IOC Report
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 70
HTML document, ASCII text
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 72
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 73
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 74
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 75
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 76
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 77
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 78
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 79
ASCII text, with very long lines (7043), with no line terminators
downloaded
Chrome Cache Entry: 80
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 81
gzip compressed data, from Unix, original size modulo 2^32 389
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (42565)
downloaded
Chrome Cache Entry: 83
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 84
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 85
ASCII text, with very long lines (50758)
downloaded
Chrome Cache Entry: 86
HTML document, ASCII text, with very long lines (4020)
downloaded
Chrome Cache Entry: 87
PNG image data, 69 x 8, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 88
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 89
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 90
PNG image data, 69 x 8, 8-bit/color RGB, non-interlaced
dropped
There are 18 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2032,i,4573197792701812552,12899046821769428031,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com"

URLs

Name
IP
Malicious
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com
malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8#
malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8
malicious
http://viribusprop.co.za/cbg/
41.72.158.10
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/jq/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc3d
104.21.1.187
https://a.nel.cloudflare.com/report/v4?s=DdSNM23omUGbIp5mmfvB%2Bznwvoj51ENgtrOBBitLJWFXX1xTIcsDH%2BrfXHl7%2FZD3DE3hsQO5Zftz7Bud5ADaEkaeNXvIqj9Nj4pyBI7nsg5LDe8KZa8ruysHUQgCVR8NN5TGHst%2FpH4wYu6s%2B1fP5%2BH8LXHL
35.190.80.1
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63
104.17.3.184
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ASSETS/img/sig-op.svg
104.21.1.187
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/o/77e55199867d7ffbe66f79c58c488f7d663ac2b3d837e
104.21.1.187
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=880537c5bbc19b57
104.17.3.184
https://getbootstrap.com/)
unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ASSETS/img/m_.svg
104.21.1.187
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/favicon.ico
104.21.1.187
http://viribusprop.co.za/cbg
41.72.158.10
https://url.us.m.mimecastprotect.com/r/SS4jvcjIJW5OKLhohn858CKuFqQTiGsTF4bMNFkWzSKakJ_Sr0kNph4NNpxoiPK0EAnA15aATkzZxU7gtOfsUbyWTZoMomkSjCmwViKJPV71FvgKKHeJaRJKO5bXkDmjH_U9n9HmasY0v4yj31SrCfyzcg94PS5kNX4jXolAOaPjYqHUCbLuGl2_LLDafJsfHk6TN8mCYPDoT-wQC1U0VHJ1e9sOSrcOxKNKdaMZ8ZcMjbsC2XiEMoa8DrlfrJlxq9pQJ6YUZwKJa6bEvv8LUzoBr9H2DDmZIrlIXJbp7uQgDpbaaOxrpokkdDYwNpuqmCnR3MPjSLoxQuD1oKoXrdDXONFzTtiSDA9w4jh1rA5ZZuI-FmXuV1b8CM5XRaUPAxx-dwjRuubG2MWrwOv32bfvvOYxQMb5yp-HA4obO9evxZmoM5R0wJm6rwO6Q0ZVJCMDX2Qenfn1bCjjUuz7gD2coZBuZ-8MAWFlBv0zSssiKwZnTcC2qIL_eAb7TZJYAGXMTnOFNFGTICZVk6PgM7u-WIRpNKTdCSAynES87t5cMRF-QP8B-IDIhUfZB7V9NfM42L1PWZ_QZLMiZ0NY4opRkAFutfHiGj_grcPqeKPjheMbUbGaatJLhLlH1dnhWluPrL1psfC-rQSJtyiHQqw3ERLlidnPvKkrPtMVPXnSookvPAr-ejhQoCUNiSgoRt4urF-5IvE0v-aGN94OETq-xz6WQqT4WCKeGP7kB3u73mfryKZw6JLHaDzG3n1fjhzkcIgP1XFn7ySD9Zxo90jAe4OhLXhgTV0wFONPGdYyV91DPMnGoa2iX4pPDdBjLGwJq4YHJgUEO1KOzEE-3uYZRD4UL8YBFtI0UzGFqE-6bSxr-dqDsaZGewHDM6KFvyDuZEBDbdBHrA4KUlwgiL25FiVouun7D5pyvw7lVC_6TwPSZkacMkT4amOhP6iBvd0VzppkeglW5BCe_f7_Qn7todNstGo4T9YFcWjzI23HOqYLVvnpoU5tQ480AemcpYNkpeHycDBYc5ozFn3_0hOeSpJdM4DZftIn7VtuG0Y7-tDK0_gz559n5FbHII9DlpRtyFgKONoiRer-N5INHRHiE-TIMVpFVcm6YqvY9qAQwbQIVpD_1mAlo9eTIYKfwZq6Zvfy23BXd_QLSfVLurwlaa4sKQX7pSINd8lyjvZxdS1gHkywwKtPoNRyJu7XnwH3aU7FJs6SaglFap7X6H9q3XKLLVJbd_LViRbyixfT2Ch4DD-RWcHfPIqsR13f0jc6H2KY_uSguk793ma1Ma26o20B28g-gw5bRWw4S-TjjNrhNJwc_789pTWZl6cnvzCsWdPOR5GQFc7NiKMQGo1ZI-1zfP6WF8DzlPfuABan_tvGneMrhN6aC9q_p3BOhQcCLIacQ6pOqgoy9kqex8PLmw2Po034jiJZtrNjVJsDB6WJWdOZpJsw6VEj-aIZojjDsOCyXJVFxvdJZdUqu2hCS7cXQ02e9BDNw51EqCi0NdseDrfCijXBmfHCeAFLNYuZTzuxmaJ6zkMQ89AmsK-vDO8UiqpmyUhA3nINibSxd-qUeLrv8dIc3QV0hWt3BIRWA_FT4wB_S2YmNS5RwUmcfRj6nxb-_W-uRIol8jJRfgsTakFlVnp0ckhuzPNW2Zx7JH4E752ULtzRTSqMdgR7t4100ffrRSfKpJ1b1jK8l8I7oV31AZQQFyiJRoW5Y2RFyHRpvu1fquvRRqMHvVI9oPykmLC-ezDQftCJE26B5wR0lLWhHlX-3ndNnwlDNeWl3lNhZgQsg7Kns8OAmVjKuIAsOtb1lrURWqEx7o9H7Tp3XewiXjak_9_4bZ0nQ7vWj4a3P3RbYZkTxRtUgF8iLljHQiGK2o8bS5cJ9E5Pwp8k0HvTEDojw1ti1lO_nPWR_7bfdABYfN9YMFsj8g
205.139.111.12
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com
205.139.111.12
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/880537c5bbc19b57/1715126937235/12f3ee67ccbdb7fb1acecd3171bf600ac74e8a7846816ab49c39bcd42f6fc303/LNlFykAvnwqRdjI
104.17.3.184
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/APP-77e55199867d7ffbe66f79c58c488f7d663ac2b3d834f/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8350
104.21.1.187
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/boot/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc41
104.21.1.187
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/x/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8356
104.21.1.187
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
104.17.3.184
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/1
104.21.1.187
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://a.nel.cloudflare.com/report/v4?s=BCOG7BdwPUrsniQmf0ESJwNm0HXhtdk9OxY%2Buo1KlZOwXhc42AyX6efkNjs0%2BWGWf5xoy3gIs%2BV%2BnIlexz5BHAl7OxCWgD5uHy9ajsUNkOVPi7IQr%2BUPKHjYIlMKryCNg9A2upeaDlZaqKS3TTBbRCRRlYJo
35.190.80.1
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880537b31e9d7646
104.21.1.187
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/js/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc42
104.21.1.187
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/cdn-cgi/challenge-platform/h/b/flow/ov1/527534735:1715124565:uz73uwqss8iV9tiMGAbLwJzSrtIHhXFl__h71txL1oc/880537b31e9d7646/d98eb95fec24563
104.21.1.187
https://a.nel.cloudflare.com/report/v4?s=G%2F6IEmFEVqxJWu%2B2sD6c4kfaPfgynZvJROwIhmeVGzSMx3P%2BkJx8LbJY%2FFZEcMgBL18NprrLWfh1f33KXx4YuyzKLNV2HupXqRhYYcMjEYDvLBbOCWUkm4mv35gvfcSsWVqJJoyA9AXq9KnJzhQY57FB%2BH9g
35.190.80.1
There are 20 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
xdocusigniusmmxnmmxdicu.smumsmd.ws
104.21.1.187
 malicious
bg.microsoft.map.fastly.net
199.232.214.172
a.nel.cloudflare.com
35.190.80.1
url.us.m.mimecastprotect.com
205.139.111.12
challenges.cloudflare.com
104.17.2.184
www.google.com
142.250.217.68
viribusprop.co.za
41.72.158.10

IPs

IP
Domain
Country
Malicious
104.21.1.187
xdocusigniusmmxnmmxdicu.smumsmd.ws
United States
malicious
41.72.158.10
viribusprop.co.za
South Africa
142.250.217.68
www.google.com
United States
192.168.2.5
unknown
unknown
172.67.152.82
unknown
United States
104.17.3.184
unknown
United States
239.255.255.250
unknown
Reserved
205.139.111.12
url.us.m.mimecastprotect.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.17.2.184
challenges.cloudflare.com
United States

DOM / HTML

URL
Malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8
 malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8#
 malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8