IOC Report
FW_ Olivia McGahen shared _GAIR LEGAL_ with you.msg

loading gif

Files

File Path
Type
Category
Malicious
FW_ Olivia McGahen shared _GAIR LEGAL_ with you.msg
CDFV2 Microsoft Outlook Message
initial sample
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
modified
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1212F459.dat
PNG image data, 140 x 140, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\130A90CA.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 80x75, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1A8728D1.dat
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\29E217D3.dat
PNG image data, 2394 x 964, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2F89589E.dat
PNG image data, 170 x 42, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\30E4B0CF.dat
PNG image data, 120 x 120, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\50F3D643.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 80x80, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\522DAE5C.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 227x62, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5502DE86.dat
PNG image data, 140 x 140, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\66C682AD.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 80x75, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\675BC132.dat
PNG image data, 2264 x 80, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\899447B8.dat
PNG image data, 140 x 140, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\AC84BB8B.dat
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BCE482B5.dat
PNG image data, 120 x 120, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DE467484.dat
PNG image data, 120 x 120, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F609E810.dat
PNG image data, 96 x 96, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:31:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:31:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:31:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:31:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:31:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
There are 22 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://gairlegalau-my.sharepoint.com/:o:/g/personal/olivia_mcgahen_gairlegal_com_au/EkfOV5ZnIZ5ItaQU3XBTsdoBEDG3LMTuHFdlMyMfe6BABQ?e=5%3aSZddJa&at=9

Domains

Name
IP
Malicious
196385-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com
52.105.235.25
dual-spo-0005.spo-msedge.net
13.107.136.10
www.google.com
142.250.186.36
gairlegalau-my.sharepoint.com
unknown
spo.nel.measure.office.net
unknown

IPs

IP
Domain
Country
Malicious
52.113.194.132
unknown
United States
142.250.184.195
unknown
United States
142.250.186.78
unknown
United States
52.105.235.25
196385-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com
United States
1.1.1.1
unknown
Australia
13.107.136.10
dual-spo-0005.spo-msedge.net
United States
142.250.186.36
www.google.com
United States
23.38.98.108
unknown
United States
23.38.98.114
unknown
United States
216.58.212.132
unknown
United States
2.16.202.85
unknown
European Union
142.251.5.84
unknown
United States
192.168.2.16
unknown
unknown
20.42.65.94
unknown
United States
142.250.185.238
unknown
United States
52.109.32.39
unknown
United States
142.251.168.84
unknown
United States
239.255.255.250
unknown
Reserved
2.19.126.160
unknown
European Union
142.250.185.195
unknown
United States
52.109.89.19
unknown
United States
184.28.90.27
unknown
United States
There are 12 hidden IPs, click here to show them.