Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Chrome Cache Entry: 62
|
ASCII text, with very long lines (45797)
|
downloaded
|
||
|
Chrome Cache Entry: 63
|
ASCII text, with very long lines (64616)
|
downloaded
|
||
|
Chrome Cache Entry: 64
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 65
|
ASCII text, with very long lines (61177)
|
downloaded
|
||
|
Chrome Cache Entry: 66
|
Unicode text, UTF-8 text, with very long lines (32009)
|
downloaded
|
||
|
Chrome Cache Entry: 67
|
ASCII text, with very long lines (64616)
|
dropped
|
||
|
Chrome Cache Entry: 68
|
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 69
|
ASCII text, with very long lines (64612)
|
dropped
|
||
|
Chrome Cache Entry: 70
|
JPEG image data, progressive, precision 8, 1920x1080, components 3
|
dropped
|
||
|
Chrome Cache Entry: 71
|
ASCII text, with very long lines (46090)
|
dropped
|
||
|
Chrome Cache Entry: 72
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 73
|
Unicode text, UTF-8 text, with very long lines (32009)
|
dropped
|
||
|
Chrome Cache Entry: 74
|
ASCII text, with very long lines (45797)
|
dropped
|
||
|
Chrome Cache Entry: 75
|
JPEG image data, progressive, precision 8, 1920x1080, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
ASCII text, with very long lines (46090)
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 78
|
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
ASCII text, with very long lines (64612)
|
downloaded
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2236,i,16202737011190801520,3337361376882939055,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://core4ce.sharepoint.us/:u:/r/sites/Rampart/Shared%20Documents/Rampart_Architecturev2.vsdx?d=wb2c36d35ead642a0bb768843135cb471&e=4%3ae9566662f2044e998431c3da92e36b60&sharingv2=true&fromShare=true&xsdata=MDV8MDJ8dHlsZXIucG9vckBjb3JlNGNlLmNvbXwxYTdmMTE5MDQ5NDk0ZWNkZDAxZDA4ZGNlYTFhMDJiM3wyNGY1ZmRiNmUwYzI0NDFmYWU3ZmQxNTBjNzI4ZTM3YnwwfDB8NjM4NjQyNjQ0NjQ2MjQ2MjY0fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=T1NBWmQzcmRTTTI2dmhrcnZIWG5ZZmFyRGFSUXZyVFhEajMxNTkyZmhHcz0%3d"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://core4ce.sharepoint.us/:u:/r/sites/Rampart/Shared%20Documents/Rampart_Architecturev2.vsdx?d=wb2c36d35ead642a0bb768843135cb471&e=4%3ae9566662f2044e998431c3da92e36b60&sharingv2=true&fromShare=true&xsdata=MDV8MDJ8dHlsZXIucG9vckBjb3JlNGNlLmNvbXwxYTdmMTE5MDQ5NDk0ZWNkZDAxZDA4ZGNlYTFhMDJiM3wyNGY1ZmRiNmUwYzI0NDFmYWU3ZmQxNTBjNzI4ZTM3YnwwfDB8NjM4NjQyNjQ0NjQ2MjQ2MjY0fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=T1NBWmQzcmRTTTI2dmhrcnZIWG5ZZmFyRGFSUXZyVFhEajMxNTkyZmhHcz0%3d
|
 |
||
|
https://login.microsoftonline.us/24f5fdb6-e0c2-441f-ae7f-d150c728e37b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=760F198D879A68763B8611887FA3AA3C6324CBFEF9C2B728%2DC69EFC69D530EF6C074449F003E9A4A08D35CF34AF6685490261D5D3F7E1C377&redirect%5Furi=https%3A%2F%2Fcore4ce%2Esharepoint%2Eus%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=3af158a1%2D6044%2D0000%2D3143%2Dcbc0fcf6e747&sso_reload=true
|
|
||
|
https://core4ce.sharepoint.us/_forms/default.aspx?ReturnUrl=%2fsites%2fRampart%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252FRampart%252FShared%2520Documents%252FRampart%255FArchitecturev2%252Evsdx%253Fd%253Dwb2c36d35ead642a0bb768843135cb471%2526e%253D4%25253ae9566662f2044e998431c3da92e36b60%2526sharingv2%253Dtrue%2526fromShare%253Dtrue%2526CID%253D39f158a1%252Df074%252D0000%252D3143%252Dcec148fd9c12%2526cidOR%253DSPO&Source=cookie
|
20.34.10.53
|
||
|
https://aadcdn.msftauthimages.us/6ebb54f4-vnbklnuh5ks5smrcmee6risenblah0-slhtg962nt-y/logintenantbranding/0/illustration?ts=638481933549179137
|
20.141.12.34
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
|
152.199.21.175
|
||
|
https://aadcdn.msftauthimages.us/6ebb54f4-vnbklnuh5ks5smrcmee6risenblah0-slhtg962nt-y/logintenantbranding/0/bannerlogo?ts=638476018421341664
|
20.141.12.34
|
||
|
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js
|
152.199.21.175
|
||
|
https://core4ce.sharepoint.us/:u:/r/sites/Rampart/Shared%20Documents/Rampart_Architecturev2.vsdx?d=wb2c36d35ead642a0bb768843135cb471&e=4%3ae9566662f2044e998431c3da92e36b60&sharingv2=true&fromShare=true&xsdata=MDV8MDJ8dHlsZXIucG9vckBjb3JlNGNlLmNvbXwxYTdmMTE5MDQ5NDk0ZWNkZDAxZDA4ZGNlYTFhMDJiM3wyNGY1ZmRiNmUwYzI0NDFmYWU3ZmQxNTBjNzI4ZTM3YnwwfDB8NjM4NjQyNjQ0NjQ2MjQ2MjY0fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=T1NBWmQzcmRTTTI2dmhrcnZIWG5ZZmFyRGFSUXZyVFhEajMxNTkyZmhHcz0%3d
|
20.34.10.53
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_64Z6dmvJd_mCK0LlAXyiHg2.js
|
152.199.21.175
|
||
|
https://core4ce.sharepoint.us/sites/Rampart/_layouts/15/Authenticate.aspx?Source=%2Fsites%2FRampart%2FShared%20Documents%2FRampart%5FArchitecturev2%2Evsdx%3Fd%3Dwb2c36d35ead642a0bb768843135cb471%26e%3D4%253ae9566662f2044e998431c3da92e36b60%26sharingv2%3Dtrue%26fromShare%3Dtrue%26CID%3D39f158a1%2Df074%2D0000%2D3143%2Dcec148fd9c12%26cidOR%3DSPO
|
20.34.10.53
|
||
|
https://login.microsoftonline.us/24f5fdb6-e0c2-441f-ae7f-d150c728e37b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=760F198D879A68763B8611887FA3AA3C6324CBFEF9C2B728%2DC69EFC69D530EF6C074449F003E9A4A08D35CF34AF6685490261D5D3F7E1C377&redirect%5Furi=https%3A%2F%2Fcore4ce%2Esharepoint%2Eus%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=3af158a1%2D6044%2D0000%2D3143%2Dcbc0fcf6e747
|
|||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
152.199.21.175
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
|
152.199.21.175
|
||
|
http://knockoutjs.com/
|
unknown
|
||
|
https://github.com/douglascrockford/JSON-js
|
unknown
|
||
|
https://core4ce.sharepoint.us/sites/Rampart/Shared%20Documents/Rampart_Architecturev2.vsdx?d=wb2c36d35ead642a0bb768843135cb471&e=4%3ae9566662f2044e998431c3da92e36b60&sharingv2=true&fromShare=true&CID=39f158a1-f074-0000-3143-cec148fd9c12&cidOR=SPO
|
20.34.10.53
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
|
152.199.21.175
|
||
|
http://feross.org
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
|
152.199.21.175
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
eafd-ffgov-phxr9b1-roxy-default-sni.aksroxy.azureedge.us
|
20.141.12.34
|
||
|
eafd-ffgov-phxr9b2-roxy-default-sni.aksroxy.azureedge.us
|
20.140.48.70
|
||
|
eafd-ffgov-snr9b1-roxy-default-sni.aksroxy.azureedge.us
|
20.140.56.69
|
||
|
sni1gl.wpc.omegacdn.net
|
152.199.21.175
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
142.250.186.36
|
||
|
181092-ipv4v6.farm.dprodmgd150.aa-rt.sharepoint.us
|
20.34.10.53
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
aadcdn.msftauthimages.us
|
unknown
|
||
|
core4ce.sharepoint.us
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
login.microsoftonline.us
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.36
|
www.google.com
|
United States
|
||
|
20.141.12.34
|
eafd-ffgov-phxr9b1-roxy-default-sni.aksroxy.azureedge.us
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
20.140.48.70
|
eafd-ffgov-phxr9b2-roxy-default-sni.aksroxy.azureedge.us
|
United States
|
||
|
20.34.10.53
|
181092-ipv4v6.farm.dprodmgd150.aa-rt.sharepoint.us
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
152.199.21.175
|
sni1gl.wpc.omegacdn.net
|
United States
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://login.microsoftonline.us/24f5fdb6-e0c2-441f-ae7f-d150c728e37b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=760F198D879A68763B8611887FA3AA3C6324CBFEF9C2B728%2DC69EFC69D530EF6C074449F003E9A4A08D35CF34AF6685490261D5D3F7E1C377&redirect%5Furi=https%3A%2F%2Fcore4ce%2Esharepoint%2Eus%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=3af158a1%2D6044%2D0000%2D3143%2Dcbc0fcf6e747
|
|
|
|
https://login.microsoftonline.us/24f5fdb6-e0c2-441f-ae7f-d150c728e37b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=760F198D879A68763B8611887FA3AA3C6324CBFEF9C2B728%2DC69EFC69D530EF6C074449F003E9A4A08D35CF34AF6685490261D5D3F7E1C377&redirect%5Furi=https%3A%2F%2Fcore4ce%2Esharepoint%2Eus%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=3af158a1%2D6044%2D0000%2D3143%2Dcbc0fcf6e747&sso_reload=true
|
|
|
|
https://login.microsoftonline.us/24f5fdb6-e0c2-441f-ae7f-d150c728e37b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=760F198D879A68763B8611887FA3AA3C6324CBFEF9C2B728%2DC69EFC69D530EF6C074449F003E9A4A08D35CF34AF6685490261D5D3F7E1C377&redirect%5Furi=https%3A%2F%2Fcore4ce%2Esharepoint%2Eus%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=3af158a1%2D6044%2D0000%2D3143%2Dcbc0fcf6e747&sso_reload=true
|
|
|
|
https://login.microsoftonline.us/24f5fdb6-e0c2-441f-ae7f-d150c728e37b/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=760F198D879A68763B8611887FA3AA3C6324CBFEF9C2B728%2DC69EFC69D530EF6C074449F003E9A4A08D35CF34AF6685490261D5D3F7E1C377&redirect%5Furi=https%3A%2F%2Fcore4ce%2Esharepoint%2Eus%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=3af158a1%2D6044%2D0000%2D3143%2Dcbc0fcf6e747&sso_reload=true
|
|