IOC Report
https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFz

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\9a25b646-7ba5-4e95-ba13-3c430acbcc9e.tmp
Zip archive data, at least v4.5 to extract, compression method=store
dropped
C:\Users\user\Downloads\PrivacyGuardBrowser.1.10.78.0.Msix (copy)
Zip archive data, at least v4.5 to extract, compression method=store
dropped
C:\Users\user\Downloads\Unconfirmed 403941.crdownload
Zip archive data, at least v4.5 to extract, compression method=store
dropped
Chrome Cache Entry: 57
ISO Media, MP4 v2 [ISO 14496-14]
downloaded
Chrome Cache Entry: 58
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 59
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
downloaded
Chrome Cache Entry: 60
ASCII text, with very long lines (607)
downloaded
Chrome Cache Entry: 61
HTML document, Unicode text, UTF-8 text, with very long lines (2013)
downloaded
Chrome Cache Entry: 62
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 63
ISO Media, MP4 v2 [ISO 14496-14]
downloaded
Chrome Cache Entry: 64
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 65
ASCII text
downloaded
Chrome Cache Entry: 66
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 67
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 68
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 69
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 70
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 71
ASCII text
downloaded
Chrome Cache Entry: 72
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 73
Unicode text, UTF-8 (with BOM) text, with very long lines (547)
downloaded
Chrome Cache Entry: 74
ASCII text
downloaded
Chrome Cache Entry: 75
ASCII text
downloaded
Chrome Cache Entry: 76
PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 77
PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced
downloaded
There are 15 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1984,i,4643450290400954545,2623845929518352052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\user\Desktop\"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0
https://yandex.com/an/sync_cookie
unknown
http://104.154.23.126/data-ingest
unknown
https://impr.zautils.online/impression?c=intpgdirect
unknown
https://red.zautils.online/downloadproxy/intpgdirect/
unknown
https://mc.yandex.
unknown
https://s3.mds.yandex.net/internal-metrika-betas
unknown
https://yastatic.net/s3/gdpr/v3/gdpr
unknown
https://yastatic.net/s3/metrika
unknown
https://ymetrica1.com/watch/3/1
unknown
https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirect
unknown
https://mc.yandex.md/cc
unknown
https://cintlp.zautils.online/?subid=90818143905&cid=8899&tag=dm&dkw=remotescripps.org&rhi=0bc29bef-b9ff-47fa-9c64-762e9458389c
https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
unknown
There are 3 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
162.254.207.52
unknown
United States
1.1.1.1
unknown
Australia
35.186.241.51
unknown
United States
192.178.50.46
unknown
United States
172.217.2.195
unknown
United States
87.250.250.119
unknown
Russian Federation
142.250.64.138
unknown
United States
192.168.2.4
unknown
unknown
142.250.64.195
unknown
United States
130.211.5.208
unknown
United States
172.67.136.85
unknown
United States
107.178.240.159
unknown
United States
239.255.255.250
unknown
Reserved
206.189.225.178
unknown
United States
93.158.134.119
unknown
Russian Federation
142.251.35.228
unknown
United States
3.220.57.224
unknown
United States
142.251.162.84
unknown
United States
77.88.21.119
unknown
Russian Federation
172.217.3.67
unknown
United States
13.35.116.53
unknown
United States
There are 11 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://cintlp.zautils.online/?subid=90818143905&cid=8899&tag=dm&dkw=remotescripps.org&rhi=0bc29bef-b9ff-47fa-9c64-762e9458389c