IOC Report
original (4).eml

loading gif

Files

File Path
Type
Category
Malicious
original (4).eml
SMTP mail, ASCII text, with very long lines (443), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6DE6B2D2-1137-4FD2-973D-0F974698284B
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\153 - NM West Area Ops Full Spreadsheet (002).xlsx
Microsoft Excel 2007+
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\153 - NM West Area Ops Full Spreadsheet (002).xlsx:Zone.Identifier (copy)
RFC 822 mail, ASCII text, with very long lines (793), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\phish_alert_sp2_2.0.0.0.eml
RFC 822 mail, ASCII text, with very long lines (793), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\phish_alert_sp2_2.0.0.0.eml:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\~$153 - NM West Area Ops Full Spreadsheet.xlsx
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Temp\Diagnostics\EXCEL\App1720043457776199400_0F62FBFF-425F-4B2B-A5BD-9B1B92FC4C81.log
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\Diagnostics\EXCEL\App1720043461978768000_7901C45E-FEF4-45AA-96D3-8FC7FA867CA5.log
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\Diagnostics\EXCEL\App1720043461980990400_7901C45E-FEF4-45AA-96D3-8FC7FA867CA5.log
data
dropped
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\msoFE6F.tmp
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043443196736200_7AB9C2C0-9FA7-4FE4-B8ED-443E982C27DF.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1750430023-7088.etl
data
modified
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1750540022-2304.etl
data
dropped
C:\Users\user\AppData\Local\Temp\~DF1934EE0408D94E8E.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFF82DFCCBA15D9A46.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\Excel\5FD20000
Applesoft BASIC program data, first line number 16
dropped
C:\Users\user\AppData\Roaming\Microsoft\Excel\Excel15.xlb (copy)
Applesoft BASIC program data, first line number 16
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
modified
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
There are 27 hidden files, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
s-part-0032.t-0009.t-msedge.net
13.107.246.60

IPs

IP
Domain
Country
Malicious
52.113.194.132
unknown
United States
1.1.1.1
unknown
Australia
52.182.143.209
unknown
United States
52.109.28.47
unknown
United States
52.109.32.97
unknown
United States
2.19.126.160
unknown
European Union
52.109.89.119
unknown
United States
20.189.173.3
unknown
United States
184.28.90.27
unknown
United States
199.232.210.172
bg.microsoft.map.fastly.net
United States
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
There are 1 hidden IPs, click here to show them.