IOC Report
https://gcv.microsoft.us/kgRWagmalJ

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:14:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:14:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:14:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:14:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:14:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 115
HTML document, ASCII text, with very long lines (379), with CRLF line terminators
downloaded
Chrome Cache Entry: 118
data
downloaded
Chrome Cache Entry: 119
JSON data
downloaded
Chrome Cache Entry: 120
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 572x233, components 3
dropped
Chrome Cache Entry: 122
PNG image data, 228 x 66, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 123
ASCII text, with very long lines (47421), with CRLF line terminators
downloaded
Chrome Cache Entry: 124
data
downloaded
Chrome Cache Entry: 125
data
downloaded
Chrome Cache Entry: 126
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 127
ASCII text, with very long lines (58457)
downloaded
Chrome Cache Entry: 128
ASCII text, with very long lines (59765)
downloaded
Chrome Cache Entry: 129
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 130
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 134
HTML document, ASCII text, with very long lines (611)
downloaded
Chrome Cache Entry: 135
ASCII text
downloaded
Chrome Cache Entry: 136
data
downloaded
Chrome Cache Entry: 137
Unicode text, UTF-8 text, with very long lines (19569), with CRLF line terminators
downloaded
Chrome Cache Entry: 138
ASCII text, with very long lines (65326)
downloaded
Chrome Cache Entry: 139
Unicode text, UTF-8 text, with very long lines (40515)
downloaded
Chrome Cache Entry: 140
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 222x125, components 3
downloaded
Chrome Cache Entry: 141
Unicode text, UTF-8 text, with very long lines (60976)
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (23932)
downloaded
Chrome Cache Entry: 144
Dyalog APL aplcore version 68.-91
downloaded
Chrome Cache Entry: 145
ASCII text, with very long lines (21084)
downloaded
Chrome Cache Entry: 146
ASCII text, with very long lines (5092)
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (29782)
downloaded
Chrome Cache Entry: 148
PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 151
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 152
data
downloaded
Chrome Cache Entry: 153
data
downloaded
Chrome Cache Entry: 154
data
downloaded
Chrome Cache Entry: 155
JSON data
dropped
Chrome Cache Entry: 156
PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 157
data
downloaded
Chrome Cache Entry: 158
data
downloaded
Chrome Cache Entry: 160
ASCII text, with very long lines (2530)
downloaded
Chrome Cache Entry: 163
data
downloaded
Chrome Cache Entry: 165
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 166
OpenPGP Secret Key
downloaded
Chrome Cache Entry: 167
Unicode text, UTF-8 text, with very long lines (64954), with CRLF line terminators
downloaded
Chrome Cache Entry: 168
data
downloaded
Chrome Cache Entry: 169
JSON data
dropped
Chrome Cache Entry: 170
PNG image data, 330 x 330, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 171
data
downloaded
Chrome Cache Entry: 172
JSON data
dropped
Chrome Cache Entry: 173
JSON data
dropped
Chrome Cache Entry: 174
ASCII text, with very long lines (14182)
downloaded
Chrome Cache Entry: 175
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 176
data
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (32012)
downloaded
Chrome Cache Entry: 179
PGP Secret Sub-key -
downloaded
Chrome Cache Entry: 180
PNG image data, 864 x 1024, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 181
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, progressive, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 182
data
downloaded
Chrome Cache Entry: 183
data
downloaded
Chrome Cache Entry: 184
PNG image data, 600 x 596, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 185
ASCII text, with very long lines (63096)
downloaded
Chrome Cache Entry: 187
ASCII text, with very long lines (47337)
downloaded
Chrome Cache Entry: 189
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 190
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 191
data
downloaded
Chrome Cache Entry: 193
ASCII text, with very long lines (48664)
downloaded
Chrome Cache Entry: 194
ASCII text, with very long lines (19015)
downloaded
There are 61 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://gcv.microsoft.us/kgRWagmalJ
https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html
https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D

Domains

Name
IP
Malicious
pub-67b1238eb6e243dc93f415a9f97faade.r2.dev
104.18.3.35
cdn.glitch.me
18.165.98.104
cdn.glitch.com
99.84.208.71
code.jquery.com
151.101.2.137
eafd-3p-profile.usgovtrafficmanager.net
20.140.151.75
cdnjs.cloudflare.com
104.17.25.14
sign.13thav.com
173.231.215.6
osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net
52.127.240.65
maxcdn.bootstrapcdn.com
104.18.10.207
www.google.com
142.251.16.106
eu.starton-ipfs.com
172.67.217.18
customervoice.microsoft.us
unknown
lists.gcc.osi.office365.us
unknown
gcv.microsoft.us
unknown
cdn.glitch.global
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.217.18
eu.starton-ipfs.com
United States
99.84.208.71
cdn.glitch.com
United States
1.1.1.1
unknown
Australia
104.18.3.35
pub-67b1238eb6e243dc93f415a9f97faade.r2.dev
United States
104.18.10.207
maxcdn.bootstrapcdn.com
United States
51.104.15.253
unknown
United Kingdom
172.253.63.95
unknown
United States
192.168.2.16
unknown
unknown
142.251.163.101
unknown
United States
172.253.62.84
unknown
United States
142.251.163.138
unknown
United States
142.251.16.106
www.google.com
United States
172.253.122.94
unknown
United States
151.101.2.137
code.jquery.com
United States
20.189.173.15
unknown
United States
52.127.240.65
osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net
United States
239.255.255.250
unknown
Reserved
52.127.240.59
unknown
United States
20.140.151.75
eafd-3p-profile.usgovtrafficmanager.net
United States
18.165.98.104
cdn.glitch.me
United States
151.101.2.132
unknown
United States
173.231.215.6
sign.13thav.com
United States
104.17.25.14
cdnjs.cloudflare.com
United States
172.253.115.95
unknown
United States
There are 14 hidden IPs, click here to show them.