IOC Report
attachment(1).eml

loading gif

Files

File Path
Type
Category
Malicious
attachment(1).eml
RFC 822 mail, ASCII text, with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (2195), with no line terminators
modified
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Avenir Next LT Pro\25381880192.ttf
TrueType Font data, 20 tables, 1st "GDEF", 32 names, Macintosh, Copyright \251 2004 - 2017 Monotype GmbH. All rights reserved.Avenir Next LT ProBoldMonotype Ima
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Avenir Next LT Pro\26301410506.ttf
TrueType Font data, 20 tables, 1st "GDEF", 32 names, Macintosh, Copyright \251 2004 - 2017 Monotype GmbH. All rights reserved.Avenir Next LT ProRegularMonotype
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\53B58094.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 177x177, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6120B02E.dat
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C8170AA1.dat
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E98077C2.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 177x177, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F1622D20.dat
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GZKBQLBB\Outlook-linkedin (003).png
PNG image data, 177 x 177, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GZKBQLBB\Outlook-linkedin (004).png:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\GZKBQLBB\Outlook-zuca5g32.png
PNG image data, 1994 x 651, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 10:40:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 10:40:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 10:40:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 10:40:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 10:40:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1404197370\Google.Widevine.CDM.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1404197370\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1404197370\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1404197370\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1763765446\Filtering Rules
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1763765446\LICENSE.txt
ASCII text, with CRLF line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1763765446\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1763765446\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_1763765446\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_757049762\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_757049762\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_757049762\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_757049762\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1996_757049762\sets.json
JSON data
dropped
There are 29 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://euroservis.basiic.net/4fHFE/
malicious
https://euroservis.circle.so/c/docs/secure-9c150fda-a3b5-4727-912d-c98142ae40da

Domains

Name
IP
Malicious
euroservis.basiic.net
188.114.97.3
 malicious
static.cloudflareinsights.com
104.16.79.73
rsms.me
104.21.234.234
z-p42-instagram.c10r.instagram.com
157.240.0.174
platform.twitter.map.fastly.net
199.232.188.157
stats.g.doubleclick.net
74.125.133.156
partnerlinks.io
104.18.31.133
rum-static.pingdom.net
104.22.54.104
scontent.xx.fbcdn.net
157.240.0.6
code.jquery.com
151.101.130.137
cdnjs.cloudflare.com
104.17.24.14
stripe.com
54.76.53.164
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
142.250.186.68
grsm.io
104.18.10.212
stackpath.bootstrapcdn.com
104.18.10.207
5102487645.my.id
162.241.71.126
a.nel.cloudflare.com
35.190.80.1
sessions.bugsnag.com
35.190.88.7
maxcdn.bootstrapcdn.com
104.18.10.207
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
stripecdn.map.fastly.net
151.101.128.176
euroservis.circle.so
104.18.39.141
prod-dem-collector-elb-611025824.eu-west-1.elb.amazonaws.com
54.228.145.139
ger.file.myqcloud.com
162.62.150.187
m.stripe.com
54.200.229.67
challenges.cloudflare.com
104.18.94.41
dexeqbeb7giwr.cloudfront.net
3.161.82.129
analytics.google.com
142.250.186.142
td.doubleclick.net
216.58.212.130
js.partnerstack.com
104.18.6.218
instagram.c10r.instagram.com
157.240.251.63
cdn.embedly.com
unknown
m.stripe.network
unknown
5102487645-1323985617.cos.eu-frankfurt.myqcloud.com
unknown
platform.instagram.com
unknown
platform.twitter.com
unknown
aadcdn.msftauth.net
unknown
rum-collector-2.pingdom.net
unknown
connect.facebook.net
unknown
www.instagram.com
unknown
js.stripe.com
unknown
There are 32 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
188.114.97.3
euroservis.basiic.net
European Union
malicious
142.250.186.68
www.google.com
United States
151.101.0.176
unknown
United States
35.190.88.7
sessions.bugsnag.com
United States
151.101.130.137
code.jquery.com
United States
2.19.126.160
unknown
European Union
151.101.66.137
unknown
United States
157.240.0.174
z-p42-instagram.c10r.instagram.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
162.241.71.126
5102487645.my.id
United States
34.104.35.123
unknown
United States
1.1.1.1
unknown
Australia
54.228.145.139
prod-dem-collector-elb-611025824.eu-west-1.elb.amazonaws.com
United States
18.245.86.52
unknown
United States
104.21.234.234
rsms.me
United States
104.18.95.41
unknown
United States
151.101.128.176
stripecdn.map.fastly.net
United States
239.255.255.250
unknown
Reserved
3.161.82.129
dexeqbeb7giwr.cloudfront.net
United States
142.250.186.142
analytics.google.com
United States
152.199.21.175
sni1gl.wpc.omegacdn.net
United States
199.232.188.157
platform.twitter.map.fastly.net
United States
142.250.184.238
unknown
United States
142.250.185.72
unknown
United States
104.18.31.133
partnerlinks.io
United States
74.125.133.156
stats.g.doubleclick.net
United States
104.18.10.207
stackpath.bootstrapcdn.com
United States
172.217.18.14
unknown
United States
104.18.94.41
challenges.cloudflare.com
United States
192.168.2.16
unknown
unknown
216.58.206.36
unknown
United States
142.250.185.202
unknown
United States
157.240.0.6
scontent.xx.fbcdn.net
United States
142.250.185.163
unknown
United States
104.18.39.141
euroservis.circle.so
United States
52.109.89.19
unknown
United States
157.240.251.63
instagram.c10r.instagram.com
United States
104.16.90.50
unknown
United States
13.89.178.26
unknown
United States
104.16.79.73
static.cloudflareinsights.com
United States
216.58.212.130
td.doubleclick.net
United States
172.217.18.10
unknown
United States
216.239.36.178
unknown
United States
142.250.186.99
unknown
United States
52.113.194.132
unknown
United States
104.17.24.14
cdnjs.cloudflare.com
United States
104.18.10.212
grsm.io
United States
13.107.253.45
s-part-0017.t-0009.fb-t-msedge.net
United States
54.76.53.164
stripe.com
United States
104.22.55.104
unknown
United States
142.250.185.136
unknown
United States
104.18.6.218
js.partnerstack.com
United States
157.240.251.9
unknown
United States
104.18.11.207
unknown
United States
142.250.185.170
unknown
United States
162.62.150.176
unknown
Singapore
64.233.184.84
unknown
United States
184.28.90.27
unknown
United States
142.250.186.168
unknown
United States
54.200.229.67
m.stripe.com
United States
104.22.54.104
rum-static.pingdom.net
United States
There are 51 hidden IPs, click here to show them.