IOC Report
https://eu.knowbe4.com/auth/saml/91b6f5903c38

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:24:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:24:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:24:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:24:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 15:24:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1120480828\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1120480828\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1120480828\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1120480828\ssl_error_assistant.pb
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1409054206\Google.Widevine.CDM.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1409054206\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1409054206\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1409054206\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1602622838\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1602622838\crl-set
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1602622838\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1602622838\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1774058300\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1774058300\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1774058300\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1774058300\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1948_1774058300\sets.json
JSON data
dropped
Chrome Cache Entry: 197
PNG image data, 280 x 60, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 198
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 199
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 201
ASCII text, with very long lines (61177)
downloaded
Chrome Cache Entry: 204
ASCII text, with very long lines (46591)
downloaded
Chrome Cache Entry: 209
JSON data
dropped
Chrome Cache Entry: 211
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 212
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 213
ASCII text, with very long lines (64612)
dropped
Chrome Cache Entry: 214
ASCII text, with very long lines (64616)
dropped
Chrome Cache Entry: 216
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 217
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 219
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 220
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 222
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 224
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, xresolution=122, yresolution=130, resolutionunit=2, software=paint.net 4.0.21], baseline, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 226
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 227
ASCII text, with very long lines (45797)
dropped
Chrome Cache Entry: 228
ASCII text, with very long lines (34709)
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (14782)
downloaded
Chrome Cache Entry: 232
Unicode text, UTF-8 text, with very long lines (32009)
downloaded
There are 35 hidden files, click here to show them.

Domains

Name
IP
Malicious
eu.knowbe4.com
52.222.236.127
s-part-0044.t-0009.fb-t-msedge.net
13.107.253.72
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
142.250.186.100
s-part-0039.t-0009.fb-t-msedge.net
13.107.253.67
s-part-0032.t-0009.t-msedge.net
13.107.246.60
autologon.microsoftazuread-sso.com
40.126.31.71
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
login.microsoftonline.com
unknown
aadcdn.msftauthimages.net
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
52.222.236.127
eu.knowbe4.com
United States
142.250.186.67
unknown
United States
34.104.35.123
unknown
United States
1.1.1.1
unknown
Australia
108.177.15.84
unknown
United States
172.217.16.206
unknown
United States
192.168.2.17
unknown
unknown
13.107.253.67
s-part-0039.t-0009.fb-t-msedge.net
United States
142.250.185.110
unknown
United States
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
40.126.31.71
autologon.microsoftazuread-sso.com
United States
20.190.159.64
unknown
United States
40.126.32.74
unknown
United States
239.255.255.250
unknown
Reserved
2.16.164.19
unknown
European Union
152.199.21.175
sni1gl.wpc.omegacdn.net
United States
95.101.54.113
unknown
European Union
142.250.186.100
www.google.com
United States
40.126.31.69
unknown
United States
172.217.18.10
unknown
United States
172.217.16.195
unknown
United States
20.50.201.205
unknown
United States
13.69.116.107
unknown
United States
There are 13 hidden IPs, click here to show them.