IOC Report
https://us-west-2.protection.sophos.com/?d=cudasvc.com&u=aHR0cHM6Ly9saW5rcHJvdGVjdC5jdWRhc3ZjLmNvbS91cmw_YT1odHRwcyUzYSUyZiUyZmd1bm5hdXRvLW15LnNoYXJlcG9pbnQuY29tJTJmJTNhYiUzYSUyZnIlMmZwZXJzb25hbCUyZmFlcm9kcmlndWV6X2d1bm5hdXRvX2NvbSUyZkRvY3VtZW50cyUyZkF0dGFjaG1lbnRzJTJmSDI0MTQyMy5wZGYlM2Zjc2YlM2QxJTI

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 18:29:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 611582
downloaded
Chrome Cache Entry: 102
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 103
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071
downloaded
Chrome Cache Entry: 104
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 107
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084
downloaded
Chrome Cache Entry: 109
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657
downloaded
Chrome Cache Entry: 110
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 78
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
downloaded
Chrome Cache Entry: 80
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 82
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 83
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4730
downloaded
Chrome Cache Entry: 84
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
downloaded
Chrome Cache Entry: 86
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90690
downloaded
Chrome Cache Entry: 87
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227
downloaded
Chrome Cache Entry: 88
ASCII text, with very long lines (45544)
downloaded
Chrome Cache Entry: 89
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
dropped
Chrome Cache Entry: 91
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 92
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
downloaded
Chrome Cache Entry: 94
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 96
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759
downloaded
Chrome Cache Entry: 99
JSON data
dropped
There are 18 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://us-west-2.protection.sophos.com/?d=cudasvc.com&u=aHR0cHM6Ly9saW5rcHJvdGVjdC5jdWRhc3ZjLmNvbS91cmw_YT1odHRwcyUzYSUyZiUyZmd1bm5hdXRvLW15LnNoYXJlcG9pbnQuY29tJTJmJTNhYiUzYSUyZnIlMmZwZXJzb25hbCUyZmFlcm9kcmlndWV6X2d1bm5hdXRvX2NvbSUyZkRvY3VtZW50cyUyZkF0dGFjaG1lbnRzJTJmSDI0MTQyMy5wZGYlM2Zjc2YlM2QxJTI2d2ViJTNkMSZjPUUsMSxmT1pZNThPOTZjZjNwWkY1eWU3QnhGZWM2eFRWNWtyRDdneUVGdFJaNENCSjVOQkItZ0RyMUlHdlQ1Mi01Vm95d2o4Y2h5WDJXNlFFTWhsU0o2SHJUc3pqNWVoeF9aVUhzNVNZRm8xZjJfSTdwTUNIeDdiRSZ0eXBvPTE=&p=m&i=NjVjNTQ0OGE0ZWZhMmU3ZjY4MzI4ZTU2&t=RytpUnowc0wwYVZ5TS9IN2pYN0J3ektSZ3pLWEh1Y1FlaUxrM2hUL1kzST0=&h=e542e25ebbc74310ab02d99468d3cd3c&s=AVNPUEhUT0NFTkNSWVBUSVaAbgs17mmhlH_9EhbEh07dSxVIMNlJSUD1cUzHaTNepQ
https://login.microsoftonline.com/ebf86bb9-f642-4b12-a97c-cb5f0f37b474/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=553FF26F865DF2CC5C05D1D0B7DEBF5F08F869B494E743BB%2DCA5681257FA6F5F22CD72207F4D214C3A626034E2BB088A4BE8BD8DEE9FA3180&redirect%5Furi=https%3A%2F%2Fgunnauto%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=2ea020a1%2Dc0f4%2D5000%2D5ae8%2D1110347a7180&sso_reload=true
https://login.microsoftonline.com/ebf86bb9-f642-4b12-a97c-cb5f0f37b474/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=553FF26F865DF2CC5C05D1D0B7DEBF5F08F869B494E743BB%2DCA5681257FA6F5F22CD72207F4D214C3A626034E2BB088A4BE8BD8DEE9FA3180&redirect%5Furi=https%3A%2F%2Fgunnauto%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=2ea020a1%2Dc0f4%2D5000%2D5ae8%2D1110347a7180

Domains

Name
IP
Malicious
dual-spo-0005.spo-msedge.net
13.107.136.10
part-0013.t-0009.t-msedge.net
13.107.246.41
cs1100.wpc.omegacdn.net
152.199.4.44
d2t07dpvw9bt1v.cloudfront.net
18.244.202.15
www.google.com
172.253.124.103
cs1227.wpc.alphacdn.net
192.229.211.199
linkprotect.cudasvc.com
44.208.218.64
us-west-2.protection.sophos.com
unknown
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
logincdn.msftauth.net
unknown
gunnauto-my.sharepoint.com
unknown
login.microsoftonline.com
unknown
account.live.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
23.45.13.51
unknown
United States
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
13.107.136.10
dual-spo-0005.spo-msedge.net
United States
142.250.105.84
unknown
United States
64.233.176.95
unknown
United States
192.168.2.16
unknown
unknown
20.42.65.88
unknown
United States
172.253.124.103
www.google.com
United States
13.107.42.22
unknown
United States
64.233.177.139
unknown
United States
40.126.29.12
unknown
United States
13.107.213.41
unknown
United States
23.45.13.16
unknown
United States
40.126.28.23
unknown
United States
64.233.177.94
unknown
United States
44.208.218.64
linkprotect.cudasvc.com
United States
1.1.1.1
unknown
Australia
74.125.136.95
unknown
United States
152.199.4.44
cs1100.wpc.omegacdn.net
United States
142.250.105.100
unknown
United States
192.229.211.199
cs1227.wpc.alphacdn.net
United States
18.244.202.15
d2t07dpvw9bt1v.cloudfront.net
United States
20.190.157.11
unknown
United States
239.255.255.250
unknown
Reserved
64.233.185.94
unknown
United States
20.50.201.204
unknown
United States
There are 16 hidden IPs, click here to show them.