Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
VMail_39200330.svg
|
SVG Scalable Vector Graphics image
|
initial sample
|
 |
|
|
Chrome Cache Entry: 100
|
HTML document, ASCII text, with very long lines (52007), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 102
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 104
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 105
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 106
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 109
|
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 110
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
ASCII text, with very long lines (10017)
|
downloaded
|
||
|
Chrome Cache Entry: 112
|
very short file (no magic)
|
dropped
|
||
|
Chrome Cache Entry: 113
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 114
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 115
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 116
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 117
|
HTML document, ASCII text, with very long lines (12021), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 118
|
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 120
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 121
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 122
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 123
|
Unicode text, UTF-8 text, with very long lines (21720), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 124
|
ASCII text, with very long lines (48238)
|
downloaded
|
||
|
Chrome Cache Entry: 125
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 126
|
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 127
|
ASCII text, with very long lines (10450)
|
downloaded
|
||
|
Chrome Cache Entry: 128
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 129
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 130
|
ASCII text, with very long lines (51734)
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 132
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 133
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 135
|
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 136
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 87
|
HTML document, Unicode text, UTF-8 text, with very long lines (327), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
RIFF (little-endian) data, Web/P image
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
very short file (no magic)
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
ASCII text, with very long lines (26765), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 92
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 93
|
RIFF (little-endian) data, Web/P image
|
dropped
|
||
|
Chrome Cache Entry: 94
|
Web Open Font Format, TrueType, length 36696, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
Web Open Font Format, TrueType, length 35970, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 96
|
ASCII text, with very long lines (48316), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
|
downloaded
|
There are 41 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,411843096288798292,9555603388791790738,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1972 /prefetch:3
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VMail_39200330.svg"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH
|
|
||
|
https://providentfundquery.in/vmail/
|
|
||
|
https://providentfundquery.in/vmail
|
103.92.235.25
|
|
|
|
https://abc.lyraxw.es/HX1rTg/
|
104.21.80.1
|
|
|
|
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
|
13.33.187.14
|
||
|
https://abc.lyraxw.es/rsqrVzJ7QK65jRHLycjIYghj33nYSEsxUcPMwlKOLP8XVH4MDzef200
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/56sBd2wacdImcQvY8914
|
104.21.80.1
|
||
|
https://code.jquery.com/jquery-3.6.0.min.js
|
151.101.130.137
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsq0ok40NGZ34PKfeom9uv38
|
188.114.97.3
|
||
|
https://pb7t0b.jnfemo.ru/bhanchod$4uyqregl
|
172.67.220.176
|
||
|
https://abc.lyraxw.es/abtGFSFdrsecd30
|
104.21.80.1
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsVAOY0KR4bN34t5uv40
|
188.114.97.3
|
||
|
https://a.nel.cloudflare.com/report/v4?s=G3U4rf%2BvdnzkzbEwSf4lacg9Skj0KAJ%2FA61UaVRalGq3fwxNwD0HYGbY3aDoPMbogcXNeug5BdiNYwkFE%2F9wmWEVCdCcVPM6uYMOguL%2FXO0RIB8pDWZK3ddutC1ep0tw3WqY
|
35.190.80.1
|
||
|
https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
|
13.33.187.14
|
||
|
https://abc.lyraxw.es/mnVedtOixL38C0BJgkDMR9Zcc6T8uvYDaAtVGM7H3Hzsxk78148
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/stiRdjwTAfcfqX13ewSylqUppklsJ6WztZmnEnkMlJskW0aEtfb5u50hjkAeWfsztjqwa6Dgh260
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/glBytjKUIFd02UrOLpXRLqo
|
104.21.80.1
|
||
|
https://github.com/fent)
|
unknown
|
||
|
https://abc.lyraxw.es/ijWWLDoCvTuJ44YEia1IBKMedjsDXwWtKcXBKxZktSxItF89dEWcOT1enMOcUvvj6675q516tMvwyz224
|
104.21.80.1
|
||
|
https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
|
104.18.94.41
|
||
|
https://abc.lyraxw.es/favicon.ico
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/GDSherpa-vf.woff2
|
104.21.80.1
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsK5uuBVO0sNLyGyzowUuv35
|
188.114.97.3
|
||
|
https://www.walmart.com
|
unknown
|
||
|
https://abc.lyraxw.es/GDSherpa-regular.woff2
|
104.21.80.1
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsmwMyx3FgeT34QTOgwx38
|
188.114.97.3
|
||
|
file:///C:/Users/user/Desktop/VMail_39200330.svg
|
|||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsuIc7gwm84Tln1iFPd12QJTwx40
|
188.114.97.3
|
||
|
https://abc.lyraxw.es/mn9u9NZ6Felt7yEip0cFn6xwU8gUwijZP89BUtiYsxUKm1Vj0rK3Twx220
|
104.21.80.1
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
|
104.17.25.14
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrs6UEPLqURRIba3gyzUolauv31
|
188.114.97.3
|
||
|
https://abc.lyraxw.es/HX1rTg/#Xce6azz@dxzvthq.co
|
|||
|
https://abc.lyraxw.es/GDSherpa-bold.woff
|
104.21.80.1
|
||
|
https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
|
13.33.187.14
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFpquQcWqb4344q30c2uv40
|
188.114.97.3
|
||
|
https://dawn-dust-7616.kpapp.workers.dev/?email=ce6azz%40dxzvthq.co
|
172.67.177.58
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrs2jB9kfsda6CqQyz1yHRwx40
|
188.114.97.3
|
||
|
https://abc.lyraxw.es/GDSherpa-bold.woff2
|
104.21.80.1
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
|
104.18.94.41
|
||
|
https://a.nel.cloudflare.com/report/v4?s=q0NJH9Eo1uM4%2FQYD0cptmLaqA8DIcanxI9e1%2F41098IfPQjNk9bnVtuhMl2bI1qxKQ6C9m%2FZKHaRWKrzFx3Gdab04OPwIxO%2B3oVdgye2sswNSLqAi4pvMtAaZOJpBLRtgAbd
|
35.190.80.1
|
||
|
https://upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svg
|
185.15.59.240
|
||
|
https://providentfundquery.in/favicon.ico
|
103.92.235.25
|
||
|
https://abc.lyraxw.es/yz9nJ96mWPUqO6569NQJB0Iyka1bclYFfgrsFPonTi9mJHOHEJawYZsI3b5RB90178
|
104.21.80.1
|
||
|
https://a.nel.cloudflare.com/report/v4?s=VvPCnh2rp8aGjM9swHgIa1LAYJwV7Oal7Uee%2B7q2N6kdISS2vaEp8Po4%2FAfUvJsBXa94ZrtyvXGCNaKo%2FBeTFnYamSMvoag65vZtY3kbEJd4Gp9MwyxzIPNdVvx0rRCkXl2Z
|
35.190.80.1
|
||
|
https://abc.lyraxw.es/kfAVOnbCDOBJsIbpoSXWLv0fluppYIKFpulqbrGKTCRx378hottrq0jy
|
104.21.80.1
|
||
|
https://developers.cloudflare.com/favicon.png
|
104.16.4.189
|
||
|
https://abc.lyraxw.es/GDSherpa-regular.woff
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/wx3AdDnumR1SJPrIXuqrAlc1Jb57I0zYo34124
|
104.21.80.1
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsacEon9vYb0AY12RFuv40
|
188.114.97.3
|
||
|
https://get.geojs.io/v1/ip/geo.json
|
172.67.70.233
|
||
|
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFpqeunK3xgHPu34dpmimwx33
|
188.114.97.3
|
||
|
https://abc.lyraxw.es/34C7V2eBuqSuT957ghm7Ry8Vg2Gs89110
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/GDSherpa-vf2.woff2
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/ajjTaO6WIX5onvbznROzG467IJMTplstVbZF4nADQ7h61aXCb4RM4y7
|
104.21.80.1
|
||
|
https://abc.lyraxw.es/ijBaFXznSRZpB4rxWfYzXd4UXITsz20T7km6cMcd5LcjyGcbr2O7E1Yh78170
|
104.21.80.1
|
There are 45 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
abc.lyraxw.es
|
104.21.80.1
|
|
|
|
providentfundquery.in
|
103.92.235.25
|
|
|
|
dawn-dust-7616.kpapp.workers.dev
|
172.67.177.58
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
developers.cloudflare.com
|
104.16.4.189
|
||
|
github.com
|
140.82.121.4
|
||
|
t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es
|
188.114.97.3
|
||
|
code.jquery.com
|
151.101.130.137
|
||
|
cdnjs.cloudflare.com
|
104.17.25.14
|
||
|
challenges.cloudflare.com
|
104.18.94.41
|
||
|
get.geojs.io
|
172.67.70.233
|
||
|
www.google.com
|
142.250.185.196
|
||
|
upload.wikimedia.org
|
185.15.59.240
|
||
|
d19d360lklgih4.cloudfront.net
|
13.33.187.14
|
||
|
pb7t0b.jnfemo.ru
|
172.67.220.176
|
||
|
objects.githubusercontent.com
|
185.199.109.133
|
||
|
ok4static.oktacdn.com
|
unknown
|
There are 7 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.80.1
|
abc.lyraxw.es
|
United States
|
|
|
|
103.92.235.25
|
providentfundquery.in
|
India
|
|
|
|
172.67.177.58
|
dawn-dust-7616.kpapp.workers.dev
|
United States
|
||
|
104.18.94.41
|
challenges.cloudflare.com
|
United States
|
||
|
13.33.187.14
|
d19d360lklgih4.cloudfront.net
|
United States
|
||
|
104.26.1.100
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
151.101.130.137
|
code.jquery.com
|
United States
|
||
|
104.21.112.1
|
unknown
|
United States
|
||
|
185.15.59.240
|
upload.wikimedia.org
|
Netherlands
|
||
|
185.199.109.133
|
objects.githubusercontent.com
|
Netherlands
|
||
|
172.67.220.176
|
pb7t0b.jnfemo.ru
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
104.16.6.189
|
unknown
|
United States
|
||
|
140.82.121.4
|
github.com
|
United States
|
||
|
142.250.185.196
|
www.google.com
|
United States
|
||
|
188.114.97.3
|
t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es
|
European Union
|
||
|
172.67.70.233
|
get.geojs.io
|
United States
|
||
|
104.16.4.189
|
developers.cloudflare.com
|
United States
|
||
|
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 10 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://providentfundquery.in/vmail/
|
|
|
|
https://providentfundquery.in/vmail/
|
|
|
|
https://abc.lyraxw.es/HX1rTg/#Xce6azz@dxzvthq.co
|
|
|
|
https://abc.lyraxw.es/HX1rTg/#Xce6azz@dxzvthq.co
|
|
|
|
https://abc.lyraxw.es/HX1rTg/#Xce6azz@dxzvthq.co
|
|
|
|
https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH
|
|
|
|
https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH
|
|
|
|
file:///C:/Users/user/Desktop/VMail_39200330.svg
|
||
|
https://abc.lyraxw.es/HX1rTg/#Xce6azz@dxzvthq.co
|