
|
unknown
|
||
|
aadcdn.msftauthimages.net
|
unknown
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.138.10
|
unknown
|
United States
|
||
|
52.109.56.128
|
unknown
|
United States
|
||
|
13.107.136.10
|
dual-spo-0005.spo-msedge.net
|
United States
|
||
|
64.233.176.95
|
unknown
|
United States
|
||
|
40.126.28.14
|
unknown
|
United States
|
||
|
192.168.2.17
|
unknown
|
unknown
|
||
|
40.126.29.12
|
unknown
|
United States
|
||
|
52.109.8.36
|
unknown
|
United States
|
||
|
13.107.213.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
|
74.125.136.103
|
www.google.com
|
United States
|
||
|
74.125.138.94
|
unknown
|
United States
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
64.233.177.95
|
unknown
|
United States
|
||
|
23.203.48.61
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
|
142.250.105.100
|
unknown
|
United States
|
||
|
23.213.26.151
|
unknown
|
United States
|
||
|
173.194.219.102
|
unknown
|
United States
|
||
|
173.194.219.84
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
51.105.71.137
|
unknown
|
United Kingdom
|
||
|
40.126.28.11
|
unknown
|
United States
|
||
|
23.47.204.40
|
unknown
|
United States
|
||
|
23.223.31.231
|
unknown
|
United States
|
||
|
40.126.32.136
|
autologon.microsoftazuread-sso.com
|
United States
|
There are 16 hidden IPs, click here to show them.