IOC Report
https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#alissa.bessette@eastwesttea.com

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 18:44:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 18:44:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 18:44:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 18:44:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 18:44:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped

URLs

Name
IP
Malicious
https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#alissa.bessette@eastwesttea.com
malicious
https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com
malicious
https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638691111273749007.ODkxODhjZmItZGM1OC00OGJiLWFlZTgtZTBlYjk5NDFlY2VhYjRlYWIxYjgtMmFkNC00YWIzLWJkNzYtMTgwMGQxMzA1NjMw&ui_locales=en-US&mkt=en-US&client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&state=azBYH97iH30gmyKPiJlO60LAmzXt82DNZoC8hSNBC7pBcJLrJX5sBDvbQCELL6JtGZiFFNuQ93mA37yudp9g-1XhGrwqkWnfRVuh1jByyZ7ppiRn1zLPUPs2KwQeOzTEGdY2KjcPqdO4UgtCIZ7acdZIwxy-KUzw7mH_nymXxNDh53ahvvm4Mre5q7mbtwVmFzy_129IppJZbZs6v2Fj5ltLcFdV8d70uSUtP3mHOylAeWvzAnTr1l8VZuTtMqSpP-Asyx9tBTfzT9Y6pOxLhg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true
malicious
https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638691111273749007.ODkxODhjZmItZGM1OC00OGJiLWFlZTgtZTBlYjk5NDFlY2VhYjRlYWIxYjgtMmFkNC00YWIzLWJkNzYtMTgwMGQxMzA1NjMw&ui_locales=en-US&mkt=en-US&client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&state=azBYH97iH30gmyKPiJlO60LAmzXt82DNZoC8hSNBC7pBcJLrJX5sBDvbQCELL6JtGZiFFNuQ93mA37yudp9g-1XhGrwqkWnfRVuh1jByyZ7ppiRn1zLPUPs2KwQeOzTEGdY2KjcPqdO4UgtCIZ7acdZIwxy-KUzw7mH_nymXxNDh53ahvvm4Mre5q7mbtwVmFzy_129IppJZbZs6v2Fj5ltLcFdV8d70uSUtP3mHOylAeWvzAnTr1l8VZuTtMqSpP-Asyx9tBTfzT9Y6pOxLhg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0

Domains

Name
IP
Malicious
office.aeentrabar.com
172.86.84.193
 malicious
m0g9861wc1.execute-api.us-east-1.amazonaws.com
54.235.109.11
react.aeentrabar.com
172.86.84.193
s-part-0035.t-0009.t-msedge.net
13.107.246.63
images.freeimages.com
18.161.111.41
js.hcaptcha.com
104.19.230.21
findicons.com
52.84.45.64
challenges.cloudflare.com
104.18.95.41
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
142.250.181.100
api2.hcaptcha.com
104.19.229.21
newassets.hcaptcha.com
104.19.229.21
ywnjb.aeentrabar.com
172.86.84.193
aadcdn.msftauth.net
unknown
identity.nel.measure.office.net
unknown
dc.services.visualstudio.com
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.86.84.193
react.aeentrabar.com
United States
malicious
172.217.19.227
unknown
United States
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
152.199.19.161
unknown
United States
18.161.111.41
images.freeimages.com
United States
172.217.17.46
unknown
United States
20.50.88.242
unknown
United States
104.18.94.41
unknown
United States
192.168.2.16
unknown
unknown
20.189.173.3
unknown
United States
104.19.230.21
js.hcaptcha.com
United States
142.250.181.42
unknown
United States
1.1.1.1
unknown
Australia
157.58.197.16
unknown
United States
172.217.17.78
unknown
United States
172.217.17.35
unknown
United States
104.18.95.41
challenges.cloudflare.com
United States
20.50.88.235
unknown
United States
104.116.245.11
unknown
United States
142.250.181.100
www.google.com
United States
216.58.208.234
unknown
United States
167.220.71.70
unknown
United States
104.19.229.21
api2.hcaptcha.com
United States
20.31.161.73
unknown
United States
239.255.255.250
unknown
Reserved
152.199.21.175
sni1gl.wpc.omegacdn.net
United States
54.235.109.11
m0g9861wc1.execute-api.us-east-1.amazonaws.com
United States
173.194.222.84
unknown
United States
52.84.45.64
findicons.com
United States
142.250.181.74
unknown
United States
There are 20 hidden IPs, click here to show them.