IOC Report
https://sdcoes.net/LandingPage/Index/122/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 22:07:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 22:07:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 22:07:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 22:07:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 22:07:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 77
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 78
ASCII text
downloaded
Chrome Cache Entry: 79
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 80
ASCII text
downloaded
Chrome Cache Entry: 81
ASCII text, with very long lines (65409)
downloaded
Chrome Cache Entry: 82
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 83
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 84
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 85
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (65409)
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (65324)
downloaded
Chrome Cache Entry: 88
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 89
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 90
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 91
ASCII text, with very long lines (65324)
downloaded
Chrome Cache Entry: 92
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
There are 13 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2388,i,9007202457783063192,15406334194828325388,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sdcoes.net/LandingPage/Index/122/"

URLs

Name
IP
Malicious
https://sdcoes.net/LandingPage/Index/122/
malicious
https://sdcoes.net/LandingPage/Index/122/
malicious
https://bugs.webkit.org/show_bug.cgi?id=136851
unknown
http://jquery.org/license
unknown
https://js.monitor.azure.com/scripts/b/ai.2.min.js
13.107.213.41
https://jsperf.com/thor-indexof-vs-for/5
unknown
https://bugs.jquery.com/ticket/12359
unknown
https://stream1.sdcoe.net/wc/Cybersecurity_YouAreTheTarget110217/embedcode.php
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
unknown
https://html.spec.whatwg.org/#strip-and-collapse-whitespace
unknown
https://promisesaplus.com/#point-75
unknown
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
unknown
https://drafts.csswg.org/cssom/#common-serializing-idioms
unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
unknown
https://bugs.webkit.org/show_bug.cgi?id=29084
unknown
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
unknown
https://github.com/eslint/eslint/issues/6125
unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
unknown
https://github.com/jquery/jquery/pull/557)
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=378607
unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=470258
unknown
https://bugs.jquery.com/ticket/13378
unknown
https://promisesaplus.com/#point-64
unknown
https://redherring.sdcoe.net/LandingPage/Index/122?&chainId=122
https://promisesaplus.com/#point-61
unknown
https://drafts.csswg.org/cssom/#resolved-values
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=589347
unknown
https://cdn.sdcoe.net/jquery/production/jquery.js
198.133.204.61
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
unknown
https://promisesaplus.com/#point-59
unknown
https://jsperf.com/getall-vs-sizzle/2
unknown
https://promisesaplus.com/#point-57
unknown
https://github.com/eslint/eslint/issues/3229
unknown
https://getbootstrap.com/)
unknown
https://promisesaplus.com/#point-54
unknown
https://html.spec.whatwg.org/multipage/forms.html#category-listed
unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
unknown
https://developer.mozilla.org/en-US/docs/CSS/display
unknown
https://jquery.org/license
unknown
https://redherring.sdcoe.net/LandingPage/Index/116?&chainId=122
https://redherring.sdcoe.net/Home/ErrorNoBranch
https://jquery.com/
unknown
https://bugs.webkit.org/show_bug.cgi?id=137337
unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
unknown
https://cdn.sdcoe.net/bootstrap/v4.3.1/css/bootstrap.min.css
198.133.204.61
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://promisesaplus.com/#point-48
unknown
https://redherring.sdcoe.net/LandingPage/Index/116?%7btoken%7d
https://r20.rs6.net/on.jsp?ca=1bbb7926-3613-48ca-820f-a70720acf1f8&a=1113037638210&c=3de22dd0-d645-11e7-91f4-d4ae5292c2ac&ch=3de64c80-d645-11e7-91f4-d4ae5292c2ac
208.75.122.11
https://github.com/jquery/sizzle/pull/225
unknown
https://redherring.sdcoe.net/LandingPage/Index/116?&chainId=116
https://sizzlejs.com/
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=449857
unknown
There are 44 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
part-0013.t-0009.t-msedge.net
13.107.246.41
cdn.sdcoe.net
198.133.204.61
rs6.net
208.75.122.11
www.google.com
64.233.177.106
fp2e7a.wpc.phicdn.net
192.229.211.108
sdcoes.net
20.118.138.128
windowsupdatebg.s.llnwi.net
69.164.42.0
js.monitor.azure.com
unknown
stream1.sdcoe.net
unknown
westus3-1.in.applicationinsights.azure.com
unknown
r20.rs6.net
unknown
redherring.sdcoe.net
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
198.133.204.61
cdn.sdcoe.net
United States
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
192.168.2.5
unknown
unknown
64.233.177.106
www.google.com
United States
239.255.255.250
unknown
Reserved
13.107.213.41
unknown
United States
208.75.122.11
rs6.net
United States

DOM / HTML

URL
Malicious
https://sdcoes.net/LandingPage/Index/122/
 malicious
https://redherring.sdcoe.net/LandingPage/Index/122?&chainId=122
 malicious
https://redherring.sdcoe.net/LandingPage/Index/116?&chainId=122
https://redherring.sdcoe.net/LandingPage/Index/116?&chainId=122
https://stream1.sdcoe.net/wc/Cybersecurity_YouAreTheTarget110217/embedcode.php
https://redherring.sdcoe.net/LandingPage/Index/116?%7btoken%7d
https://redherring.sdcoe.net/LandingPage/Index/116?%7btoken%7d
https://redherring.sdcoe.net/Home/ErrorNoBranch
https://redherring.sdcoe.net/LandingPage/Index/116?&chainId=116
https://redherring.sdcoe.net/LandingPage/Index/116?&chainId=116