IOC Report
https://www.ne16.com/t/4177044/70602841/2927387/1/124665/?f8785874=aHR0cHM6Ly93b29kLWRlY2sub3JnL3BkZi85SWRac1p5aTJEeWh3ZUcvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWEM4YXAvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWTJOc1lYSmxRR0psYkd4d1lYSjBibVZ5YzJsdVl5NWpiMjA9

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:32:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:32:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:32:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:32:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:32:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
PNG image data, 247 x 60, 8-bit/color RGBA, interlaced
downloaded
Chrome Cache Entry: 102
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 103
HTML document, ASCII text, with very long lines (33188), with no line terminators
downloaded
Chrome Cache Entry: 104
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.3.10], baseline, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 106
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
dropped
Chrome Cache Entry: 107
PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 108
PNG image data, 58 x 49, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 109
PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 110
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 111
JSON data
dropped
Chrome Cache Entry: 112
PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 113
MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 114
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 115
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 116
ASCII text, with very long lines (39257), with CRLF line terminators
downloaded
Chrome Cache Entry: 120
PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 121
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 122
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 124
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 125
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 126
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 127
GIF image data, version 89a, 22 x 22
downloaded
Chrome Cache Entry: 129
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (42414)
downloaded
Chrome Cache Entry: 132
GIF image data, version 89a, 24 x 24
downloaded
Chrome Cache Entry: 134
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (61177)
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (65329), with CRLF line terminators
downloaded
Chrome Cache Entry: 88
HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators
dropped
Chrome Cache Entry: 89
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 90
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 110554
downloaded
Chrome Cache Entry: 91
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 95
HTML document, ISO-8859 text
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 99
HTML document, Unicode text, UTF-8 text, with very long lines (1237), with CRLF line terminators
downloaded
There are 32 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://www.ne16.com/t/4177044/70602841/2927387/1/124665/?f8785874=aHR0cHM6Ly93b29kLWRlY2sub3JnL3BkZi85SWRac1p5aTJEeWh3ZUcvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWEM4YXAvYTFmM2IxODIyN2RiNTc4NjIzOGE2ZTc0NTE3YWQ4MDEvWTJOc1lYSmxRR0psYkd4d1lYSjBibVZ5YzJsdVl5NWpiMjA9
malicious
https://wood-deck.org/pdf/9IdZsZyi2DyhweG/a1f3b18227db5786238a6e74517ad801/XC8ap/a1f3b18227db5786238a6e74517ad801/Y2NsYXJlQGJlbGxwYXJ0bmVyc2luYy5jb20=?dlv-emuid=[members_.memberidguid_]&dlv-mlid=4177044
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6g1kf/0x4AAAAAAAX1G-BH6O7iEZAj/auto/normal
https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeoesM0oZ-JoCnVyLvV_7L8OnVG8mkb7Ytp9uxtOn6P5Y_XoucrR59-fDs1d7R98of0&mkt=en-US&hosted=0&device_platform=Windows+10

Domains

Name
IP
Malicious
part-0013.t-0009.t-msedge.net
13.107.246.41
cs1100.wpc.omegacdn.net
152.199.4.44
cdnjs.cloudflare.com
104.17.25.14
xs523936.xsrv.jp
103.141.97.7
challenges.cloudflare.com
104.17.2.184
www.wood-deck.org
183.90.245.33
www.google.com
64.233.185.105
wood-deck.org
183.90.245.33
ne16.com
54.215.244.243
LYH-efz.ms-acdc.office.com
40.97.230.178
bc1qrzt5dxvhyyl76esq6lj86ty2.com
185.216.70.3
outlook.office.com
unknown
aadcdn.msftauth.net
unknown
ajax.aspnetcdn.com
unknown
aadcdn.msftauthimages.net
unknown
passwordreset.microsoftonline.com
unknown
www.ne16.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
74.125.136.84
unknown
United States
152.199.4.33
unknown
United States
192.168.2.16
unknown
unknown
103.141.97.7
xs523936.xsrv.jp
Japan
185.216.70.3
bc1qrzt5dxvhyyl76esq6lj86ty2.com
Germany
104.17.3.184
unknown
United States
40.97.230.178
LYH-efz.ms-acdc.office.com
United States
13.107.213.41
unknown
United States
142.250.9.94
unknown
United States
74.125.138.94
unknown
United States
1.1.1.1
unknown
Australia
74.125.136.95
unknown
United States
142.250.105.95
unknown
United States
152.199.4.44
cs1100.wpc.omegacdn.net
United States
142.250.105.101
unknown
United States
40.126.29.21
unknown
United States
239.255.255.250
unknown
Reserved
52.96.165.146
unknown
United States
20.190.157.16
unknown
United States
40.126.29.23
unknown
United States
142.250.9.100
unknown
United States
54.215.244.243
ne16.com
United States
104.17.2.184
challenges.cloudflare.com
United States
64.233.185.105
www.google.com
United States
183.90.245.33
www.wood-deck.org
Japan
104.17.25.14
cdnjs.cloudflare.com
United States
There are 17 hidden IPs, click here to show them.