Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 100
|
ASCII text, with very long lines (15521), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 77
|
ASCII text, with very long lines (7975), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 78
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 79
|
Unicode text, UTF-8 text, with very long lines (32455)
|
downloaded
|
||
Chrome Cache Entry: 80
|
ASCII text, with very long lines (10160), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 81
|
PNG image data, 232 x 79, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 82
|
ASCII text, with very long lines (9622), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 83
|
TrueType Font data, 19 tables, 1st "FFTM", 19 names, Microsoft, language 0x409, Copyright (c) 2008 by M\207rio Feliciano.
All rights reserved.Flama MediumRegular3.000;FTF;2008;
|
downloaded
|
||
Chrome Cache Entry: 84
|
TrueType Font data, 19 tables, 1st "FFTM", 19 names, Microsoft, language 0x409, Copyright (c) 2008 by M\207rio Feliciano.
All rights reserved.Flama BookRegular3.000;FTF;2008;Fl
|
downloaded
|
||
Chrome Cache Entry: 85
|
PNG image data, 200 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 86
|
ASCII text, with very long lines (15718)
|
downloaded
|
||
Chrome Cache Entry: 87
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 88
|
TrueType Font data, 19 tables, 1st "FFTM", 19 names, Microsoft, language 0x409, Copyright (c) 2008 by M\207rio Feliciano.
All rights reserved.Flama LightRegular3.000;FTF;2008;F
|
downloaded
|
||
Chrome Cache Entry: 89
|
PNG image data, 232 x 79, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 90
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
Chrome Cache Entry: 91
|
PNG image data, 200 x 198, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 92
|
ASCII text, with very long lines (1021), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 93
|
Unicode text, UTF-8 text, with very long lines (32997), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 94
|
ASCII text, with very long lines (10255), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 95
|
Unicode text, UTF-8 text, with very long lines (47648), with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 96
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 97
|
ASCII text, with very long lines (53449)
|
downloaded
|
||
Chrome Cache Entry: 98
|
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 99
|
ASCII text, with very long lines (59060)
|
downloaded
|
There are 21 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1708,i,8188062310035751016,12932038185904332002,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.hr-benefits.site/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.hr-benefits.site/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0
|
|||
https://staysafe.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGpkbGJgbmgAARI0u2Q==
|
192.0.66.2
|
||
https://s0.wp.com/wp-content/mu-plugins/notes/admin-bar-v2.js?ver=13.1.3-202416-lite
|
192.0.77.32
|
||
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/fonts/flama-light-webfont.ttf
|
192.0.66.2
|
||
http://fontawesome.io
|
unknown
|
||
https://widgets.wp.com/3rd-party-cookie-check/complete.html
|
|||
https://s0.wp.com/i/noticons/noticons.css?ver=13.1.3-202416-lite
|
192.0.77.32
|
||
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/images/sophos-logo.png
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-content/plugins/sensei/assets/dist/blocks/single-course.css?m=1706617386g
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/images/secondary-logo.png
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/fonts/flama-medium-webfont.ttf
|
192.0.66.2
|
||
https://staysafe.sophos.com/_static/??/wp-includes/css/dashicons.min.css,/wp-includes/css/admin-bar.min.css?m=1712700713
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/scripts/bundle.min.js?m=1693396320g
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-content/uploads/2018/05/cropped-sophos.png?w=32
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-includes/js/wp-emoji-release.min.js?ver=6.3.4
|
192.0.66.2
|
||
https://widgets.wp.com/3rd-party-cookie-check/index.html
|
192.0.77.32
|
||
https://s0.wp.com/wp-content/mu-plugins/notes/notes-common-lite.min.js?ver=13.1.3-202416-lite
|
192.0.77.32
|
||
https://staysafe.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5oZG5gYG5oUkWAK87IhY=
|
192.0.66.2
|
||
https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690
|
192.0.66.2
|
||
https://s0.wp.com/wp-content/mu-plugins/notes/admin-bar-v2.css?ver=13.1.3-202416-lite
|
192.0.77.32
|
||
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/fonts/flama-book-webfont.ttf
|
192.0.66.2
|
||
https://staysafe.sophos.com/course/insider-threats_en-us/
|
|||
https://staysafe.sophos.com/_static/??-eJyNj9EKwjAMRX/Imk2EPYnfMttspLbpTFplf2+RCRN0+JSHew43Fx6TIbahOFTwCo40wx3ZJYEaTSnMA4VQGZS8j8R7rzvYkARHrGyfkxgpnCniP9qqaxN3KRrB3s1ryibOyBmmUEZiBUVWJOhVMS/eJSR7VbCpiKJJJYe6CAZ5me5bnb8VlHk5v376gEyksQ5/7z3HU9u1h65puvbon0qYhpk=
|
192.0.66.2
|
||
https://staysafe.sophos.com/wp-includes/css/dist/block-library/style.min.css?m=1712700713g
|
192.0.66.2
|
||
http://fontawesome.io/license
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
secure.gravatar.com
|
192.0.73.2
|
||
staysafe.sophos.com
|
192.0.66.2
|
||
lb.wordpress.com
|
192.0.78.12
|
||
www.google.com
|
142.251.15.104
|
||
widgets.wp.com
|
192.0.77.32
|
||
s0.wp.com
|
192.0.77.32
|
||
www.hr-benefits.site
|
176.34.132.70
|
||
www.sophos.com
|
unknown
|
||
v0.wordpress.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.0.66.2
|
staysafe.sophos.com
|
United States
|
||
192.168.2.9
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
192.0.77.32
|
widgets.wp.com
|
United States
|
||
176.34.132.70
|
www.hr-benefits.site
|
Ireland
|
||
142.251.15.104
|
www.google.com
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0
|
||
https://widgets.wp.com/3rd-party-cookie-check/complete.html
|
||
https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0#content
|
||
https://staysafe.sophos.com/course/insider-threats_en-us/
|