IOC Report
phish_alert_sp2_2.0.0.0.eml

Files

File Path

Type

Category

Malicious

Download

phish_alert_sp2_2.0.0.0.eml

RFC 822 mail, ASCII text, with very long lines (2137), with CRLF line terminators

initial sample

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\01D9AD88-24AC-49A4-9EC1-1BB83F814805

XML 1.0 document, ASCII text, with CRLF line terminators

modified

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

SQLite Rollback Journal

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

SQLite Write-Ahead Log, version 3007000

modified

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{483B28B5-DC53-44F0-9283-B09A6CF0AB83}.tmp

data

dropped

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7D731D1C-234D-4693-90A2-D812993FC5DB

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

data

modified

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

data

dropped

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

MS Windows registry file, NT/2000 or above

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1722544357985570900_B73AB043-0867-44D0-83DA-992166307611.log

ASCII text, with very long lines (28730), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1722544357986312000_B73AB043-0867-44D0-83DA-992166307611.log

data

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240801T1632370773-6156.etl

data

modified

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

Composite Document File V2 Document, Cannot read section info

dropped

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Microsoft Outlook email folder (>=2003)

dropped

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

data

dropped

There are 10 hidden files, click here to show them.

IPs

IP

Domain

Country

Malicious

52.113.194.132

unknown

United States

2.19.126.160

unknown

European Union

52.109.89.18

unknown

United States

52.109.32.7

unknown

United States

52.168.117.168

unknown

United States

13.107.42.16

unknown

United States