IOC Report
https://url.us.m.mimecastprotect.com/s/LOTCCXD9yEtpw99u6JYxu?domain=urldefense.proofpoint.com

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:11:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:11:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:11:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:11:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:11:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 71
HTML document, ASCII text
downloaded
Chrome Cache Entry: 72
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 73
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 74
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 75
PNG image data, 67 x 82, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 76
HTML document, ASCII text, with very long lines (4020)
downloaded
Chrome Cache Entry: 77
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 78
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 80
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 81
gzip compressed data, from Unix, original size modulo 2^32 389
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (42565)
downloaded
Chrome Cache Entry: 83
ASCII text, with very long lines (50758)
downloaded
Chrome Cache Entry: 84
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 85
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 86
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 87
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 88
PNG image data, 67 x 82, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 89
ASCII text, with very long lines (7043), with no line terminators
downloaded
Chrome Cache Entry: 90
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 91
SVG Scalable Vector Graphics image
downloaded
There are 18 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2260,i,14552097470459685588,6403106791794376548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/LOTCCXD9yEtpw99u6JYxu?domain=urldefense.proofpoint.com"

URLs

Name
IP
Malicious
https://url.us.m.mimecastprotect.com/s/LOTCCXD9yEtpw99u6JYxu?domain=urldefense.proofpoint.com
malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7
malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7#
malicious
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oz2za/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/132416316:1715124736:idV2mvT5UDwNnTSZd7zHVwMhRlK9jbwBjp9GmNsm-iE/88053bd69f607609/5f13040b6501e27
104.17.2.184
http://viribusprop.co.za/cbg/
41.72.158.10
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ASSETS/img/sig-op.svg
172.67.152.82
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/88053bd69f607609/1715127103036/62e884a97476c708f2906333e4652d8d0afba60f707c323620f23fb8b56d8090/u-kSJ5fxFcfHPv5
104.17.2.184
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/js/014a761a2bc4c2a504d2ede10cd9612d663ac356753f2
172.67.152.82
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/jq/014a761a2bc4c2a504d2ede10cd9612d663ac356753eb
172.67.152.82
https://url.us.m.mimecastprotect.com/s/LOTCCXD9yEtpw99u6JYxu?domain=urldefense.proofpoint.com
205.139.111.12
https://getbootstrap.com/)
unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=88053bc5b9e330b2
172.67.152.82
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=88053bd69f607609
104.17.2.184
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ASSETS/img/m_.svg
172.67.152.82
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/favicon.ico
172.67.152.82
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/o/014a761a2bc4c2a504d2ede10cd9612d663ac35926ca9
172.67.152.82
http://viribusprop.co.za/cbg
41.72.158.10
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/x/014a761a2bc4c2a504d2ede10cd9612d663ac35926c85
172.67.152.82
https://a.nel.cloudflare.com/report/v4?s=GUfeNIPyeNRuwy6c%2F3VMBa6mO7YnDAeswyiauJd4ybpJt6FQq%2BvfYNBUzRwhNe6wSRhecws9Dcc0xSVYdrcsGEO%2FXo7cstMqFaFXwNUBPbx2clFOUNcKC5YZCW9t5M9UXtlqNEuJ7NYpEHxAY0ksMqLYqYFH
35.190.80.1
https://a.nel.cloudflare.com/report/v4?s=ZpBh0H6DFNj%2BVSMylcdGPnlZQqTrDtRQKESZ%2FmF3jLGJE%2Bb1c5zQTPZraOgxddQxo8mu2iw6K3O%2B4TT3ysdq%2Bywb46sr1iCGwsuYJ8X0XXcFVZEHesMsujkElUo2ZBiiiZgw%2BwLeTjfvQRze1xhdGi%2FndoRQ
35.190.80.1
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/cdn-cgi/challenge-platform/h/b/flow/ov1/1636294195:1715124522:c1_Lw9tCiD2OlhDe3jXSYBKn9BtmDaUdiUlJyekI2nU/88053bc5b9e330b2/60a11d89e230724
172.67.152.82
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/APP-014a761a2bc4c2a504d2ede10cd9612d663ac35926c7d/014a761a2bc4c2a504d2ede10cd9612d663ac35926c7f
172.67.152.82
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
104.17.2.184
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/1
172.67.152.82
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/88053bd69f607609/1715127103027/VgAQSbM1ouxOlXC
104.17.2.184
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/boot/014a761a2bc4c2a504d2ede10cd9612d663ac356753f0
172.67.152.82
There are 19 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
xdocusigniusmmxnmmxdicu.smumsmd.ws
172.67.152.82
 malicious
a.nel.cloudflare.com
35.190.80.1
url.us.m.mimecastprotect.com
205.139.111.12
challenges.cloudflare.com
104.17.2.184
www.google.com
142.251.33.68
viribusprop.co.za
41.72.158.10
fp2e7a.wpc.phicdn.net
192.229.211.108

IPs

IP
Domain
Country
Malicious
172.67.152.82
xdocusigniusmmxnmmxdicu.smumsmd.ws
United States
malicious
41.72.158.10
viribusprop.co.za
South Africa
142.251.33.68
www.google.com
United States
192.168.2.5
unknown
unknown
104.17.3.184
unknown
United States
239.255.255.250
unknown
Reserved
205.139.111.12
url.us.m.mimecastprotect.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.17.2.184
challenges.cloudflare.com
United States

DOM / HTML

URL
Malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7
 malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7#
 malicious
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oz2za/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/oz2za/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac355746f6LOG6f5c738436d0a4edb215172e0bb1eabf663ac355746f7