IOC Report
FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.eml

loading gif

Files

File Path
Type
Category
Malicious
FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.eml
RFC 822 mail, ASCII text, with very long lines (422), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
 malicious
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
modified
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\370D8B73.dat
PNG image data, 5 x 23, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{02002EA7-6A12-4C04-BAE1-9ED0B06E93A9}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\image[1].gif
GIF image data, version 89a, 834 x 834
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Image[1].png
PNG image data, 128 x 27, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\docInvite-white[1].png
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\email-logo[1].png
PNG image data, 228 x 50, 8-bit/color RGBA, non-interlaced
modified
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\icon-download-app[1].png
PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732579067543392600_BA754FBE-C2D9-483D-A0C2-6E8BEEEF5CD7.log
ASCII text, with very long lines (860), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732579067544139600_BA754FBE-C2D9-483D-A0C2-6E8BEEEF5CD7.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1857470348-6896.etl
data
modified
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 22:58:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 22:58:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 22:58:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 22:58:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 22:58:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 167
Unicode text, UTF-8 text, with very long lines (30984)
dropped
Chrome Cache Entry: 168
ASCII text, with very long lines (17329)
dropped
Chrome Cache Entry: 170
ASCII text, with very long lines (65438)
dropped
Chrome Cache Entry: 172
ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 175
ASCII text, with very long lines (65440)
dropped
Chrome Cache Entry: 176
ASCII text, with very long lines (9874)
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (9377)
downloaded
Chrome Cache Entry: 179
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 180
Unicode text, UTF-8 text, with very long lines (13823)
dropped
Chrome Cache Entry: 181
ASCII text, with very long lines (61773)
dropped
Chrome Cache Entry: 182
ASCII text, with very long lines (631), with no line terminators
downloaded
Chrome Cache Entry: 183
ASCII text, with very long lines (46070)
downloaded
Chrome Cache Entry: 184
Unicode text, UTF-8 text, with very long lines (16859)
downloaded
Chrome Cache Entry: 186
ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 187
HTML document, ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 190
ASCII text
downloaded
Chrome Cache Entry: 191
Unicode text, UTF-8 text, with very long lines (65439)
downloaded
Chrome Cache Entry: 194
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 197
ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 198
ASCII text, with very long lines (28371)
dropped
Chrome Cache Entry: 200
ASCII text, with very long lines (65449)
dropped
Chrome Cache Entry: 201
JSON data
downloaded
Chrome Cache Entry: 207
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 208
ASCII text, with very long lines (65443)
dropped
Chrome Cache Entry: 209
ASCII text, with very long lines (24600)
downloaded
Chrome Cache Entry: 211
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 213
Unicode text, UTF-8 text, with very long lines (61850), with LF, NEL line terminators
dropped
Chrome Cache Entry: 216
ASCII text, with very long lines (7965)
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (27974)
downloaded
Chrome Cache Entry: 219
Unicode text, UTF-8 text, with very long lines (65427)
downloaded
Chrome Cache Entry: 223
ASCII text, with very long lines (32843)
downloaded
Chrome Cache Entry: 226
ASCII text, with very long lines (16718)
dropped
Chrome Cache Entry: 227
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 229
Unicode text, UTF-8 text, with very long lines (65340)
dropped
Chrome Cache Entry: 231
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 232
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 236
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 237
ASCII text, with very long lines (7063)
dropped
Chrome Cache Entry: 238
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 242
ASCII text, with very long lines (19941)
dropped
Chrome Cache Entry: 244
Unicode text, UTF-8 text, with very long lines (65247)
downloaded
Chrome Cache Entry: 245
ASCII text, with very long lines (19861)
dropped
Chrome Cache Entry: 246
ASCII text, with very long lines (4755)
dropped
Chrome Cache Entry: 248
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 252
ASCII text, with very long lines (65448)
dropped
There are 71 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://na3.docusign.net/Signing/?ti=ebc1a2abb3b74da183969718fa12744e

Domains

Name
IP
Malicious
cdn.optimizely.com
104.18.65.57
www.google.com
142.250.181.100
api.mixpanel.com
35.190.25.25
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.208.68
arya-1323461286.us-west-2.elb.amazonaws.com
52.43.183.255
na3.docusign.net
unknown
a.docusign.com
unknown
docucdn-a.akamaihd.net
unknown

IPs

IP
Domain
Country
Malicious
52.113.194.132
unknown
United States
52.43.183.255
arya-1323461286.us-west-2.elb.amazonaws.com
United States
35.164.51.148
unknown
United States
172.217.19.227
unknown
United States
172.217.19.238
unknown
United States
104.18.66.57
unknown
United States
1.1.1.1
unknown
Australia
104.18.65.57
cdn.optimizely.com
United States
172.217.17.67
unknown
United States
172.217.17.78
unknown
United States
192.168.2.17
unknown
unknown
20.42.65.84
unknown
United States
23.64.59.59
unknown
United States
52.111.252.18
unknown
United States
84.201.208.68
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
Poland
23.218.208.109
unknown
United States
142.250.181.100
www.google.com
United States
64.207.218.235
unknown
United States
35.190.25.25
api.mixpanel.com
United States
74.125.205.84
unknown
United States
239.255.255.250
unknown
Reserved
23.54.81.216
unknown
United States
52.109.76.243
unknown
United States
There are 13 hidden IPs, click here to show them.