IOC Report
original (3).eml

loading gif

Files

File Path
Type
Category
Malicious
original (3).eml
SMTP mail, ASCII text, with very long lines (443), with CRLF line terminators
initial sample
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.Settings.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyHistoryStats.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\message (002).wav
RIFF (little-endian) data, WAVE audio, ITU G.711 mu-law, mono 8000 Hz
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\message (002).wav:Zone.Identifier (copy)
RFC 822 mail, ASCII text, with very long lines (2157), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0 (002).eml:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0.eml
RFC 822 mail, ASCII text, with very long lines (2157), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BF6F62C6-C45C-46C8-90C0-9EC5B8E2B5EA}.tmp
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\INetCache\J46RLDJS\configuration[1].xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb
Extensible storage engine DataBase, version 0x620, checksum 0x694dc516, page size 8192, JustCreated, Windows version 0.0
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb
Extensible storage engine DataBase, version 0x620, checksum 0x6ce520d3, page size 8192, JustCreated, Windows version 0.0
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml~RF680226fb.TMP (copy)
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json.~tmp
JSON data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json~RFccd6eb78.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043089921179800_884E86A1-F4BB-4114-8053-19FBB93DC820.log
ASCII text, with very long lines (28771), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043089921803700_884E86A1-F4BB-4114-8053-19FBB93DC820.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1744490704-7104.etl
data
modified
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1745000058-6584.etl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
Microsoft Word 2007+
dropped
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
There are 29 hidden files, click here to show them.

Domains

Name
IP
Malicious
settings-ssl.xboxlive.com
unknown
grooveuwavideos.streaming.mediaservices.windows.net
unknown

IPs

IP
Domain
Country
Malicious
52.113.194.132
unknown
United States
20.189.173.17
unknown
United States
23.35.228.10
unknown
United States
95.101.148.7
unknown
European Union
52.109.68.130
unknown
United States