IOC Report
https://app.auditi.de/responder

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:16:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:16:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:16:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:16:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:16:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
TrueType Font data, 16 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2015 Google Inc. All Rights Reserved.Roboto MonoRegularGoogle:Roboto Mono:2015Roboto M
downloaded
Chrome Cache Entry: 101
Web Open Font Format (Version 2), TrueType, length 106916, version 1.0
downloaded
Chrome Cache Entry: 102
Web Open Font Format (Version 2), TrueType, length 106916, version 1.0
downloaded
Chrome Cache Entry: 103
TrueType Font data, 18 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Digitized data copyright (c) 2010 Google Corporation.CousineRegularAscender - CousineVersion 1.2
downloaded
Chrome Cache Entry: 104
PNG image data, 68 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 105
Web Open Font Format (Version 2), TrueType, length 106484, version 1.0
downloaded
Chrome Cache Entry: 106
HTML document, Unicode text, UTF-8 text, with very long lines (850)
downloaded
Chrome Cache Entry: 107
PNG image data, 68 x 16, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 108
TrueType Font data, 17 tables, 1st "GDEF", 30 names, Macintosh, Copyright (c) 2010-2013 by tyPoland Lukasz Dziedzic with Reserved Font Name "Carlito". Licensed
downloaded
Chrome Cache Entry: 109
HTML document, ASCII text
downloaded
Chrome Cache Entry: 110
PNG image data, 482 x 304, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (551)
downloaded
Chrome Cache Entry: 112
TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.001101; 2014Roboto-Regular
downloaded
Chrome Cache Entry: 113
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 114
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 115
PNG image data, 482 x 304, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 116
Web Open Font Format, TrueType, length 37588, version 1.104
downloaded
Chrome Cache Entry: 117
Web Open Font Format (Version 2), TrueType, length 106484, version 1.0
downloaded
Chrome Cache Entry: 118
Web Open Font Format (Version 2), TrueType, length 100368, version 1.0
downloaded
Chrome Cache Entry: 119
TrueType Font data, 21 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Digitized data copyright (c) 2010-2012 Google Corporation.TinosRegularMonotype Imaging - TinosVe
downloaded
Chrome Cache Entry: 120
Web Open Font Format, TrueType, length 24600, version 1.0
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (324)
downloaded
Chrome Cache Entry: 122
Web Open Font Format, TrueType, length 26436, version 4.1
downloaded
Chrome Cache Entry: 123
PNG image data, 393 x 120, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 124
ASCII text, with very long lines (4030)
downloaded
Chrome Cache Entry: 125
Web Open Font Format, TrueType, length 18456, version 1.2
downloaded
Chrome Cache Entry: 83
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (1930)
downloaded
Chrome Cache Entry: 85
TrueType Font data, digitally signed, 16 tables, 1st "DSIG", 32 names, Macintosh
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (61526)
downloaded
Chrome Cache Entry: 87
Web Open Font Format (Version 2), TrueType, length 100368, version 1.0
downloaded
Chrome Cache Entry: 88
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 89
JSON data
dropped
Chrome Cache Entry: 90
PNG image data, 393 x 120, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 91
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans
downloaded
Chrome Cache Entry: 92
Web Open Font Format, TrueType, length 28512, version 1.0
downloaded
Chrome Cache Entry: 93
TrueType Font data, 19 tables, 1st "FFTM", 30 names, Macintosh
downloaded
Chrome Cache Entry: 94
JSON data
downloaded
Chrome Cache Entry: 95
TrueType Font data, 21 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Digitized data copyright (c) 2010-2012 Google Corporation.ArimoRegularMonotype Imaging - ArimoVe
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (53422)
downloaded
Chrome Cache Entry: 97
HTML document, ASCII text
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (2356)
downloaded
Chrome Cache Entry: 99
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
There are 40 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2316,i,17975090354257941386,3941918294337709614,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.auditi.de/responder"

URLs

Name
IP
Malicious
https://app.auditi.de/responder
http://www.typoland.com/http://www.typoland.com/designers/Lukasz_Dziedzic/Copyright
unknown
http://www.unicode.org/reports/tr35/tr35-31/tr35-dates.html#Date_Format_tokens
unknown
https://app.auditi.de/webviewer/ui/assets/fonts/webfonts/Tinos.ttf
46.182.150.8
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
unknown
https://github.com/select2/select2/blob/master/LICENSE.md
unknown
https://github.com/facebook/flow/issues/1414
unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
unknown
http://codereview.stackexchange.com/q/13338
unknown
https://stackoverflow.com/questions/49875255
unknown
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
unknown
http://www.unicode.org/reports/tr35/tr35-31/tr35-dates.html#Date_Format_Patterns
unknown
https://www.auditi.de/imprint/
unknown
https://date-fns.org/docs/setWeekYear
unknown
https://github.com/popperjs/popper-core/issues/837
unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
unknown
https://reactjs.org/docs/context.html#contextdisplayname
unknown
https://app.auditi.de/aude-favicon.ico?v=xQd7xlkw7F
46.182.150.8
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=470258
unknown
https://www.auditi.de/privacy
unknown
https://app.auditi.de/assets/auditi-84e52db785622fe9811dda94bfecf0cf2b452733fdc939a670c828facb1034b1.png
46.182.150.8
https://app.auditi.de/webviewer/ui/assets/fonts/webfonts/OpenSans.ttf
46.182.150.8
http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
unknown
https://fengyuanchen.github.io/cropperjs
unknown
https://www.youtube.com/watch?v=cZSjDaGDmX8
unknown
http://momentjs.com/guides/#/warnings/zone/
unknown
https://docs.apryse.com/documentation/web/faq/loading-errors/#not-allowed-to-load-local-resource:-fi
unknown
http://www.ascendercorp.com/
unknown
https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts
unknown
https://vimeo.com/
unknown
https://app.auditi.de/webviewer/ui/index.html
46.182.150.8
https://app.auditi.de/webviewer/ui/assets/fonts/Lato-Regular.woff
46.182.150.8
http://getify.mit-license.org
unknown
https://html.spec.whatwg.org/#nonce-attributes
unknown
https://app.auditi.de/webviewer/ui/assets/fonts/webfonts/Cousine.ttf
46.182.150.8
http://jsperf.com/diacritics/18
unknown
https://github.com/date-fns/date-fns/blob/master/docs/upgradeGuide.md#string-arguments
unknown
https://www.pdftron.com/webfonts/v2/
unknown
https://bugs.webkit.org/show_bug.cgi?id=174980#c2
unknown
https://jsperf.com/getall-vs-sizzle/2
unknown
https://github.com/Flet/prettier-bytes/
unknown
https://app.auditi.de/webviewer/ui/assets/fonts/webfonts/Roboto.ttf
46.182.150.8
http://underscorejs.org/LICENSE
unknown
https://github.com/popperjs/popper-core/issues/1223
unknown
https://github.com/fengyuanchen/cropper/issues/476
unknown
https://app.auditi.de/assets/inter/Inter-SemiBold-9090abc8aaa4deb330c04ab79cf1eb5f24bc3de76e3f637cc3593d4a1386e3d5.woff2
46.182.150.8
https://jquery.com/
unknown
https://webtiming.github.io/timingobject/
unknown
https://date-fns.org/docs/Locale
unknown
https://docs.apryse.com/documentation/web/faq/content-encoding/
unknown
http://scripts.sil.org/OFL).http://scripts.sil.org/OFL
unknown
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume
unknown
https://app.auditi.de/webviewer/core/pdf/PDFNetLean.js
46.182.150.8
https://bugs.jquery.com/ticket/4833
unknown
https://mathiasbynens.be/notes/javascript-unicode).
unknown
https://sizzlejs.com/
unknown
http://momentjs.com/guides/#/warnings/min-max/
unknown
https://push.appsignal.com
unknown
https://npms.io/search?q=ponyfill.
unknown
https://app.auditi.de/webviewer/ui/assets/fonts/Nothing-You-Could-Do.woff
46.182.150.8
https://dev.apryse.com/.
unknown
https://github.com/szimek/signature_pad
unknown
https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-
unknown
https://www.auditi.de/
unknown
https://bugs.jquery.com/ticket/12359
unknown
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Getter_only
unknown
https://app.auditi.de/webviewer/ui/assets/fonts/La-Belle-Aurore.woff
46.182.150.8
https://reactjs.org/link/react-polyfills
unknown
https://app.auditi.de/login
http://ecma-international.org/ecma-262/7.0/#sec-tolength).
unknown
https://github.com/jquery/jquery/pull/557)
unknown
https://app.auditi.de/assets/inter/Inter-SemiBold.woff2
46.182.150.8
https://blog.izs.me/2013/08/designing-apis-for-asynchrony)
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=378607
unknown
http://dl.dropboxusercontent.com/u/35146/js/tests/isNumber.html
unknown
http://momentjs.com/guides/#/warnings/define-locale/
unknown
https://github.com/preactjs/preact/issues/3927
unknown
https://developer.mozilla.org/en-US/docs/Web/CSS/Containing_block#identifying_the_containing_block
unknown
https://app.auditi.de/assets/inter/Inter-Medium.woff2
46.182.150.8
https://app.auditi.de/webviewer/ui/assets/fonts/webfonts/Carlito.ttf
46.182.150.8
https://app.auditi.de/webviewer/ui/i18n/translation-en.json
46.182.150.8
https://app.auditi.de/assets/responder-ed59852fad92e4a36d049eddcf2b8c441dfb0ee51b7e98542ebb4d2238253738.css
46.182.150.8
http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht
unknown
https://drafts.csswg.org/cssom/#resolved-values
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=589347
unknown
https://date-fns.org/docs/getISOWeekYear
unknown
https://app.auditi.de/responder
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
unknown
https://promisesaplus.com/#point-59
unknown
https://www.auditi.de/privacy/
unknown
https://promisesaplus.com/#point-57
unknown
https://promisesaplus.com/#point-54
unknown
http://momentjs.com/guides/#/warnings/dst-shifted/
unknown
https://timingsrc.readthedocs.io/en/latest/
unknown
https://github.com/kossnocorp
unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
unknown
https://github.com/date-fns/date-fns/issues/376
unknown
https://jquery.org/license
unknown
https://select2.github.io
unknown
https://bugs.webkit.org/show_bug.cgi?id=137337
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
app.auditi.de
46.182.150.8
www.google.com
142.250.64.132
fp2e7a.wpc.phicdn.net
192.229.211.108

IPs

IP
Domain
Country
Malicious
239.255.255.250
unknown
Reserved
46.182.150.8
app.auditi.de
Germany
142.250.64.132
www.google.com
United States
192.168.2.5
unknown
unknown

DOM / HTML

URL
Malicious
https://app.auditi.de/responder
https://app.auditi.de/login
https://app.auditi.de/webviewer/ui/index.html#a=1&disabledElements=thumbnailControl%2CtoggleCompareModeButton%2CnoteState%2CtoolbarGroup-Insert%2CtoolbarGroup-Shapes%2CtoolbarGroup-Edit%2CtoolbarGroup-FillAndSign%2CtoolbarGroup-Forms%2CaddReplyAttachmentButton%2CdownloadButton&readonly=1&filepicker=0&pdfnet=0&enableRedaction=0&disableVirtualDisplayMode=0&enableMeasurement=0&notesInLeftPanel=0&autoExpandOutlines=0&enableAnnotationNumbering=0&enableOfficeEditing=0&singleServerMode=false&selectAnnotationOnCreation=0&autoFocusNoteOnAnnotationSelection=1&disableMultiViewerComparison=1&showInvalidBookmarks=1&id=1&basePath=%2Fresponder&webViewerJSVersion=10.6.0
https://app.auditi.de/webviewer/ui/index.html#a=1&disabledElements=thumbnailControl%2CtoggleCompareModeButton%2CnoteState%2CtoolbarGroup-Insert%2CtoolbarGroup-Shapes%2CtoolbarGroup-Edit%2CtoolbarGroup-FillAndSign%2CtoolbarGroup-Forms%2CaddReplyAttachmentButton%2CdownloadButton&readonly=1&filepicker=0&pdfnet=0&enableRedaction=0&disableVirtualDisplayMode=0&enableMeasurement=0&notesInLeftPanel=0&autoExpandOutlines=0&enableAnnotationNumbering=0&enableOfficeEditing=0&singleServerMode=false&selectAnnotationOnCreation=0&autoFocusNoteOnAnnotationSelection=1&disableMultiViewerComparison=1&showInvalidBookmarks=1&id=1&basePath=%2Fresponder&webViewerJSVersion=10.6.0