Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Chrome Cache Entry: 100
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071
|
downloaded
|
||
Chrome Cache Entry: 101
|
PNG image data, 62 x 62, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 102
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
Chrome Cache Entry: 103
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
Chrome Cache Entry: 104
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084
|
downloaded
|
||
Chrome Cache Entry: 105
|
data
|
downloaded
|
||
Chrome Cache Entry: 106
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657
|
downloaded
|
||
Chrome Cache Entry: 69
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
|
downloaded
|
||
Chrome Cache Entry: 70
|
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 71
|
ASCII text, with very long lines (649)
|
downloaded
|
||
Chrome Cache Entry: 72
|
ASCII text, with very long lines (45563)
|
downloaded
|
||
Chrome Cache Entry: 73
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15708
|
downloaded
|
||
Chrome Cache Entry: 74
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
Chrome Cache Entry: 75
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
|
downloaded
|
||
Chrome Cache Entry: 76
|
ASCII text, with very long lines (27214), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 77
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 78
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227
|
downloaded
|
||
Chrome Cache Entry: 79
|
PNG image data, 280 x 60, 8-bit/color RGBA, interlaced
|
downloaded
|
||
Chrome Cache Entry: 80
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 81
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 82
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 83
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
|
dropped
|
||
Chrome Cache Entry: 84
|
PNG image data, 280 x 60, 8-bit/color RGBA, interlaced
|
dropped
|
||
Chrome Cache Entry: 85
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
Chrome Cache Entry: 86
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 87
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 88
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759
|
downloaded
|
||
Chrome Cache Entry: 89
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
Chrome Cache Entry: 90
|
ASCII text, with very long lines (32031)
|
downloaded
|
||
Chrome Cache Entry: 91
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 92
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components
3
|
dropped
|
||
Chrome Cache Entry: 93
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components
3
|
downloaded
|
||
Chrome Cache Entry: 94
|
Web Open Font Format (Version 2), TrueType, length 34052, version 0.0
|
downloaded
|
||
Chrome Cache Entry: 95
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 96
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
Chrome Cache Entry: 97
|
ASCII text, with very long lines (1482)
|
downloaded
|
||
Chrome Cache Entry: 98
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 99
|
PNG image data, 62 x 62, 8-bit/color RGBA, non-interlaced
|
downloaded
|
There are 29 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2012,i,13689327843227247037,18124641368038824989,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
|
|||
https://aadcdn.msauthimages.net/dbd5a2dd-avjm7q6yockj6clgtqda-xdwc1ruzzsfyrzf0zk25ek/logintenantbranding/0/illustration?ts=636565365803385104
|
152.195.19.97
|
||
https://github.com/handlebars-lang/allow-prototype-access
|
unknown
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/warning.png
|
13.107.246.41
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6
|
13.107.246.41
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/lodash-core.min.js
|
13.107.246.41
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/translate.js
|
13.107.246.41
|
||
https://login.microsoftonline.com
|
unknown
|
||
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy
|
unknown
|
||
https://mcasproxy.cdn.mcas.ms/i18n/0.274.5/proxyweb/en_us.json
|
13.107.246.41
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/handlebars.min.js
|
13.107.246.41
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js
|
13.107.246.41
|
||
http://knockoutjs.com/
|
unknown
|
||
https://formatjs.io/handlebars/
|
unknown
|
||
https://aadcdn.msauthimages.net/dbd5a2dd-avjm7q6yockj6clgtqda-xdwc1ruzzsfyrzf0zk25ek/logintenantbranding/0/bannerlogo?ts=637617112422502334
|
152.195.19.97
|
||
https://github.com/douglascrockford/JSON-js
|
unknown
|
||
https://login.windows-ppe.net
|
unknown
|
||
https://github.com/angular-translate/angular-translate/blob/master/src/service/translate.js
|
unknown
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js
|
13.107.246.41
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/continue.png
|
13.107.246.41
|
||
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
|
152.199.4.44
|
||
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6
|
13.107.246.41
|
There are 12 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
mcas-proxyweb.mcas.ms
|
unknown
|
||
part-0013.t-0009.t-msedge.net
|
13.107.246.41
|
||
apc01.safelinks.protection.outlook.com
|
104.47.110.28
|
||
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
sni1gl.wpc.upsiloncdn.net
|
152.195.19.97
|
||
www.google.com
|
192.178.50.36
|
||
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
autologon.microsoftazuread-sso.com
|
40.126.28.14
|
||
account.activedirectory.windowsazure.com
|
unknown
|
||
aadcdn.msauthimages.net
|
unknown
|
||
c.s-microsoft.com
|
unknown
|
||
identity.nel.measure.office.net
|
unknown
|
||
aadcdn.msftauth.net
|
unknown
|
||
mcasproxy.cdn.mcas.ms
|
unknown
|
||
login.microsoftonline.com
|
unknown
|
There are 5 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.178.50.36
|
www.google.com
|
United States
|
||
104.47.110.28
|
apc01.safelinks.protection.outlook.com
|
United States
|
||
13.107.246.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
152.195.19.97
|
sni1gl.wpc.upsiloncdn.net
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
13.107.213.41
|
unknown
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
|
||
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
|
||
https://login.microsoftonline.com/258ac4e4-146a-411e-9dc8-79a9e12fd6da/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=L-dkjBZahopAZr0ySy1WWvGFT_GPGCmPjGwvjuX7M3Y&code_challenge_method=S256&response_mode=form_post&nonce=638496979481455478.YjU1ODBlM2QtOTg0ZS00MGM1LThiMDItOTIxNjBlOGM4ZmQxMTE3ODMzNDQtYTYyMy00OTVhLThhMTItZTU1YzAyNWM1YmQz&client_info=1&x-client-brkrver=IDWeb.2.17.1.0&client-request-id=8ac8d9fc-957a-44a1-89ce-df1ddb0b3f62&state=CfDJ8Jf7XhjzbihDvpJPccI4CQkLRdwmnKeCMRTL__Ae-6mIrzP9tY-ORjL_yY_8olE3xW9pjMHEji64ETVI2y4jdJ1SmOqWL0ZexoA33xE1Fq227vtBjQnyMame2ePfeW4f3YjCFnZ2nCrSVOF4HFLJUEmKaMxZysgo2QqCk-SiDBwtRvX-4RQ52WXqoEXn1iKpEZPXLhP2khPLMslkRaksElre0IBuegKQ6YEylTQ_9__1AHpHiEQSfJKklFBTb1ryznp5i3EyXTaTzKHgkM2jr_K8sHDjDgHgvu1nsIvDqKyZK7CQaKQJ4oznhZchWS5ygGEULUXyrZFt2Gpjzg_sT0g1W9hjydWIn2PLD_uM6fYLC2UxJLVeIGbO5LX0-F6FYt1-_r-WxFBBobjnPez2Q99Qcr
|
||
https://login.microsoftonline.com/258ac4e4-146a-411e-9dc8-79a9e12fd6da/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=L-dkjBZahopAZr0ySy1WWvGFT_GPGCmPjGwvjuX7M3Y&code_challenge_method=S256&response_mode=form_post&nonce=638496979481455478.YjU1ODBlM2QtOTg0ZS00MGM1LThiMDItOTIxNjBlOGM4ZmQxMTE3ODMzNDQtYTYyMy00OTVhLThhMTItZTU1YzAyNWM1YmQz&client_info=1&x-client-brkrver=IDWeb.2.17.1.0&client-request-id=8ac8d9fc-957a-44a1-89ce-df1ddb0b3f62&state=CfDJ8Jf7XhjzbihDvpJPccI4CQkLRdwmnKeCMRTL__Ae-6mIrzP9tY-ORjL_yY_8olE3xW9pjMHEji64ETVI2y4jdJ1SmOqWL0ZexoA33xE1Fq227vtBjQnyMame2ePfeW4f3YjCFnZ2nCrSVOF4HFLJUEmKaMxZysgo2QqCk-SiDBwtRvX-4RQ52WXqoEXn1iKpEZPXLhP2khPLMslkRaksElre0IBuegKQ6YEylTQ_9__1AHpHiEQSfJKklFBTb1ryznp5i3EyXTaTzKHgkM2jr_K8sHDjDgHgvu1nsIvDqKyZK7CQaKQJ4oznhZchWS5ygGEULUXyrZFt2Gpjzg_sT0g1W9hjydWIn2PLD_uM6fYLC2UxJLVeIGbO5LX0-F6FYt1-_r-WxFBBobjnPez2Q99Qcr
|
||
https://login.microsoftonline.com/258ac4e4-146a-411e-9dc8-79a9e12fd6da/oauth2/authorize?client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Flauncher.myapps.microsoft.com%2Fapi%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=L-dkjBZahopAZr0ySy1WWvGFT_GPGCmPjGwvjuX7M3Y&code_challenge_method=S256&response_mode=form_post&nonce=638496979481455478.YjU1ODBlM2QtOTg0ZS00MGM1LThiMDItOTIxNjBlOGM4ZmQxMTE3ODMzNDQtYTYyMy00OTVhLThhMTItZTU1YzAyNWM1YmQz&client_info=1&x-client-brkrver=IDWeb.2.17.1.0&client-request-id=8ac8d9fc-957a-44a1-89ce-df1ddb0b3f62&state=CfDJ8Jf7XhjzbihDvpJPccI4CQkLRdwmnKeCMRTL__Ae-6mIrzP9tY-ORjL_yY_8olE3xW9pjMHEji64ETVI2y4jdJ1SmOqWL0ZexoA33xE1Fq227vtBjQnyMame2ePfeW4f3YjCFnZ2nCrSVOF4HFLJUEmKaMxZysgo2QqCk-SiDBwtRvX-4RQ52WXqoEXn1iKpEZPXLhP2khPLMslkRaksElre0IBuegKQ6YEylTQ_9__1AHpHiEQSfJKklFBTb1ryznp5i3EyXTaTzKHgkM2jr_K8sHDjDgHgvu1nsIvDqKyZK7CQaKQJ4oznhZchWS5ygGEULUXyrZFt2Gpjzg_sT0g1W9hjydWIn2PLD_uM6fYLC2UxJLVeIGbO5LX0-F6FYt1-_r-WxFBBobjnPez2Q99Qcr
|