Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 10:04:11 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 10:04:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 10:04:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 10:04:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 10:04:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
ASCII text, with very long lines (45797)
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
ASCII text, with very long lines (64616)
|
downloaded
|
||
|
Chrome Cache Entry: 102
|
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 103
|
Unicode text, UTF-8 text, with very long lines (32009)
|
dropped
|
||
|
Chrome Cache Entry: 104
|
ASCII text, with very long lines (45797)
|
dropped
|
||
|
Chrome Cache Entry: 105
|
ASCII text, with very long lines (14782)
|
downloaded
|
||
|
Chrome Cache Entry: 106
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 107
|
ASCII text, with very long lines (61177)
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
Unicode text, UTF-8 text, with very long lines (32009)
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
ASCII text, with very long lines (14782)
|
dropped
|
||
|
Chrome Cache Entry: 83
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
|
dropped
|
||
|
Chrome Cache Entry: 84
|
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 86
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 87
|
ASCII text, with very long lines (25695)
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (64616)
|
dropped
|
||
|
Chrome Cache Entry: 90
|
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 92
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106,
resolutionunit=3, software=Adobe Photoshop 21.1 (Windows), datetime=2020:05:20 08:50:11], baseline, precision 8, 1920x1080,
components 3
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 280x60, components
3
|
dropped
|
||
|
Chrome Cache Entry: 94
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
ASCII text, with very long lines (25695)
|
dropped
|
||
|
Chrome Cache Entry: 96
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 280x60, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106,
resolutionunit=3, software=Adobe Photoshop 21.1 (Windows), datetime=2020:05:20 08:50:11], baseline, precision 8, 1920x1080,
components 3
|
dropped
|
There are 24 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,17662341715992215995,799854014391982021,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3dac16fc13-eed0-45a8-a4cd-092120207ca4%26user%3d7d35c074-f1ce-4806-8732-1a64869fa060%26ticket%3dPqbSUkJjPpJW0yIMqaUTQLRg3kmINldPr4uL7BaqWvg%25253d%26ver%3d2.0"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3dac16fc13-eed0-45a8-a4cd-092120207ca4%26user%3d7d35c074-f1ce-4806-8732-1a64869fa060%26ticket%3dPqbSUkJjPpJW0yIMqaUTQLRg3kmINldPr4uL7BaqWvg%25253d%26ver%3d2.0
|
|||
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login
|
|||
|
https://aadcdn.msftauthimages.net/c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/illustration?ts=637255507111143881
|
13.107.246.45
|
||
|
https://login.microsoftonline.com
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js
|
152.199.21.175
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
|
152.199.21.175
|
||
|
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
|
152.199.21.175
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
|
152.199.21.175
|
||
|
https://aadcdn.msftauthimages.net/c1c6b6c8-yw-iky5-oitv6m8bxnlvjqeioua2sjr-bhiob-yiudy/logintenantbranding/0/bannerlogo?ts=637255507118990034
|
13.107.246.45
|
||
|
https://aadcdn.msftauthimages.net/c1c6b6c8-gu93kzcvv9nfo0jjjijxe9133mrsglit9lh2ikhkvmm/logintenantbranding/0/bannerlogo?ts=637271955782382065
|
13.107.246.45
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
152.199.21.175
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js
|
152.199.21.175
|
||
|
http://knockoutjs.com/
|
unknown
|
||
|
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
|
152.199.21.175
|
||
|
https://autologon.microsoftazuread-sso.com/deme-group.com/winauth/ssoprobe?client-request-id=b183b832-0872-4686-93c7-8f9e002bea48&_=1728903861708
|
40.126.32.74
|
||
|
https://github.com/douglascrockford/JSON-js
|
unknown
|
||
|
https://login.windows-ppe.net
|
unknown
|
||
|
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
|
152.199.21.175
|
||
|
http://feross.org
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
sni1gl.wpc.omegacdn.net
|
152.199.21.175
|
||
|
www.google.com
|
142.250.181.228
|
||
|
s-part-0039.t-0009.t-msedge.net
|
13.107.246.67
|
||
|
s-part-0039.t-0009.fb-t-msedge.net
|
13.107.253.67
|
||
|
autologon.microsoftazuread-sso.com
|
40.126.32.74
|
||
|
identity.nel.measure.office.net
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
login.microsoftonline.com
|
unknown
|
||
|
aadcdn.msftauthimages.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.246.45
|
s-part-0017.t-0009.t-msedge.net
|
United States
|
||
|
13.107.246.67
|
s-part-0039.t-0009.t-msedge.net
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
13.107.253.67
|
s-part-0039.t-0009.fb-t-msedge.net
|
United States
|
||
|
40.126.32.74
|
autologon.microsoftazuread-sso.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.181.228
|
www.google.com
|
United States
|
||
|
172.217.23.100
|
unknown
|
United States
|
||
|
152.199.21.175
|
sni1gl.wpc.omegacdn.net
|
United States
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt
|
||
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt
|
||
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt
|
||
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DPJp1H17W53fkYTX1QCKICogJZ8R5V_mYuQeJtujFe92PlIBQ8Ja9tSjAJPwssWmcs9J5AYl1pRf-MtPM1UsrrLbwHS6CR5I_9OYkYuqFndEEGEg_7cOOqHDgRQzBAagj0t5R2Oqbmg3NlYJx4a6hkSiB3xQ_nuAg7ASxUk09DmtqZEpow9kSoyD6HaqLp5DK4zCTtK1GvWjrjWk5zex3v1EnoRWibch9RJHObSH98eM0LUl6QukUGr57V3ics8bO7OEqSji0HiRJM4Klx4Tx2_YpySmTAY4QTMjAzHwrSbvWbzvvD1s1rTxsDpTkWCg2s24wQjrSHXlkDKHGVcaVaXnmsS3puNc-z0sKXv43W_vAzMhpAn2m7iPpXunoMHLYOYmh-x3F9z6qavEnuMPErXocnmXlpZYW-hwPsk_Hm4OoFSIvE_Bj5sCiwzSlhHksEitB_cqyCFzXzZ7exJI4hKqeMV4lg7QH8VPspf5Ad04d66g2Lm3SbsNuO8swP6CeVoaFqA-XerOS9Z_4MV4CCbLFBKhO0oAxVC33P1FbBroorQ9HhiuMKbrN7zGDZj3DvZbQIYvvVAWrIL_BXfGp-oAJl5E0PvbYkG_YxGSlSEfALc73vReA9yS8HAY1jTVvFELwtpAPWz9d7tuUzchbivj97ZJ07n2QmEcaQQYLnlw_aQANQ33jhWZv52401gBrCstj7Q-SVtEIiolNP9XWAGxYtD21hYmXEOuZ3dt
|
||
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login
|
||
|
https://login.microsoftonline.com/ac16fc13-eed0-45a8-a4cd-092120207ca4/login
|