Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
phish_alert_sp2_2.0.0.0.eml
|
RFC 822 mail, ASCII text, with very long lines (1881), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DD6543A7-F502-442D-833F-1D3AA0B10107}.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{F88EAC1A-0FFC-437A-BE0C-45275ED0F21C}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713968076679241300_C5D7C257-A4EF-48A1-8BDD-CA8525B90844.log
|
ASCII text, with very long lines (28772), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713968076680545200_C5D7C257-A4EF-48A1-8BDD-CA8525B90844.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1614360465-5792.etl
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\msoCAFC.tmp
|
GIF image data, version 89a, 15 x 15
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:14:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:14:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:14:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:14:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 13:14:47 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 120
|
ASCII text, with very long lines (3920)
|
downloaded
|
||
|
Chrome Cache Entry: 121
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 122
|
ASCII text, with very long lines (597)
|
downloaded
|
||
|
Chrome Cache Entry: 123
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 124
|
ISO-8859 text, with very long lines (22886), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 125
|
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 126
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
PNG image data, 1226 x 1278, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 128
|
PNG image data, 330 x 33, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 129
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 132
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 133
|
PNG image data, 150 x 610, 8-bit/color RGBA, interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
ASCII text, with very long lines (39769)
|
downloaded
|
||
|
Chrome Cache Entry: 136
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
ASCII text, with very long lines (526), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 139
|
ASCII text, with very long lines (64350)
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 141
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 142
|
ASCII text, with very long lines (547), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 143
|
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 144
|
ASCII text, with very long lines (1082), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 145
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 146
|
HTML document, ASCII text, with very long lines (7698)
|
dropped
|
||
|
Chrome Cache Entry: 147
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 148
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
ASCII text, with very long lines (1281), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 150
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 151
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 153
|
ASCII text, with very long lines (22057), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 154
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 155
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 157
|
PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 158
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 159
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 160
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 165
|
troff or preprocessor input, ASCII text, with very long lines (372)
|
downloaded
|
||
|
Chrome Cache Entry: 166
|
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
|
downloaded
|
||
|
Chrome Cache Entry: 167
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
ASCII text, with very long lines (32405)
|
downloaded
|
||
|
Chrome Cache Entry: 170
|
ASCII text, with very long lines (1572)
|
downloaded
|
||
|
Chrome Cache Entry: 171
|
ASCII text, with very long lines (377)
|
downloaded
|
||
|
Chrome Cache Entry: 172
|
ASCII text, with very long lines (5140)
|
downloaded
|
||
|
Chrome Cache Entry: 173
|
PNG image data, 223 x 97, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 174
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 175
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 176
|
ASCII text, with very long lines (23033), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 177
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 178
|
ASCII text, with very long lines (4942)
|
downloaded
|
||
|
Chrome Cache Entry: 179
|
ASCII text, with very long lines (23080), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 180
|
PNG image data, 48 x 48, 4-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 181
|
HTML document, ASCII text, with very long lines (2020)
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
troff or preprocessor input, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
HTML document, ASCII text, with very long lines (603), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 186
|
ASCII text, with very long lines (1838)
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
HTML document, ASCII text, with very long lines (930), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
ASCII text, with very long lines (32061)
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
ASCII text, with very long lines (1321)
|
downloaded
|
||
|
Chrome Cache Entry: 191
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 195
|
HTML document, ASCII text, with very long lines (829), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 196
|
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 199
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 201
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 202
|
ASCII text, with very long lines (1222), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 203
|
ASCII text, with very long lines (20763)
|
downloaded
|
||
|
Chrome Cache Entry: 204
|
ASCII text, with very long lines (56412), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 206
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 208
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 209
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 210
|
ASCII text, with very long lines (17683)
|
downloaded
|
||
|
Chrome Cache Entry: 212
|
ASCII text, with very long lines (63262), with no line terminators
|
downloaded
|
There are 85 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5492287467086779&output=html&adk=1812271804&adf=3025194257&lmt=1713968094&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fhrmievents.com%2Fupcoming_webinars%3Fproduct_id%3D213&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713968092386&bpp=5&bdt=4859&idt=1641&shv=r20240422&mjsv=m202404180101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=4379616410268&frm=20&pv=2&ga_vid=1224207607.1713968094&ga_sid=1713968094&ga_hid=2028729357&ga_fc=0&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95328447%2C95331042%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=3592243322683707&tmod=977650135&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1663
|
|||
|
https://www.google.com/recaptcha/api2/bframe?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&k=6LcO8cMaAAAAALdAzfMVgM4Oy3rsvurSqiESa9yI
|
|||
|
https://m.stripe.network/inner.html#url=https%3A%2F%2Fhrmievents.com%2Fupcoming_webinars%3Fproduct_id%3D213&title=Marijuana%20In%20The%20Workplace%20-%202024%20State%20%26%20Federal%20Laws%2C%20Mandated%20Coverage%2C%20Testing%20Challenges%20%26%20More&referrer=&muid=NA&sid=NA&version=6&preview=false
|
|||
|
about:blank
|
|||
|
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcO8cMaAAAAALdAzfMVgM4Oy3rsvurSqiESa9yI&co=aHR0cHM6Ly9ocm1pZXZlbnRzLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&cb=opldvzoh5ilq
|
|||
|
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fhrmievents.com%2Fupcoming_webinars%3Fproduct_id%3D213&title=Marijuana%20In%20The%20Workplace%20-%202024%20State%20%26%20Federal%20Laws%2C%20Mandated%20Coverage%2C%20Testing%20Challenges%20%26%20More&referrer=&muid=NA&sid=NA&version=6&preview=false
|
|||
|
https://www.google.com/recaptcha/api2/aframe
|
|||
|
https://hrmievents.com/upcoming_webinars?product_id=213
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
star-mini.c10r.facebook.com
|
31.13.70.36
|
||
|
d1tcqh4bio8cty.cloudfront.net
|
108.138.246.34
|
||
|
scontent.xx.fbcdn.net
|
31.13.70.7
|
||
|
mylivechat.com
|
52.117.22.28
|
||
|
a5.mylivechat.com
|
52.117.22.24
|
||
|
googleads.g.doubleclick.net
|
74.125.137.154
|
||
|
m.stripe.com
|
44.237.131.121
|
||
|
dexeqbeb7giwr.cloudfront.net
|
18.154.132.35
|
||
|
stripe.com
|
198.202.176.201
|
||
|
www.google.com
|
142.250.141.106
|
||
|
hrmievents.com
|
70.40.212.100
|
||
|
cmtd1.com
|
192.99.218.232
|
||
|
www.facebook.com
|
unknown
|
||
|
m.stripe.network
|
unknown
|
||
|
js.stripe.com
|
unknown
|
||
|
connect.facebook.net
|
unknown
|
There are 6 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
||
|
198.202.176.201
|
stripe.com
|
United States
|
||
|
142.251.2.84
|
unknown
|
United States
|
||
|
74.125.137.154
|
googleads.g.doubleclick.net
|
United States
|
||
|
142.250.101.132
|
unknown
|
United States
|
||
|
20.42.65.89
|
unknown
|
United States
|
||
|
142.251.2.113
|
unknown
|
United States
|
||
|
142.251.2.138
|
unknown
|
United States
|
||
|
142.250.141.105
|
unknown
|
United States
|
||
|
142.250.141.106
|
www.google.com
|
United States
|
||
|
108.138.246.34
|
d1tcqh4bio8cty.cloudfront.net
|
United States
|
||
|
142.251.2.154
|
unknown
|
United States
|
||
|
142.251.2.156
|
unknown
|
United States
|
||
|
142.251.2.155
|
unknown
|
United States
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
31.13.70.36
|
star-mini.c10r.facebook.com
|
Ireland
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
18.154.132.35
|
dexeqbeb7giwr.cloudfront.net
|
United States
|
||
|
192.99.218.232
|
cmtd1.com
|
Canada
|
||
|
44.237.131.121
|
m.stripe.com
|
United States
|
||
|
52.117.22.28
|
mylivechat.com
|
United States
|
||
|
52.117.22.24
|
a5.mylivechat.com
|
United States
|
||
|
142.251.2.95
|
unknown
|
United States
|
||
|
142.251.2.94
|
unknown
|
United States
|
||
|
13.225.142.77
|
unknown
|
United States
|
||
|
74.125.137.104
|
unknown
|
United States
|
||
|
44.233.205.94
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
31.13.70.7
|
scontent.xx.fbcdn.net
|
Ireland
|
||
|
142.250.101.95
|
unknown
|
United States
|
||
|
70.40.212.100
|
hrmievents.com
|
United States
|
||
|
142.250.101.94
|
unknown
|
United States
|
||
|
74.125.137.94
|
unknown
|
United States
|
||
|
142.250.141.155
|
unknown
|
United States
|
There are 24 hidden IPs, click here to show them.