IOC Report
https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\Downloads\76dcb663-2e81-461e-9b72-8fb10e7d180f.tmp
PDF document, version 1.6
dropped
C:\Users\user\Downloads\ProjectUpdate-X.pdf (copy)
PDF document, version 1.6
dropped
C:\Users\user\Downloads\ProjectUpdate-X.pdf.crdownload
PDF document, version 1.6
dropped
C:\Users\user\Downloads\bb9b9f8a-3667-4c1c-a153-54141f8fc828.tmp
PDF document, version 1.6
dropped
Chrome Cache Entry: 79
ASCII text, with very long lines (65325)
downloaded
Chrome Cache Entry: 80
ASCII text
downloaded
Chrome Cache Entry: 81
HTML document, Unicode text, UTF-8 text, with very long lines (52023), with CRLF line terminators
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (48664)
downloaded
Chrome Cache Entry: 83
JPEG image data, baseline, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 84
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 85
ASCII text, with very long lines (32012)
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (19015)
downloaded
Chrome Cache Entry: 87
HTML document, ASCII text, with very long lines (1238)
downloaded
Chrome Cache Entry: 88
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 89
ASCII text, with very long lines (54456)
downloaded
Chrome Cache Entry: 90
PDF document, version 1.6
downloaded
Chrome Cache Entry: 91
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 92
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 93
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 95
HTML document, ASCII text
downloaded
Chrome Cache Entry: 96
JPEG image data, baseline, precision 8, 1920x1080, components 3
dropped
There are 19 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1960,i,14208868564962595604,3052524558064138358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X
malicious
https://onetw.wanglinfeng.com/minetake/
malicious
https://fontawesome.com
unknown
https://www.google.com
unknown
https://www.pdfescape.com
unknown
https://onetw.wanglinfeng.com/favicon.ico
104.21.89.211
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.24.14
https://getbootstrap.com)
unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js
151.101.66.137
https://onetw.wanglinfeng.com/minetake/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
104.21.89.211
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://onetw.wanglinfeng.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.89.211
https://use.fontawesome.com/releases/v5.7.0/css/all.css
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.11.207
http://opensource.org/licenses/MIT).
unknown
file:///C:/Users/user/Downloads/ProjectUpdate-X.pdf
https://www.radpdf.com
unknown
https://onetw.wanglinfeng.com/minetake/images/bg.jpg
104.21.89.211
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
104.18.11.207
https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X
54.94.125.253
https://onetw.wanglinfeng.com/minetake/images/key.svg
104.21.89.211
https://fontawesome.com/license/free
unknown
https://a.nel.cloudflare.com/report/v4?s=Wy3P%2B3cnyD%2BQ6J2%2Fb6beA07x7AnwOy39eWmsjzDhRdOLfw8Dj7TF3Fy353TdzZTCgr6v6wl6T5P3UFSpSu7NEgwUeaRQ2T%2BgMuUhJ4HHgSJ7S3bZVcpmUPWX52uaHQMC8CS6T867sAg%3D
35.190.80.1
There are 13 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
a.nel.cloudflare.com
35.190.80.1
onetw.wanglinfeng.com
104.21.89.211
code.jquery.com
151.101.66.137
cdnjs.cloudflare.com
104.17.24.14
maxcdn.bootstrapcdn.com
104.18.11.207
www.google.com
142.250.217.228
brazil-proxy-6dd3fa02e902f93c.elb.sa-east-1.amazonaws.com
54.94.125.253
open.camscanner.com
unknown
use.fontawesome.com
unknown

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
192.168.2.17
unknown
unknown
142.250.217.228
www.google.com
United States
104.18.11.207
maxcdn.bootstrapcdn.com
United States
104.21.89.211
onetw.wanglinfeng.com
United States
239.255.255.250
unknown
Reserved
151.101.66.137
code.jquery.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
54.94.125.253
brazil-proxy-6dd3fa02e902f93c.elb.sa-east-1.amazonaws.com
United States

DOM / HTML

URL
Malicious
https://onetw.wanglinfeng.com/minetake/
 malicious
file:///C:/Users/user/Downloads/ProjectUpdate-X.pdf
file:///C:/Users/user/Downloads/ProjectUpdate-X.pdf