IOC Report
http://scbqroup.com/hhwtaobppbduaxet?login

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Aug 3 21:46:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Aug 3 21:46:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Aug 3 21:46:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Aug 3 21:46:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Aug 3 21:46:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 66
JPEG image data, baseline, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 67
JPEG image data, baseline, precision 8, 1920x1080, components 3
dropped
Chrome Cache Entry: 68
PNG image data, 503 x 61, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 69
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 70
HTML document, Unicode text, UTF-8 text, with very long lines (14850)
dropped
Chrome Cache Entry: 71
gzip compressed data, from Unix, original size modulo 2^32 2321
downloaded
Chrome Cache Entry: 72
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 73
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 74
PNG image data, 503 x 61, 8-bit colormap, non-interlaced
dropped
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2040,i,9300141686694069086,12119401010951069995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://scbqroup.com/hhwtaobppbduaxet?login"

URLs

Name
IP
Malicious
http://scbqroup.com/hhwtaobppbduaxet?login
malicious
http://scbqroup.com/js/analyse.js
159.69.19.252
malicious
http://scbqroup.com/js/timeme.min.js
159.69.19.252
malicious
http://scbqroup.com/public/campaign/36/39/11/static/0.jpg
159.69.19.252
malicious
http://workspaceupdates.googleblog.com/2011/04/
unknown
http://workspaceupdates.googleblog.com/2018/03/
unknown
http://workspaceupdates.googleblog.com/search/label/Rapid%20Releases
unknown
http://workspaceupdates.googleblog.com/search/label/YouTube
unknown
http://workspaceupdates.googleblog.com/2014/01/
unknown
http://workspaceupdates.googleblog.com/search/label/Gemini
unknown
http://workspaceupdates.googleblog.com/2007/06/
unknown
http://workspaceupdates.googleblog.com/search/label/Currents
unknown
http://workspaceupdates.googleblog.com/search/label/Google%20Calendar
unknown
http://workspaceupdates.googleblog.com/2022/01/
unknown
https://support.google.com/a/answer/13137538
unknown
http://workspaceupdates.googleblog.com/2010/12/
unknown
http://workspaceupdates.googleblog.com/2020/08/
unknown
http://workspaceupdates.googleblog.com/2009/10/
unknown
http://workspaceupdates.googleblog.com/2012/09/
unknown
http://workspaceupdates.googleblog.com/2021/
unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=gblog;cat=googl0;ord=ord=
unknown
http://workspaceupdates.googleblog.com/2023/06/
unknown
http://workspaceupdates.googleblog.com/2017/11/
unknown
http://workspaceupdates.googleblog.com/2015/06/
unknown
https://www.blogger.com/feeds/5245696872621940063/posts/default
unknown
http://workspaceupdates.googleblog.com/2019/08/
unknown
http://workspaceupdates.googleblog.com/2011/03/
unknown
http://workspaceupdates.googleblog.com/search/label/Assistant
unknown
http://workspaceupdates.googleblog.com/2018/04/
unknown
http://workspaceupdates.googleblog.com/search/label/Docs
unknown
http://workspaceupdates.googleblog.com/2014/02/
unknown
https://support.google.com/a/users/answer/11219858
unknown
http://workspaceupdates.googleblog.com/search/label/Beta
unknown
http://workspaceupdates.googleblog.com/2013/10/
unknown
http://workspaceupdates.googleblog.com/search/label/Microsoft%20Exchange
unknown
http://workspaceupdates.googleblog.com/2007/07/
unknown
http://workspaceupdates.googleblog.com/2016/09/
unknown
http://workspaceupdates.googleblog.com/2022/12/
unknown
http://workspaceupdates.googleblog.com/2010/11/
unknown
https://scbqroup.com/obfuscate?path=js/analyse.js
159.69.19.252
http://workspaceupdates.googleblog.com/2020/09/
unknown
http://workspaceupdates.googleblog.com/search/label/SAML
unknown
http://workspaceupdates.googleblog.com/2010/
unknown
http://workspaceupdates.googleblog.com/2017/12/
unknown
http://workspaceupdates.googleblog.com/2023/07/
unknown
http://schema.org/Blog
unknown
http://workspaceupdates.googleblog.com/2015/05/
unknown
http://workspaceupdates.googleblog.com/2022/
unknown
http://workspaceupdates.googleblog.com/search/label/Drive%20for%20desktop
unknown
http://workspaceupdates.googleblog.com/2019/07/
unknown
http://workspaceupdates.googleblog.com/2022/11/
unknown
http://workspaceupdates.googleblog.com/2018/05/
unknown
http://workspaceupdates.googleblog.com/search/label/Google%20Sites
unknown
http://workspaceupdates.googleblog.com/2014/11/
unknown
http://workspaceupdates.googleblog.com/2011/06/
unknown
http://workspaceupdates.googleblog.com/search/label/Contacts
unknown
http://workspaceupdates.googleblog.com/2020/06/
unknown
http://workspaceupdates.googleblog.com/2007/04/
unknown
http://workspaceupdates.googleblog.com/2016/08/
unknown
http://workspaceupdates.googleblog.com/2023/04/streamlined-file-organization-google-drive-location-p
unknown
http://workspaceupdates.googleblog.com/2012/07/
unknown
http://workspaceupdates.googleblog.com/2010/02/
unknown
http://workspaceupdates.googleblog.com/2008/09/
unknown
http://workspaceupdates.googleblog.com/2017/01/
unknown
http://workspaceupdates.googleblog.com/2015/04/
unknown
http://workspaceupdates.googleblog.com/search/label/Admin%20SDK
unknown
http://workspaceupdates.googleblog.com/2023/08/
unknown