IOC Report
https://cloudfil.es/ly7mR8utBQ5

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Temp\evppz250.yan\SARS OUTSTANDING LETTER OF DEMAND.html
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\fsnnqwuj.h1e\SARS OUTSTANDING LETTER OF DEMAND.html
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\oluilyf2.xu4\SARS OUTSTANDING LETTER OF DEMAND.html
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\unarchiver.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\Downloads\22e8244c-6e16-464c-801c-35bec625d846.tmp
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\97f61521-b3dd-4003-bb1c-5ea026c9e45a.tmp
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (1).zip (copy)
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (1).zip.crdownload
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (2).zip (copy)
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (2).zip.crdownload
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND.zip (copy)
Zip archive data, at least v2.0 to extract
dropped
C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND.zip.crdownload
Zip archive data, at least v2.0 to extract
dropped
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1772,i,13935456055298204775,6851687727719502408,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cloudfil.es/ly7mR8utBQ5
C:\Windows\SysWOW64\unarchiver.exe
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3636 --field-trial-handle=1772,i,13935456055298204775,6851687727719502408,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 --field-trial-handle=1772,i,13935456055298204775,6851687727719502408,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Windows\SysWOW64\7za.exe
C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\fsnnqwuj.h1e" "C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND.zip
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\unarchiver.exe
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (1).zip
C:\Windows\SysWOW64\7za.exe
C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\oluilyf2.xu4" "C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (1).zip
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\unarchiver.exe
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (2).zip
C:\Windows\SysWOW64\7za.exe
C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\evppz250.yan" "C:\Users\user\Downloads\SARS OUTSTANDING LETTER OF DEMAND (2).zip
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://cloudfil.es/ly7mR8utBQ5
malicious
https://cloudfiles.io/_next/image?url=%2Fimages%2Fpages%2Fhome%2Ftestimonials%2Fhs-logo.png&w=1920&q=75
76.76.21.21
https://cloudfiles.io/logos/security/gdpr.png
76.76.21.21
https://www.youtube.com/s/player/abfb84fe/player_ias.vflset/en_US/base.js
172.217.23.110
https://region1.analytics.google.com/g/collect?v=2&tid=G-HB9Z4JLXX4&gtm=2oe9l0&_p=932923266&cid=604035153.1663946092&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=2&sid=1663946091&sct=1&seg=1&dl=https%3A%2F%2Fcloudfiles.io%2F&dt=File%20Sharing%20Platform%20%7C%20Share%20Documents%20Online%20%7C%20CloudFiles&en=page_view&_ee=1
216.239.32.36
https://api-na1.hubspot.com/userpreferences/v1/avatar/9da96031556358e4754625e37320e787/100
104.19.154.83
https://www.google.com/pagead/1p-user-list/10790155329/?random=1663946097413&cv=9&fst=1663945200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_his=1&u_tz=-420&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9l0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcloudfiles.io%2F&tiba=File%20Sharing%20Platform%20%7C%20Share%20Documents%20Online%20%7C%20CloudFiles&async=1&fmt=3&is_vtc=1&random=346257282&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.185.164
https://cloudfiles.io/images/pages/home/testimonials/Jordan-Harris.jpeg
76.76.21.21
https://cloudfil.es/_next/static/chunks/main-96fa8ae7c24c9725.js
76.76.21.21
https://js.usemessages.com/conversations-embed.js
104.17.239.204
https://cloudfiles.io/icons/twitter.png
76.76.21.21
https://cloudfiles.io/_next/static/YJeXlCCpqKEI4BNvP_rQi/_buildManifest.js
76.76.21.21
https://cloudfiles.io/images/pages/home/testimonials/neighbourhood-logo.jpeg
76.76.21.21
https://cdn.segment.com/analytics-next/bundles/870.bundle.323974846b6d45afb45e.js
108.138.32.174
https://www.youtube.com/s/player/abfb84fe/player_ias.vflset/en_US/embed.js
172.217.23.110
https://avatars.hubspot.net/9da96031556358e4754625e37320e787-100
104.17.240.204
https://www.youtube.com/iframe_api
172.217.23.110
https://cloudfiles.io/images/pages/home/testimonials/Architecture-Social.jpeg
76.76.21.21
https://cdn.segment.com/v1/projects/KUs1gEeIVanAKts76f3NenLgmETEQxxr/settings
108.138.32.174
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
172.217.23.110
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-188936264-1&cid=604035153.1663946092&jid=1865915276&gjid=1491550274&_gid=405113668.1663946093&_u=YADAAUAAAAAAAC~&z=1482416094
108.177.15.156
https://cloudfiles.io/images/pages/home/testimonials/Chris-Moore.png
76.76.21.21
https://connect.facebook.net/en_US/fbevents.js
157.240.17.15
https://cloudfiles.io/icons/linkedin.png
76.76.21.21
https://cloudfiles.io/images/pages/home/testimonials/1920px-HubSpot_Logo.svg.png
76.76.21.21
https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HB9Z4JLXX4&cid=604035153.1663946092&gtm=2oe9l0&aip=1&z=1923764674
172.217.18.3
https://cloudfiles.io/_next/static/YJeXlCCpqKEI4BNvP_rQi/_ssgManifest.js
76.76.21.21
https://cloudfiles.io/_next/static/chunks/pages/%5Bslug%5D-987d9e7f5dfae2bd.js
76.76.21.21
https://js.hs-banner.com/20182553.js
104.18.33.171
https://cloudfiles.io/_next/static/chunks/197-c096a3bf80407be8.js
76.76.21.21
https://cloudfiles.io/_next/static/chunks/423-c466c32b0761d1c5.js
76.76.21.21
https://app.hubspot.com/conversations-visitor/20182553/threads/utk/e86f3294fabf4298bfb6731338a898f9?uuid=9cb37ca1f6ae46778bde47f4ac4692ca&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cloudfiles.io&inApp53=false&messagesUtk=e86f3294fabf4298bfb6731338a898f9&url=https%3A%2F%2Fcloudfiles.io%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
104.19.155.83
https://api.cloudfil.es/api/ly7mR8utBQ5
172.67.199.56
https://cloudfiles.io/images/pages/home/features/file-links.svg
76.76.21.21
https://api.cloudfil.es/api/views/632d4ec5c3d2310bbf142ae1/download
172.67.199.56
https://i.ytimg.com/vi_webp/1rkTwk6PKdY/sddefault.webp
142.250.186.182
https://cloudfiles.io/images/pages/home/testimonials/goreact-logo.svg
76.76.21.21
https://cloudfil.es/favicon.ico
76.76.21.21
https://cloudfiles.io/images/pages/ho