IOC Report
https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnR

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:01 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1980,i,2435764324751911138,18027140512445526587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk"

Domains

Name
IP
Malicious
d2t07dpvw9bt1v.cloudfront.net
52.222.236.4
www.google.com
172.217.16.132
us-west-2.protection.sophos.com
unknown
business.comcast.com
unknown
cmp.cws.xfinity.com
unknown

IPs

IP
Domain
Country
Malicious
52.222.236.4
d2t07dpvw9bt1v.cloudfront.net
United States
192.168.2.17
unknown
unknown
192.168.2.7
unknown
unknown
239.255.255.250
unknown
Reserved
172.217.16.132
www.google.com
United States