Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:40:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:40:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9720436835446686
Encrypted:	false
Ssdeep:	48:8Ed+CsTev4oHAidAKZdA19ehwiZUklqehTy+3:8nCsyAHgy
Size:	2677
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:40:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9900119863447836
Encrypted:	false
Ssdeep:	48:8Cd+CsTev4oHAidAKZdA1weh/iZUkAQkqehQy+2:89CsyAt9Q5y
Size:	2679
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9984950289711065
Encrypted:	false
Ssdeep:	48:8xxd+CsTev4sHAidAKZdA14tseh7sFiZUkmgqeh7suy+BX:8xSCsyAxnsy
Size:	2693
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:40:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.989136149426419
Encrypted:	false
Ssdeep:	48:8jXmd+CsTev4oHAidAKZdA1vehDiZUkwqehUy+R:8jXBCsyAO2y
Size:	2681
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:40:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9776461646573322
Encrypted:	false
Ssdeep:	48:8bd+CsTev4oHAidAKZdA1hehBiZUk1W1qehqy+C:8cCsyA+9Ky
Size:	2681
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:40:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Entropy:	3.9884527844392994
Encrypted:	false
Ssdeep:	48:8ld+CsTev4oHAidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbsy+yT+:8WCsyAgT/TbxWOvTbsy7T
Size:	2683
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	6648
Target ID:	0
Parent PID:	5464
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:40:41
Date:	24/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2004,i,12670222823714600968,14647733275689922172,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	2136
Target ID:	2
Parent PID:	6648
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2004,i,12670222823714600968,14647733275689922172,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:40:44
Date:	24/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://atpscan.global.hornetsecurity.com/index.php?atp_str=W3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA"

Details

Is windows:	true
Is dropped:	false
PID:	3448
Target ID:	3
Parent PID:	5464
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://atpscan.global.hornetsecurity.com/index.php?atp_str=W3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA"
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	08:40:46
Date:	24/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff715980000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://atpscan.global.hornetsecurity.com/index.php?atp_str=W3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA

94.100.136.44

https://seclinks.cloud-security.net/4559.48f904b1c4f393b5.js

94.100.132.160

https://seclinks.cloud-security.net/1744.2018b86d271a3b09.js

94.100.132.160

https://seclinks.cloud-security.net/2505.ab91568908025a64.js

94.100.132.160

https://seclinks.cloud-security.net/5439.33548c9ef0c57c57.js

94.100.132.160

https://seclinks.cloud-security.net/assets/i18n/es.json?cb=1716554467076

94.100.132.160

https://seclinks.cloud-security.net/styles.65f3741c0a27ba69.css

94.100.132.160

https://seclinks.cloud-security.net/7376.783e078c089acced.js

94.100.132.160

https://seclinks.cloud-security.net/5430.ac078923a53bd48a.js

94.100.132.160

https://seclinks.cloud-security.net/3555.601462a60dc1e2b2.js

94.100.132.160

https://seclinks.cloud-security.net/5551.2b02324e0f8100bf.js

94.100.132.160

https://seclinks.cloud-security.net/api/v0/whitelabeling/pwa/css/

94.100.132.160

https://seclinks.cloud-security.net/api/v0/url_scan/decode/

94.100.132.160

http://asr.one-11hotel.com/ptext/6YcuCk/?utm_source=chips-newsletter-311786.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post

https://seclinks.cloud-security.net/6895.b02691d50cb1a10c.js

94.100.132.160

https://seclinks.cloud-security.net/3037.36319de147f9430b.js

94.100.132.160

https://seclinks.cloud-security.net/api/v0/whitelabeling/pwa/manifest/

94.100.132.160

https://seclinks.cloud-security.net/3077.b35907578b1d866d.js

94.100.132.160

https://seclinks.cloud-security.net/7185.2b6656bbc221b35a.js

94.100.132.160

https://seclinks.cloud-security.net/1619.9ac2afdff0a7aa8f.js

94.100.132.160

https://seclinks.cloud-security.net/assets/i18n/en.json?cb=1716554470471

94.100.132.160

https://seclinks.cloud-security.net/8283.91148d5b9408b4ec.js

94.100.132.160

https://seclinks.cloud-security.net/8184.05275f788c0460e0.js

94.100.132.160

https://seclinks.cloud-security.net/4650.32f07368b504537f.js

94.100.132.160

https://seclinks.cloud-security.net/3222.a9a9f3f69c4b9c15.js

94.100.132.160

https://seclinks.cloud-security.net/9752.31b1b8a375f63aad.js

94.100.132.160

https://seclinks.cloud-security.net/1201.ef1fee5a0c78c1f2.js

94.100.132.160

https://seclinks.cloud-security.net/201.100c6bd9dcd95878.js

94.100.132.160

https://seclinks.cloud-security.net/api/v0/whitelabeling/pwa/logo/

94.100.132.160

https://seclinks.cloud-security.net/2562.2386080b23ea7853.js

94.100.132.160

https://seclinks.cloud-security.net/1270.7855fbc3e5ad0603.js

94.100.132.160

https://seclinks.cloud-security.net/4006.570c9063b404b18f.js

94.100.132.160

https://seclinks.cloud-security.net/8957.974da16e9cbc5018.js

94.100.132.160

https://seclinks.cloud-security.net/8651.754d1167672b96e8.js

94.100.132.160

https://seclinks.cloud-security.net/scripts.4ecef9f37bcc01fd.js

94.100.132.160

https://seclinks.cloud-security.net/3580.2cab375ef04a45a5.js

94.100.132.160

https://seclinks.cloud-security.net/2735.7ec04088773fc850.js

94.100.132.160

https://seclinks.cloud-security.net/main.1400b38df7e2ebf0.js

94.100.132.160

https://seclinks.cloud-security.net/529.4f10b0f3a8fae779.js

94.100.132.160

https://seclinks.cloud-security.net/4934.906ae02879fbcb3c.js

94.100.132.160

https://seclinks.cloud-security.net/4327.418f0756b397a33d.js

94.100.132.160

https://seclinks.cloud-security.net/255.14e26cdbd02bda6c.js

94.100.132.160

https://seclinks.cloud-security.net/2864.26242ad3319d5d83.js

94.100.132.160

https://seclinks.cloud-security.net/9290.e22310e426c00bd0.js

94.100.132.160

https://seclinks.cloud-security.net/4793.487859774fdeef90.js

94.100.132.160

https://seclinks.cloud-security.net/7343.2a0cc115bf8eaf15.js

94.100.132.160

https://seclinks.cloud-security.net/8672.e2c87ebe39911e8a.js

94.100.132.160

https://seclinks.cloud-security.net/7340.2f620b06e6e3392a.js

94.100.132.160

https://seclinks.cloud-security.net/assets/i18n/de.json?cb=1716554467076

94.100.132.160

https://seclinks.cloud-security.net/7530.519d98f4024fb7bb.js

94.100.132.160

https://seclinks.cloud-security.net/api/v0/url_scan/

94.100.132.160

https://seclinks.cloud-security.net/8397.ea58e61759c39850.js

94.100.132.160

http://asr.one-11hotel.com/favicon.ico

198.54.116.98

https://seclinks.cloud-security.net/1158.49871b95f2c1acb7.js

94.100.132.160

https://seclinks.cloud-security.net/5159.f7bb55efcfd24262.js

94.100.132.160

https://seclinks.cloud-security.net/1053.0f0537c6b986f7fc.js

94.100.132.160

https://seclinks.cloud-security.net/polyfills.9a1cde2be23430c5.js

94.100.132.160

https://seclinks.cloud-security.net/7372.74fbf6b055248e0d.js

94.100.132.160

https://seclinks.cloud-security.net/9550.a43c432220624903.js

94.100.132.160

https://seclinks.cloud-security.net/5001.1ca873a82514e1e5.js

94.100.132.160

https://seclinks.cloud-security.net/4125.6d1aebc4804c851d.js

94.100.132.160

https://seclinks.cloud-security.net/Hornet-Regular.021743c5464be55c.woff2

94.100.132.160

https://seclinks.cloud-security.net/assets/i18n/fr.json?cb=1716554467076

94.100.132.160

https://seclinks.cloud-security.net/common.ed638a62d345d01a.js

94.100.132.160

https://seclinks.cloud-security.net/assets/i18n/en.json?cb=1716554467076

94.100.132.160

https://seclinks.cloud-security.net/2898.5e6f8d2d5951549d.js

94.100.132.160

https://seclinks.cloud-security.net/1523.b18ac1c7d3aaa33c.js

94.100.132.160

https://seclinks.cloud-security.net/9521.198a5e3f426397e8.js

94.100.132.160

https://cp.hornetsecurity.com/static/customers/aseadmin/aseadmin.png

94.100.132.160

https://seclinks.cloud-security.net/ngsw-worker.js

94.100.132.160

https://seclinks.cloud-security.net/1719.afc4638324620355.js

94.100.132.160

https://seclinks.cloud-security.net/2995.268c478c8d8cd52d.js

94.100.132.160

https://seclinks.cloud-security.net/api/v0/whitelabeling/pwa/favicon/

94.100.132.160

https://seclinks.cloud-security.net/2687.03e9fe143c866ec1.js

94.100.132.160

https://seclinks.cloud-security.net/4080.0c63e668dd1c2751.js

94.100.132.160

https://seclinks.cloud-security.net/api/v0/whitelabeling/pwa/app_icon/144/

94.100.132.160

https://seclinks.cloud-security.net/2468.1bdc04631980f012.js

94.100.132.160

https://seclinks.cloud-security.net/164.7f4b826816834e35.js

94.100.132.160

https://seclinks.cloud-security.net/3028.915f7f48f4fe6561.js

94.100.132.160

https://seclinks.cloud-security.net/1481.c0ff8c21ce6af34a.js

94.100.132.160

https://seclinks.cloud-security.net/1361.20c84b09e9a79e49.js

94.100.132.160

https://seclinks.cloud-security.net/6286.c73be553a99a84ad.js

94.100.132.160

https://seclinks.cloud-security.net/2904.6d9c9d2c0a864415.js

94.100.132.160

https://seclinks.cloud-security.net/339.1eccdb66af995ef4.js

94.100.132.160

https://seclinks.cloud-security.net/assets/images/background/365_TP_background.png

94.100.132.160

https://seclinks.cloud-security.net/2466.4e51d696c018e0c4.js

94.100.132.160

https://seclinks.cloud-security.net/fa-solid-900.1ff0942a7e7f9f5f.woff2

94.100.132.160

https://seclinks.cloud-security.net/urlscan?qs=%3Fatp_str%3DW3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA

https://seclinks.cloud-security.net/3691.fdcf84990ed2d0ea.js

94.100.132.160

https://seclinks.cloud-security.net/ngsw.json?ngsw-cache-bust=0.17049414412683683

94.100.132.160

https://seclinks.cloud-security.net/774.c5b1434b448f0b2a.js

94.100.132.160

https://seclinks.cloud-security.net/?atp_str=W3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA

https://seclinks.cloud-security.net/18.79d1a4d3f9a90246.js

94.100.132.160

https://seclinks.cloud-security.net/7559.cead32e58a8cee56.js

94.100.132.160

There are 84 hidden URLs, click here to show them.

Domains

Name

Malicious

seclinks.cloud-security.net

94.100.132.160

Details

Name:	seclinks.cloud-security.net
IP:	94.100.132.160
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

cp.hornetsecurity.com

94.100.132.160

Details

Name:	cp.hornetsecurity.com
IP:	94.100.132.160
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

asr.one-11hotel.com

198.54.116.98

Details

Name:	asr.one-11hotel.com
IP:	198.54.116.98
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

atpscan.global.hornetsecurity.com

94.100.136.44

Details

Name:	atpscan.global.hornetsecurity.com
IP:	94.100.136.44
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.74.196

Details

Name:	www.google.com
IP:	142.250.74.196
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

94.100.136.44

atpscan.global.hornetsecurity.com

Germany

94.100.132.160

seclinks.cloud-security.net

Germany

198.54.116.98

asr.one-11hotel.com

United States

239.255.255.250

unknown

Reserved

192.168.2.5

unknown

142.250.74.196

www.google.com

United States

DOM / HTML

URL

Malicious

Details

Filename:	0.0.pages.html.dom
Url:	https://seclinks.cloud-security.net/?atp_str=W3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2004,i,12670222823714600968,14647733275689922172,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Filename:	1.1.pages.html.dom
Url:	https://seclinks.cloud-security.net/urlscan?qs=%3Fatp_str%3DW3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2004,i,12670222823714600968,14647733275689922172,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

http://asr.one-11hotel.com/ptext/6YcuCk/?utm_source=chips-newsletter-311786.beehiiv.com&utm_medium=newsletter&utm_campaign=new-post

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

Processes

URLs

Domains

IPs

DOM / HTML