Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

FW_ FHAS Inc_ - Private and Confidential.msg

CDFV2 Microsoft Outlook Message

initial sample

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

SQLite Write-Ahead Log, version 3007000

modified

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\48EBACDA.dat

PNG image data, 157 x 96, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7C20A313.dat

PNG image data, 176 x 44, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\ACA69AFD.dat

PNG image data, 540 x 116, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp

data

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713966153440810300_9D896760-3D20-4F86-9968-C7231F7BD680.log

ASCII text, with very long lines (28768), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713966153441651900_9D896760-3D20-4F86-9968-C7231F7BD680.log

data

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1542330214-3932.etl

data

dropped

C:\Users\user\AppData\Local\Temp\~DFC466553D3B223022.TMP

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Microsoft Outlook email folder (>=2003)

dropped

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

data

dropped

Chrome Cache Entry: 100

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 101

JSON data

dropped

Chrome Cache Entry: 102

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 103

PNG image data, 706 x 512, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 104

PNG image data, 94 x 73, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 105

HTML document, ASCII text, with CRLF line terminators

downloaded

Chrome Cache Entry: 106

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 107

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 108

HTML document, ASCII text, with very long lines (1048)

dropped

Chrome Cache Entry: 109

JSON data

downloaded

Chrome Cache Entry: 110

ASCII text, with very long lines (32065)

downloaded

Chrome Cache Entry: 111

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 112

HTML document, ASCII text, with very long lines (4020)

downloaded

Chrome Cache Entry: 113

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 114

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 115

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 116

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 117

ASCII text, with very long lines (7043), with no line terminators

downloaded

Chrome Cache Entry: 118

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 119

PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 120

PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 121

HTML document, ASCII text, with very long lines (1048)

downloaded

Chrome Cache Entry: 122

ASCII text, with very long lines (7043), with no line terminators

downloaded

Chrome Cache Entry: 123

PNG image data, 706 x 512, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 124

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 125

ASCII text, with very long lines (50758)

downloaded

Chrome Cache Entry: 126

PNG image data, 810 x 276, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 127

HTML document, ASCII text, with very long lines (1048)

dropped

Chrome Cache Entry: 128

ASCII text, with very long lines (65461)

downloaded

Chrome Cache Entry: 129

PNG image data, 714 x 286, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 130

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 131

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 132

PNG image data, 810 x 276, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 133

PNG image data, 714 x 286, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 134

HTML document, ASCII text

downloaded

Chrome Cache Entry: 94

ASCII text, with very long lines (50758)

downloaded

Chrome Cache Entry: 95

ASCII text, with very long lines (32065)

downloaded

Chrome Cache Entry: 96

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 97

PNG image data, 94 x 73, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 98

ASCII text, with very long lines (42414)

downloaded

Chrome Cache Entry: 99

SVG Scalable Vector Graphics image

downloaded

There are 54 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ FHAS Inc_ - Private and Confidential.msg"

Details

Is windows:	true
Is dropped:	false
PID:	3932
Target ID:	0
Parent PID:	4552
Name:	OUTLOOK.EXE
Class:	outlook
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ FHAS Inc_ - Private and Confidential.msg"
Size:	34446744
MD5:	91A5292942864110ED734005B7E005C0
Time:	15:42:33
Date:	24/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x9e0000
Modulesize:	34492416
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Office Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"

Details

Is windows:	true
Is dropped:	false
PID:	5920
Target ID:	2
Parent PID:	3932
Name:	ai.exe
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Commandline:	"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Size:	710048
MD5:	EC652BEDD90E089D9406AFED89A8A8BD
Time:	15:42:34
Date:	24/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6a39c0000
Modulesize:	737280
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0

Details

Is windows:	true
Is dropped:	false
PID:	6480
Target ID:	5
Parent PID:	3932
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	15:42:43
Date:	24/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d6f10000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6776
Target ID:	7
Parent PID:	6480
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	15:42:44
Date:	24/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d6f10000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates a big amount of memory (probably used for heap spraying)	Software Vulnerabilities	Extra Window Memory Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

https://mailvlk.com

unknown

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits

52.146.76.30

https://mailvlk.com/x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2

104.21.50.148

https://mailvlk.com/boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe

104.21.50.148

https://mailvlk.com/1

104.21.50.148

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3

104.17.2.184

https://assets-usa.mkt.dynamics.com/favicon.ico

13.107.246.69

https://mailvlk.com/jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0

104.21.50.148

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870

13.107.246.69

https://mailvlk.com/js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8

104.21.50.148

https://mailvlk.com/js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf

104.21.50.148

https://mailvlk.com/API.php?data=mail&email=rickd@gmail.com&_=1713966201970

104.21.50.148

https://a.nel.cloudflare.com/report/v4?s=4Lncfb%2Bf0ZgvAUhn0ZSU26EkkRYS%2Fy3%2F9%2BRSTmUcjYS%2BZr0GpLA7Q1dyMm6Nj3r6WSqlTzqR%2Bmu5ZoPJbyGe6yZelcsnTuZEL0gAXNQa%2FeIZCP6orypMo6DJJ%2F8yMw%3D%3D

35.190.80.1

https://mailvlk.com/boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5

104.21.50.148

https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557

http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/d

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8

104.17.2.184

http://schema.org

unknown

https://github.com/twbs/bootstrap/graphs/contributors)

unknown

https://mailvlk.com/o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df

104.21.50.148

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3d

unknown

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636

13.107.246.69

https://mailvlk.com/jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba

104.21.50.148

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D

104.17.2.184

https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0

104.47.70.28

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879685459c6269e3/1713966190448/a6aceae44c8468ff349a880897d3c52fb1b769f9be6ebd411bda96dd08a8895e/Fd6jCqic8-nVFty

104.17.2.184

https://mailvlk.com/ASSETS/img/sig-op.svg

104.21.50.148

http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636

87.240.132.72

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870

13.107.246.69

https://mailvlk.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b

104.21.50.148

https://mailvlk.com/ASSETS/img/m_.svg

104.21.50.148

https://mailvlk.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1

104.21.50.148

https://mailvlk.com/

https://mailvlk.com/APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1

104.21.50.148

https://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636

87.240.132.72

https://a.nel.cloudflare.com/report/v4?s=djiRKcdhlVlk2aqZBvP%2Bjmnp1abPn%2BnZFZbJbioW2B1Bkgsecp2vstPS%2B2TRR2dXtz77%2B1QYen%2FvmlZVP30BHgPi8cW%2Fn%2FPb3Xemb2QQHFIHg9%2BUf6IPA9cWexvWhQ%3D%3D

35.190.80.1

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3d

unknown

https://mailvlk.com/o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b

104.21.50.148

https://mailvlk.com/favicon.ico

104.21.50.148

https://getbootstrap.com/)

unknown

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636

52.146.76.30

https://a.nel.cloudflare.com/report/v4?s=iDUvZaCtDpJy3qF6qkuzg7zhpHmebhCTLUFDDABNeySo%2FlMYbME3a7DyNdxlydWBzoHFDmHBneIxt0DzcWkr9XChmzd%2FcJaJe%2B8kNGExQJUuG3M3vFjrwWRSJwQh3g%3D%3D

35.190.80.1

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e1

unknown

https://aka.ms/LearnAboutSenderIdentification

unknown

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3d

unknown

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636

https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2

unknown

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870

13.107.246.69

https://mailvlk.com/x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6

104.21.50.148

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879685459c6269e3

104.17.2.184

https://away.vk.com/away.php?rh=8f363019-e908-47e4-a972-890e8e356326

87.240.137.164

https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpagefo

unknown

https://mailvlk.com/APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd

104.21.50.148

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

There are 46 hidden URLs, click here to show them.

Domains

Name

Malicious

nam10.safelinks.protection.outlook.com

104.47.70.28

a.nel.cloudflare.com

35.190.80.1

away.vk.com

87.240.137.164

part-0041.t-0009.t-msedge.net

13.107.246.69

challenges.cloudflare.com

104.17.2.184

mailvlk.com

104.21.50.148

www.google.com

142.250.141.104

prdia888eus0aks.mkt.dynamics.com

52.146.76.30

vk.com

87.240.132.72

public-usa.mkt.dynamics.com

unknown

assets-usa.mkt.dynamics.com

unknown

There are 1 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

104.47.70.28

nam10.safelinks.protection.outlook.com

United States

13.107.246.69

part-0041.t-0009.t-msedge.net

United States

192.168.2.17

unknown

52.146.76.30

prdia888eus0aks.mkt.dynamics.com

United States

87.240.137.164

away.vk.com

Russian Federation

87.240.132.72

vk.com

Russian Federation

104.21.50.148

mailvlk.com

United States

239.255.255.250

unknown

Reserved

35.190.80.1

a.nel.cloudflare.com

United States

142.250.141.104

www.google.com

United States

104.17.2.184

challenges.cloudflare.com

United States

There are 1 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

CantBootResolution

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

ProfileBeingOpened

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

SessionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

BootDiagnosticsLogFile

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics

OutlookBootFlag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

*41

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

SessionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

ProfileBeingOpened

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings

Accounts

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards

PageSize

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings

Template

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options

WMACUpdated

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options

DefaultKerningLigatures

HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB

@%SystemRoot%\system32\mlang.dll,-4612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046

000b046b

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

BootDiagnosticsLogFile

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

CantBootResolution

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountSignaturesDialogOpen

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

5:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

5:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

$:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

4:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

4:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

c:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

c:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

c:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

c:1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar

WorkDay

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnershipV5

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnershipV4

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnershipV3

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnership

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries

UpdateComplete

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile

MsaDevice

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet

UseRWHlinkNavigation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet

UseRWOSHlinkNavigation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2

11023d05

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents

LastPurgeTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage

OutlookMAPI2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook

EcsRequestPending

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage

OutlookMAPI2Intl_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046

00030429

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry

CacheSyncCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook

Expires

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook

ETag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

ColleagueImport.ColleagueImportAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons

HWND64ForOrphanedNotIcon

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

OneNote.OutlookAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

OscAddin.Connect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

UCAddin.LyncAddin.1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

UmOutlookAddin.FormRegionAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common

SessionId

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018C00B92EA0FCD

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings

Accounts

There are 115 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636

https://mailvlk.com/

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557

https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

There are 3 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
FW_ FHAS Inc_ - Private and Confidential.msg

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFW_ FHAS Inc_ - Private and Confidential.msg

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML

IOC Report
FW_ FHAS Inc_ - Private and Confidential.msg