Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
phish_alert_sp2_2.0.0.0 - 2024-04-26T151509.287.eml
|
RFC 822 mail, ASCII text, with very long lines (2049), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F3E25763-0EFD-458C-9DE5-0E9BA58869BB
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F0F411A3.dat
|
PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\WOGMR6DA\Integraconnect INVOICE Note 507-507 6039
(002).htm:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\WOGMR6DA\Integraconnect INVOICE Note 507-507 6039.htm
|
HTML document, ASCII text, with very long lines (4649), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{78EF2442-6C19-4B16-ADDB-091A005F6ABF}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714162578322616600_8DA77FA3-59D7-4666-914D-AA4B99217CFF.log
|
ASCII text, with very long lines (28760), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714162578323531900_8DA77FA3-59D7-4666-914D-AA4B99217CFF.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240426T2216180126-6188.etl
|
data
|
modified
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:16:36 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:16:36 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:16:36 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:16:36 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:16:36 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
Chrome Cache Entry: 101
|
HTML document, ASCII text, with very long lines (1445), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 102
|
HTML document, ASCII text, with very long lines (59321), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 104
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 105
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 107
|
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 108
|
PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 109
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 110
|
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 111
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 112
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 113
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 114
|
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
|
downloaded
|
||
Chrome Cache Entry: 117
|
ASCII text, with very long lines (42414)
|
downloaded
|
||
Chrome Cache Entry: 119
|
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 120
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 122
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 126
|
ASCII text, with very long lines (1222), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 127
|
Web Open Font Format, TrueType, length 36696, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 128
|
ASCII text, with very long lines (23398), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 130
|
Web Open Font Format, TrueType, length 35970, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 131
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 132
|
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
|
downloaded
|
||
Chrome Cache Entry: 134
|
ASCII text, with very long lines (1437), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 135
|
PNG image data, 48 x 99, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 136
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 137
|
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 140
|
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 141
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 96
|
ASCII text, with very long lines (631)
|
downloaded
|
||
Chrome Cache Entry: 97
|
ASCII text, with very long lines (45667)
|
downloaded
|
||
Chrome Cache Entry: 98
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 99
|
JSON data
|
dropped
|
There are 43 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/yn3dq/0x4AAAAAAAWGBd450pskCIbl/auto/normal
|
|||
file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/WOGMR6DA/Integraconnect%20INVOICE%20Note%20507-507%206039.htm
|
|||
https://nsr.mf67x.com/b3bKZ9K0/#Xapril.gurewitz@integraconnect.com
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
ipapi.co
|
172.67.69.226
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
code.jquery.com
|
151.101.2.137
|
||
d2vgu95hoyrpkh.cloudfront.net
|
18.64.174.30
|
||
challenges.cloudflare.com
|
104.17.3.184
|
||
www.google.com
|
192.178.50.68
|
||
nsr.mf67x.com
|
104.21.57.38
|
||
httpbin.org
|
23.23.165.157
|
||
cdn.socket.io
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.178.50.78
|
unknown
|
United States
|
||
192.178.50.35
|
unknown
|
United States
|
||
52.109.16.52
|
unknown
|
United States
|
||
192.168.2.17
|
unknown
|
unknown
|
||
192.168.2.16
|
unknown
|
unknown
|
||
142.250.64.234
|
unknown
|
United States
|
||
23.23.165.157
|
httpbin.org
|
United States
|
||
104.17.3.184
|
challenges.cloudflare.com
|
United States
|
||
172.217.165.195
|
unknown
|
United States
|
||
172.217.3.68
|
unknown
|
United States
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
172.217.2.206
|
unknown
|
United States
|
||
172.67.69.226
|
ipapi.co
|
United States
|
||
52.113.194.132
|
unknown
|
United States
|
||
142.250.189.131
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
192.178.50.68
|
www.google.com
|
United States
|
||
18.64.174.30
|
d2vgu95hoyrpkh.cloudfront.net
|
United States
|
||
173.194.215.84
|
unknown
|
United States
|
||
104.26.9.44
|
unknown
|
United States
|
||
151.101.2.137
|
code.jquery.com
|
United States
|
||
104.21.57.38
|
nsr.mf67x.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
52.109.28.46
|
unknown
|
United States
|
||
34.196.110.25
|
unknown
|
United States
|
||
52.168.117.168
|
unknown
|
United States
|
||
172.67.189.27
|
unknown
|
United States
|
||
104.17.2.184
|
unknown
|
United States
|
There are 18 hidden IPs, click here to show them.