Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:44 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 100
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 611582
|
downloaded
|
||
Chrome Cache Entry: 102
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
Chrome Cache Entry: 103
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071
|
downloaded
|
||
Chrome Cache Entry: 104
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
|
dropped
|
||
Chrome Cache Entry: 107
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084
|
downloaded
|
||
Chrome Cache Entry: 109
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657
|
downloaded
|
||
Chrome Cache Entry: 110
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 78
|
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 80
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 82
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
|
dropped
|
||
Chrome Cache Entry: 83
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4730
|
downloaded
|
||
Chrome Cache Entry: 84
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
|
downloaded
|
||
Chrome Cache Entry: 86
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90690
|
downloaded
|
||
Chrome Cache Entry: 87
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227
|
downloaded
|
||
Chrome Cache Entry: 88
|
ASCII text, with very long lines (45544)
|
downloaded
|
||
Chrome Cache Entry: 89
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
|
dropped
|
||
Chrome Cache Entry: 91
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 92
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
|
downloaded
|
||
Chrome Cache Entry: 94
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
Chrome Cache Entry: 96
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759
|
downloaded
|
||
Chrome Cache Entry: 99
|
JSON data
|
dropped
|
There are 18 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://us-west-2.protection.sophos.com/?d=cudasvc.com&u=aHR0cHM6Ly9saW5rcHJvdGVjdC5jdWRhc3ZjLmNvbS91cmw_YT1odHRwcyUzYSUyZiUyZmd1bm5hdXRvLW15LnNoYXJlcG9pbnQuY29tJTJmJTNhYiUzYSUyZnIlMmZwZXJzb25hbCUyZmFlcm9kcmlndWV6X2d1bm5hdXRvX2NvbSUyZkRvY3VtZW50cyUyZkF0dGFjaG1lbnRzJTJmSDI0MTQyMy5wZGYlM2Zjc2YlM2QxJTI2d2ViJTNkMSZjPUUsMSxmT1pZNThPOTZjZjNwWkY1eWU3QnhGZWM2eFRWNWtyRDdneUVGdFJaNENCSjVOQkItZ0RyMUlHdlQ1Mi01Vm95d2o4Y2h5WDJXNlFFTWhsU0o2SHJUc3pqNWVoeF9aVUhzNVNZRm8xZjJfSTdwTUNIeDdiRSZ0eXBvPTE=&p=m&i=NjVjNTQ0OGE0ZWZhMmU3ZjY4MzI4ZTU2&t=RytpUnowc0wwYVZ5TS9IN2pYN0J3ektSZ3pLWEh1Y1FlaUxrM2hUL1kzST0=&h=e542e25ebbc74310ab02d99468d3cd3c&s=AVNPUEhUT0NFTkNSWVBUSVaAbgs17mmhlH_9EhbEh07dSxVIMNlJSUD1cUzHaTNepQ
|
|||
https://login.microsoftonline.com/ebf86bb9-f642-4b12-a97c-cb5f0f37b474/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=553FF26F865DF2CC5C05D1D0B7DEBF5F08F869B494E743BB%2DCA5681257FA6F5F22CD72207F4D214C3A626034E2BB088A4BE8BD8DEE9FA3180&redirect%5Furi=https%3A%2F%2Fgunnauto%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=2ea020a1%2Dc0f4%2D5000%2D5ae8%2D1110347a7180&sso_reload=true
|
|||
https://login.microsoftonline.com/ebf86bb9-f642-4b12-a97c-cb5f0f37b474/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=553FF26F865DF2CC5C05D1D0B7DEBF5F08F869B494E743BB%2DCA5681257FA6F5F22CD72207F4D214C3A626034E2BB088A4BE8BD8DEE9FA3180&redirect%5Furi=https%3A%2F%2Fgunnauto%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=2ea020a1%2Dc0f4%2D5000%2D5ae8%2D1110347a7180
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
dual-spo-0005.spo-msedge.net
|
13.107.136.10
|
||
part-0013.t-0009.t-msedge.net
|
13.107.246.41
|
||
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
d2t07dpvw9bt1v.cloudfront.net
|
18.244.202.15
|
||
www.google.com
|
172.253.124.103
|
||
cs1227.wpc.alphacdn.net
|
192.229.211.199
|
||
linkprotect.cudasvc.com
|
44.208.218.64
|
||
us-west-2.protection.sophos.com
|
unknown
|
||
identity.nel.measure.office.net
|
unknown
|
||
aadcdn.msftauth.net
|
unknown
|
||
logincdn.msftauth.net
|
unknown
|
||
gunnauto-my.sharepoint.com
|
unknown
|
||
login.microsoftonline.com
|
unknown
|
||
account.live.com
|
unknown
|
There are 4 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
23.45.13.51
|
unknown
|
United States
|
||
13.107.246.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
13.107.136.10
|
dual-spo-0005.spo-msedge.net
|
United States
|
||
142.250.105.84
|
unknown
|
United States
|
||
64.233.176.95
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
20.42.65.88
|
unknown
|
United States
|
||
172.253.124.103
|
www.google.com
|
United States
|
||
13.107.42.22
|
unknown
|
United States
|
||
64.233.177.139
|
unknown
|
United States
|
||
40.126.29.12
|
unknown
|
United States
|
||
13.107.213.41
|
unknown
|
United States
|
||
23.45.13.16
|
unknown
|
United States
|
||
40.126.28.23
|
unknown
|
United States
|
||
64.233.177.94
|
unknown
|
United States
|
||
44.208.218.64
|
linkprotect.cudasvc.com
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
74.125.136.95
|
unknown
|
United States
|
||
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
142.250.105.100
|
unknown
|
United States
|
||
192.229.211.199
|
cs1227.wpc.alphacdn.net
|
United States
|
||
18.244.202.15
|
d2t07dpvw9bt1v.cloudfront.net
|
United States
|
||
20.190.157.11
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
64.233.185.94
|
unknown
|
United States
|
||
20.50.201.204
|
unknown
|
United States
|
There are 16 hidden IPs, click here to show them.