Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
securedoc_20240327T095809.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (474), with CRLF, LF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 14:11:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 14:11:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 14:11:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 14:11:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 14:11:12 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 67
|
assembler source, ASCII text, with very long lines (532)
|
downloaded
|
||
Chrome Cache Entry: 68
|
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter
LightRegular3.019;
|
downloaded
|
||
Chrome Cache Entry: 69
|
GIF image data, version 89a, 1280 x 808
|
downloaded
|
||
Chrome Cache Entry: 70
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1440x960, components 3
|
downloaded
|
||
Chrome Cache Entry: 71
|
GIF image data, version 89a, 1280 x 808
|
dropped
|
||
Chrome Cache Entry: 72
|
TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
|
downloaded
|
||
Chrome Cache Entry: 73
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1920x1280, components 3
|
dropped
|
||
Chrome Cache Entry: 74
|
Unicode text, UTF-8 text, with very long lines (64131)
|
downloaded
|
||
Chrome Cache Entry: 75
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1920x1280, components 3
|
downloaded
|
||
Chrome Cache Entry: 76
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1440x960, components 3
|
dropped
|
||
Chrome Cache Entry: 77
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 78
|
ASCII text, with very long lines (14965)
|
downloaded
|
||
Chrome Cache Entry: 79
|
TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
|
downloaded
|
||
Chrome Cache Entry: 80
|
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter
SemiBoldRegular3.0
|
downloaded
|
||
Chrome Cache Entry: 81
|
ASCII text, with very long lines (65451)
|
downloaded
|
There are 12 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20240327T095809.html
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2016,i,12304014152104362397,15301322850232453726,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Desktop/securedoc_20240327T095809.html
|
|||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5F
|
unknown
|
||
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
|
unknown
|
||
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgn
|
unknown
|
||
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf
|
108.138.85.60
|
||
https://url.uk.m.mimecastprotect.com/s/aKDOC2kvNhVBokMh95_gc?domain=res.cisco.com
|
unknown
|
||
https://url.uk.m.mimecastprotect.com/s/iBBRCZ6VnS7knMJHKXwvL?domain=res.cisco.com
|
unknown
|
||
https://res.cisco.com/websafe/images/loginbg.gif
|
184.94.241.74
|
||
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
|
104.17.25.14
|
||
https://url.uk.m.mimecastprotect.com/s/c5z9C5y94uMXY0BCli2pa?domain=res.cisco.com
|
unknown
|
||
https://github.com/select2/select2/blob/master/LICENSE.md
|
unknown
|
||
https://res.cisco.com:443/websafe/help?topic=RegEnvelope
|
unknown
|
||
https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
|
unknown
|
||
https://url.uk.m.mimecastprotect.com/s/9_gNC1wrNT6PwpVtXssXg?domain=res.cisco.com
|
unknown
|
||
https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com
|
unknown
|
||
https://res.cisco.com/websafe/custom.action?cmd=authFrame
|
unknown
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en
|
184.94.241.74
|
||
https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
|
unknown
|
||
https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf
|
108.138.85.60
|
||
https://url.uk.m.mimecastprotect.com/s/Dp--C4xR3HzDAJXsjPJbG?domain=res.cisco.com
|
unknown
|
||
https://res.cisco.com/keyserver/keyserver
|
184.94.241.74
|
||
http://scripts.sil.org/OFLWeightSlant
|
unknown
|
||
https://res.cisco.com:443/websafe/help?topic=PPNotShown
|
unknown
|
||
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1
|
184.94.241.74
|
||
http://scripts.sil.org/OFLWeightSlantRegular
|
unknown
|
||
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf
|
108.138.85.60
|
||
https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
|
unknown
|
||
https://res.cisco.com:443/websafe/pswdForgot.action
|
unknown
|
||
http://scripts.sil.org/OFLInterLightWeightSlant
|
unknown
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en
|
184.94.241.74
|
||
https://res.cisco.com:443
|
unknown
|
||
https://res.cisco.com:443/keyserver/keyserver
|
unknown
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en&try=1
|
184.94.241.74
|
||
https://static.cres-aws.com/postx.css
|
108.138.85.60
|
||
https://url.uk.m.mimecastprotect.com/s/QyNqC73L0cz8jmDskFKI_?domain=res.cisco.com?su=&df=&tf=&lp=en&v=2&m=%7c1__012393150000018e806b24aa956f8f48f98e19c2%40ovarp0688.corpmailsvcs.com&s=1&f=0&d=1711725073246&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36
|
195.130.217.180
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en
|
184.94.241.74
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=ok&lp=en
|
184.94.241.74
|
||
https://static.cres-aws.com/CRES_login_bg.jpg
|
108.138.85.60
|
||
https://github.com/rsms/inter)Inter
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
|
104.17.25.14
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en
|
184.94.241.74
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?lp=en
|
184.94.241.74
|
||
https://url.uk.m.mimecastprotect.com/s/vjFtC312XtXyYmnhvrGnN?domain=res.cisco.com
|
unknown
|
||
http://scripts.sil.org/OFLInterSemiBoldWeightSlant
|
unknown
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/qqjZBFuv.ItibTT6WGs4TKRTMy5HM1s9Og5FScWoIX8HSOlD-T5Z5mfGe6y5Crm60-L9VYKHBc1CQifQaF0UuKtCP6TgMRwuuw!!/?button=google&lp=en&try=1
|
184.94.241.74
|
||
https://static.cres-aws.com/fonts/Inter/Inter-Bold.ttf
|
108.138.85.60
|
There are 36 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
res.cisco.com
|
184.94.241.74
|
||
url.uk.m.mimecastprotect.com
|
195.130.217.180
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
www.google.com
|
172.253.122.106
|
||
d2qj7djftjbj85.cloudfront.net
|
108.138.85.60
|
||
static.cres-aws.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.253.122.106
|
www.google.com
|
United States
|
||
195.130.217.180
|
url.uk.m.mimecastprotect.com
|
United Kingdom
|
||
108.138.85.60
|
d2qj7djftjbj85.cloudfront.net
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
184.94.241.74
|
res.cisco.com
|
United States
|
||
108.138.85.84
|
unknown
|
United States
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
file:///C:/Users/user/Desktop/securedoc_20240327T095809.html
|