IOC Report
https://railrent-railrent.powerappsportals.com/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 08:47:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 08:47:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 08:47:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 08:47:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 08:47:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 104
PNG image data, 1 x 84, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (11766), with no line terminators
downloaded
Chrome Cache Entry: 107
data
dropped
Chrome Cache Entry: 108
data
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (39862)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (47531)
downloaded
Chrome Cache Entry: 111
data
downloaded
Chrome Cache Entry: 112
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (28287)
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (65312), with CRLF line terminators
downloaded
Chrome Cache Entry: 115
data
dropped
Chrome Cache Entry: 116
data
downloaded
Chrome Cache Entry: 119
data
downloaded
Chrome Cache Entry: 120
data
dropped
Chrome Cache Entry: 121
data
downloaded
Chrome Cache Entry: 123
data
downloaded
Chrome Cache Entry: 124
gzip compressed data, from Unix, original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 125
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 237
dropped
Chrome Cache Entry: 126
data
dropped
Chrome Cache Entry: 127
gzip compressed data, from Unix, original size modulo 2^32 17174
downloaded
Chrome Cache Entry: 128
Unicode text, UTF-8 text, with very long lines (65300), with CRLF line terminators
downloaded
Chrome Cache Entry: 130
gzip compressed data, max compression, from TOPS/20, original size modulo 2^32 92085
downloaded
Chrome Cache Entry: 131
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 132
assembler source, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 135
data
dropped
Chrome Cache Entry: 138
data
dropped
Chrome Cache Entry: 139
ASCII text, with very long lines (540), with no line terminators
downloaded
Chrome Cache Entry: 140
data
downloaded
Chrome Cache Entry: 141
data
downloaded
Chrome Cache Entry: 145
gzip compressed data, from Unix, original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 146
JSON data
downloaded
Chrome Cache Entry: 147
PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 148
data
downloaded
Chrome Cache Entry: 151
data
dropped
Chrome Cache Entry: 152
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 153
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 625
dropped
Chrome Cache Entry: 154
data
downloaded
Chrome Cache Entry: 155
data
downloaded
Chrome Cache Entry: 156
gzip compressed data, max compression, from TOPS/20, original size modulo 2^32 4807
dropped
Chrome Cache Entry: 157
data
downloaded
Chrome Cache Entry: 158
data
dropped
Chrome Cache Entry: 159
data
dropped
Chrome Cache Entry: 160
gzip compressed data, from Unix, original size modulo 2^32 1592
downloaded
Chrome Cache Entry: 161
Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 163
ASCII text, with very long lines (25293)
downloaded
Chrome Cache Entry: 164
data
dropped
Chrome Cache Entry: 167
data
dropped
Chrome Cache Entry: 168
data
downloaded
Chrome Cache Entry: 171
gzip compressed data, max compression, from TOPS/20, original size modulo 2^32 540048
downloaded
Chrome Cache Entry: 173
ASCII text, with very long lines (64632), with CRLF line terminators
downloaded
Chrome Cache Entry: 174
ASCII text, with very long lines (394), with CRLF line terminators
downloaded
Chrome Cache Entry: 175
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
There are 49 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://railrent-railrent.powerappsportals.com/
malicious
https://railrent-railrent.angebotsecurefile.top/&redirect=e6bb61c79c7d4e2337f9765880e5f79545c8bcdcmain&uid=f253efe302d32ab264a76e0ce65be769671a17b1241ac#
malicious
https://railrent-railrent.powerappsportals.com/
malicious
https://railrent-railrent.angebotsecurefile.top/&redirect=e6bb61c79c7d4e2337f9765880e5f79545c8bcdcmain&uid=f253efe302d32ab264a76e0ce65be769671a17b1241ac
malicious
https://railrent-railrent.angebotsecurefile.top/

Domains

Name
IP
Malicious
railrent-railrent.angebotsecurefile.top
104.21.81.69
 malicious
a.nel.cloudflare.com
35.190.80.1
png.pngtree.com
104.18.2.157
challenges.cloudflare.com
104.18.95.41
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
www.google.com
142.250.186.68
content.powerapps.com
unknown
railrent-railrent.powerappsportals.com
unknown

IPs

IP
Domain
Country
Malicious
104.21.81.69
railrent-railrent.angebotsecurefile.top
United States
malicious
142.250.186.68
www.google.com
United States
142.250.186.35
unknown
United States
142.250.186.67
unknown
United States
1.1.1.1
unknown
Australia
108.177.15.84
unknown
United States
20.50.64.25
unknown
United States
172.217.18.14
unknown
United States
192.168.2.16
unknown
unknown
13.107.253.45
s-part-0017.t-0009.fb-t-msedge.net
United States
104.18.95.41
challenges.cloudflare.com
United States
104.18.2.157
png.pngtree.com
United States
142.250.185.238
unknown
United States
239.255.255.250
unknown
Reserved
192.168.2.13
unknown
unknown
192.168.2.14
unknown
unknown
104.18.3.157
unknown
United States
172.67.140.116
unknown
United States
35.190.80.1
a.nel.cloudflare.com
United States
142.250.186.74
unknown
United States
There are 10 hidden IPs, click here to show them.