Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:58:25 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:58:25 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:58:25 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:58:25 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:58:25 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 131
|
Unicode text, UTF-8 text, with very long lines (64241)
|
downloaded
|
||
|
Chrome Cache Entry: 132
|
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 138
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
ASCII text, with very long lines (65394)
|
downloaded
|
||
|
Chrome Cache Entry: 141
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 145
|
ASCII text, with very long lines (6109)
|
downloaded
|
||
|
Chrome Cache Entry: 146
|
PNG image data, 1944 x 605, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 147
|
Web Open Font Format, TrueType, length 26288, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 148
|
Web Open Font Format (Version 2), TrueType, length 12164, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 149
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 151
|
PNG image data, 286 x 41, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
PNG image data, 4742 x 2732, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 154
|
PNG image data, 657 x 465, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 155
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 156
|
PNG image data, 1056 x 867, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 157
|
PNG image data, 11 x 20, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 158
|
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 159
|
PNG image data, 1776 x 472, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 160
|
PNG image data, 658 x 467, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 161
|
PNG image data, 19 x 20, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 164
|
PNG image data, 657 x 442, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 166
|
ASCII text, with very long lines (656)
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
PNG image data, 161 x 160, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 169
|
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 170
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 171
|
ASCII text, with very long lines (3475)
|
downloaded
|
||
|
Chrome Cache Entry: 173
|
Web Open Font Format (Version 2), TrueType, length 10544, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 175
|
PNG image data, 657 x 394, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 176
|
PNG image data, 657 x 394, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 177
|
ASCII text, with very long lines (64612)
|
downloaded
|
||
|
Chrome Cache Entry: 178
|
ASCII text, with very long lines (30221)
|
downloaded
|
||
|
Chrome Cache Entry: 180
|
PNG image data, 657 x 439, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 181
|
ASCII text, with very long lines (32000)
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
PNG image data, 657 x 535, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
PNG image data, 1056 x 867, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 184
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 185
|
Web Open Font Format (Version 2), TrueType, length 11100, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
ASCII text, with very long lines (61177)
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
PNG image data, 657 x 588, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 191
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
Web Open Font Format (Version 2), TrueType, length 11356, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 195
|
ASCII text, with very long lines (64616)
|
downloaded
|
||
|
Chrome Cache Entry: 196
|
ASCII text, with very long lines (43896)
|
downloaded
|
||
|
Chrome Cache Entry: 197
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
PNG image data, 658 x 497, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
Unicode text, UTF-8 text, with very long lines (32153)
|
downloaded
|
||
|
Chrome Cache Entry: 202
|
ASCII text, with very long lines (672)
|
downloaded
|
||
|
Chrome Cache Entry: 203
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 17287
|
downloaded
|
||
|
Chrome Cache Entry: 204
|
ASCII text, with very long lines (42133)
|
downloaded
|
||
|
Chrome Cache Entry: 209
|
PNG image data, 1056 x 867, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 211
|
Unicode text, UTF-8 text, with very long lines (31996)
|
downloaded
|
||
|
Chrome Cache Entry: 213
|
ASCII text, with very long lines (25694)
|
downloaded
|
||
|
Chrome Cache Entry: 214
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141339
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 217
|
PNG image data, 657 x 394, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 218
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 219
|
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 220
|
PNG image data, 1017 x 706, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 221
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 223
|
PNG image data, 657 x 575, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 225
|
ASCII text, with very long lines (14735)
|
downloaded
|
||
|
Chrome Cache Entry: 227
|
PNG image data, 1776 x 472, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
ASCII text, with very long lines (1644), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
ASCII text, with very long lines (3368)
|
downloaded
|
There are 64 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pensionforyou-nl.my.salesforce.com
|
|||
|
https://pensionforyou-nl.my.salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY-AaNWCMDAwMDAwMDAwMDAwMDAwAAAA-Ll1Zo-SYIXsQ20wOF1KFTcsY6A69-PUXWYm396_rRQunD4dbJYbOS3gl7VfOUJozBKXvYqrluWf-8LAKBmVfDqFB9xcqpHA77ul1LunuP_feHwiJSOEJliGCe3rcyCC5S70ZHwMPqcc2re3ZE-xgY9n_snAvBhSlbbJwDW3bwdeR9ZAywNzHX6X-_gpbKntk67bmKFkCGopJLNFos09FPEF-jWi6-BwR8KHMh-zlCj9L2-V5uaJ2O0d5GzQc3EZEw&saml_acs=https%3A%2F%2Fpensionforyou-nl.my.salesforce.com%3Fso%3D00D1t000000x74q&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fpensionforyou-nl.my.salesforce.com&samlSsoConfig=0LE1v0000004T0D&RelayState=%2F
|
|||
|
https://www.office.com/
|
|||
|
https://login.microsoftonline.com/a91e3dd4-d85d-48e2-a591-3017cb57b4b8/saml2?sso_reload=true
|
|||
|
https://login.microsoftonline.com/a91e3dd4-d85d-48e2-a591-3017cb57b4b8/saml2
|
|||
|
http://pensionforyou-nl.my.salesforce.com/
|
34.226.36.51
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638490239417255002.NjgzN2M5ZDAtZGVlNS00MzY1LTllOWUtZTM0MTk0MTRmM2MwYjg1MGIxNjItMjg5Ny00ZDNhLTk5YzgtMTg1YjAzOWRlZDM5&ui_locales=en-US&mkt=en-US&client-request-id=106ee258-69e3-49e3-8164-0efe825641d9&state=59iXsgFSPFqC-6vNR16c5jknV-Oe3CJbkTQ_ZhddvYEOnnmbtJonkqV0yRQScw_SsPip8Jdws1gW4JIz86V5eWK1Vb6FpKjxFlcieSDYw3QcmDhArJODc91jkq0YrgTLcKpWBAQeJv1GfrfYZ7mTK5PHr84bi6yFnQHTqAAle9bYqCKY4-XFxUNSBTwSDIvjkfo_2DGpAUEBX-UgBPuDwtwo9hZCr13SgSQKoikHH_GZzFQQFtnRLeYNmzEaPd1z-Y-A6hCQbcswnMdU1UMQeQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ooc-g2.tm-4.office.com
|
52.96.37.210
|
||
|
part-0013.t-0009.t-msedge.net
|
13.107.246.41
|
||
|
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
|
part-0008.t-0009.t-msedge.net
|
13.107.213.36
|
||
|
part-0041.t-0009.t-msedge.net
|
13.107.246.69
|
||
|
sni1gl.wpc.alphacdn.net
|
152.195.19.97
|
||
|
www.google.com
|
74.125.138.99
|
||
|
cs1227.wpc.alphacdn.net
|
192.229.211.199
|
||
|
part-0012.t-0009.t-msedge.net
|
13.107.213.40
|
||
|
st1.edge.sfdc-yfeipo.edge2.salesforce.com
|
34.226.36.51
|
||
|
sni1gl.wpc.sigmacdn.net
|
152.195.19.97
|
||
|
js.monitor.azure.com
|
unknown
|
||
|
www.office.com
|
unknown
|
||
|
pensionforyou-nl.my.salesforce.com
|
unknown
|
||
|
outlook.office.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
substrate.office.com
|
unknown
|
||
|
logincdn.msftauth.net
|
unknown
|
||
|
aadcdn.msftauthimages.net
|
unknown
|
||
|
mem.gfx.ms
|
unknown
|
||
|
passwordreset.microsoftonline.com
|
unknown
|
||
|
identity.nel.measure.office.net
|
unknown
|
||
|
login.microsoftonline.com
|
unknown
|
||
|
portal.office.com
|
unknown
|
||
|
acctcdn.msftauth.net
|
unknown
|
There are 15 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
40.126.29.8
|
unknown
|
United States
|
||
|
13.107.6.156
|
unknown
|
United States
|
||
|
13.107.246.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
|
74.125.136.84
|
unknown
|
United States
|
||
|
23.49.5.143
|
unknown
|
United States
|
||
|
23.192.229.198
|
unknown
|
United States
|
||
|
13.107.246.69
|
part-0041.t-0009.t-msedge.net
|
United States
|
||
|
23.49.5.145
|
unknown
|
United States
|
||
|
40.126.29.7
|
unknown
|
United States
|
||
|
152.195.19.97
|
sni1gl.wpc.alphacdn.net
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
184.25.165.167
|
unknown
|
United States
|
||
|
104.208.16.91
|
unknown
|
United States
|
||
|
13.107.213.41
|
unknown
|
United States
|
||
|
13.107.213.40
|
part-0012.t-0009.t-msedge.net
|
United States
|
||
|
40.126.29.14
|
unknown
|
United States
|
||
|
34.226.36.51
|
st1.edge.sfdc-yfeipo.edge2.salesforce.com
|
United States
|
||
|
142.250.9.94
|
unknown
|
United States
|
||
|
40.126.28.22
|
unknown
|
United States
|
||
|
40.126.28.20
|
unknown
|
United States
|
||
|
172.217.215.95
|
unknown
|
United States
|
||
|
74.125.138.99
|
www.google.com
|
United States
|
||
|
74.125.138.102
|
unknown
|
United States
|
||
|
172.217.215.113
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
13.107.246.36
|
unknown
|
United States
|
||
|
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
|
13.107.213.36
|
part-0008.t-0009.t-msedge.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
51.105.71.136
|
unknown
|
United Kingdom
|
||
|
40.126.28.13
|
unknown
|
United States
|
||
|
108.177.122.94
|
unknown
|
United States
|
There are 22 hidden IPs, click here to show them.