IOC Report
http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:47:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:47:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:47:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:47:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 06:47:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 75
ASCII text, with CRLF, CR line terminators
downloaded
Chrome Cache Entry: 76
PNG image data, 720 x 100, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 77
ASCII text, with very long lines (58940)
downloaded
Chrome Cache Entry: 78
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 79
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 80
Web Open Font Format (Version 2), TrueType, length 29752, version 1.0
downloaded
Chrome Cache Entry: 81
Unicode text, UTF-8 text, with very long lines (560)
downloaded
Chrome Cache Entry: 82
GIF image data, version 89a, 682 x 597
dropped
Chrome Cache Entry: 83
PNG image data, 470 x 459, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 84
Web Open Font Format (Version 2), CFF, length 29924, version 1.0
downloaded
Chrome Cache Entry: 85
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x800, components 3
downloaded
Chrome Cache Entry: 86
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 87
Web Open Font Format (Version 2), TrueType, length 34852, version 1.0
downloaded
Chrome Cache Entry: 88
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x800, components 3
dropped
Chrome Cache Entry: 89
PNG image data, 720 x 100, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 90
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 6016x4000, components 3
dropped
Chrome Cache Entry: 91
Web Open Font Format (Version 2), CFF, length 29980, version 1.0
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (18706)
downloaded
Chrome Cache Entry: 93
HTML document, ASCII text
downloaded
Chrome Cache Entry: 94
ASCII text
downloaded
Chrome Cache Entry: 95
PNG image data, 470 x 459, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 96
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 6016x4000, components 3
downloaded
Chrome Cache Entry: 97
GIF image data, version 89a, 682 x 597
downloaded
There are 20 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,15382244221078954285,35461981223648432,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2
malicious
http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2
46.105.88.234
 malicious
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/
malicious
https://cdn.jsdelivr.net/npm/
unknown
https://cdn.jsdelivr.net/npm/bootstrap
unknown
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/bootstrap_theme/bootstrap.css
81.0.249.226
https://github.com/twbs/bootstrap/blob/main/LICENSE)
unknown
https://use.typekit.net/af/eaf09c/000000000000000000017703/27/d?subset_id=2&fvd=n7&v=3)
unknown
https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?subset_id=2&fvd=n7&v=3)
unknown
https://use.typekit.net/af/40207f/0000000000000000000176ff/27/d?subset_id=2&fvd=n3&v=3)
unknown
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/main.css
81.0.249.226
https://getbootstrap.com/)
unknown
https://images.unsplash.com/photo-1682685797140-c17807f8f217?ixid=M3wyMDkyMnwxfDF8c2VhcmNofDF8fHdhbG
unknown
https://images.unsplash.com/photo-1682685797140-c17807f8f217?ixid=M3wyMDkyMnwxfDF8c2VhcmNofDF8fHdhbGxwYXBlcnxlbnwwfHx8fDE2ODYzMTQzNDZ8MA&ixlib=rb-4.0.3q=85&fm=jpg&crop=faces&cs=srgb&w=1200&fit=max
151.101.130.208
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/invc-signature-approval.gif
81.0.249.226
https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?subset_id=2&fvd=n3&v=3)
unknown
https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?subset_id=2&fvd=n4&v=3)
unknown
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/bravo.jpg
81.0.249.226
https://use.typekit.net/af/cb695f/000000000000000000017701/27/d?subset_id=2&fvd=n4&v=3)
unknown
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js
151.101.193.229
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/favicon.ico
81.0.249.226
https://cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js
151.101.193.229
https://use.typekit.net/af/cb695f/000000000000000000017701/27/a?subset_id=2&fvd=n4&v=3)
unknown
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/oe-classic-provider.png
81.0.249.226
https://use.typekit.net/af/40207f/0000000000000000000176ff/27/a?subset_id=2&fvd=n3&v=3)
unknown
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/dd.png
81.0.249.226
https://use.typekit.net/af/eaf09c/000000000000000000017703/27/a?subset_id=2&fvd=n7&v=3)
unknown
There are 17 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
jsdelivr.map.fastly.net
151.101.193.229
api.elasticemail.com
46.105.88.234
abcorp-middleeast.com
81.0.249.226
www.google.com
64.233.176.104
dualstack.com.imgix.map.fastly.net
151.101.130.208
use.typekit.net
unknown
tracking.elastic.iscarcup.com
unknown
cdn.jsdelivr.net
unknown
images.unsplash.com
unknown

IPs

IP
Domain
Country
Malicious
81.0.249.226
abcorp-middleeast.com
Czech Republic
46.105.88.234
api.elasticemail.com
France
151.101.193.229
jsdelivr.map.fastly.net
United States
192.168.2.16
unknown
unknown
151.101.130.208
dualstack.com.imgix.map.fastly.net
United States
239.255.255.250
unknown
Reserved
151.101.194.208
unknown
United States
64.233.176.104
www.google.com
United States

DOM / HTML

URL
Malicious
https://abcorp-middleeast.com/Via%20Adobe%20Sign/main-share-point/