IOC Report
https://lnkd.in/exwPeXjc

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:44:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:44:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:44:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:44:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:44:36 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\Downloads\a5c98876-310a-45db-9c1e-4c2240b847f8.tmp
PDF document, version 1.5
dropped
C:\Users\user\Downloads\downloaded.pdf (copy)
PDF document, version 1.5
dropped
C:\Users\user\Downloads\downloaded.pdf.crdownload
PDF document, version 1.5
dropped
C:\Users\user\Downloads\f01c7ac1-a3d5-4eaf-8e0b-1f16ebf5e4d9.tmp
PDF document, version 1.5
dropped
Chrome Cache Entry: 76
HTML document, ASCII text
downloaded
Chrome Cache Entry: 77
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 78
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 79
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
downloaded
Chrome Cache Entry: 80
ASCII text, with very long lines (15005)
downloaded
Chrome Cache Entry: 81
PNG image data, 1948 x 1230, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 82
HTML document, ASCII text, with very long lines (3341)
downloaded
Chrome Cache Entry: 83
Unicode text, UTF-8 text, with very long lines (39376)
downloaded
Chrome Cache Entry: 84
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 85
troff or preprocessor input, ASCII text, with very long lines (372)
downloaded
Chrome Cache Entry: 86
XML 1.0 document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 87
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
dropped
Chrome Cache Entry: 88
ASCII text, with very long lines (32030)
downloaded
Chrome Cache Entry: 89
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
downloaded
Chrome Cache Entry: 90
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
dropped
Chrome Cache Entry: 91
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
downloaded
Chrome Cache Entry: 92
HTML document, ASCII text
dropped
Chrome Cache Entry: 93
PNG image data, 1948 x 1230, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 94
PDF document, version 1.5
downloaded
Chrome Cache Entry: 95
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
dropped
Chrome Cache Entry: 96
JSON data
dropped
Chrome Cache Entry: 97
HTML document, ASCII text, with very long lines (62292)
downloaded
Chrome Cache Entry: 98
XML 1.0 document, ASCII text, with no line terminators
downloaded
There are 24 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lnkd.in/exwPeXjc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1928,i,3036787709100133626,7959615547617459310,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://lnkd.in/exwPeXjc
malicious
https://new-pdf-document-approval.us-lax-1.linodeobjects.com/app.html#john.smith@outlook.com
malicious
https://document-display-verifycation-download-pdf.us-east-1.linodeobjects.com/safe.html
malicious
https://4454275f.rwnbqwuligbumyzvpodsthfkaftacy.pages.dev/justintime.png
188.114.97.3
https://a9d041c33434.wazo-biawalkeks.ru/p/89?session=be20ea5bbbe9ef456236afd95beaab99d2c85bfef4d89e6fa105930dad415426
104.21.44.57
https://fingerprint.com)
unknown
https://a9d041c33434.wazo-biawalkeks.ru/s/f522420955
104.21.44.57
https://opensource.org/license/mit/
unknown
http://fontawesome.io
unknown
https://a9d041c33434.wazo-biawalkeks.ru
unknown
https://lnkd.in/exwPeXjc
13.107.42.14
https://a9d041c33434.wazo-biawalkeks.ru/r/17?session=be20ea5bbbe9ef456236afd95beaab99d2c85bfef4d89e6fa105930dad415426
104.21.44.57
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
104.17.24.14
http://www.opensource.org/licenses/mit-license.php)
unknown
https://media.licdn.com/favicon.ico
152.199.21.118
https://code.jquery.com/jquery-3.1.1.min.js
151.101.194.137
https://mariadb.com/bsl11/
unknown
file:///C:/Users/user/Downloads/downloaded.pdf
https://a9d041c33434.wazo-biawalkeks.ru/s/17?0
104.21.44.57
about:blank
https://new-pdf-document-approval.us-lax-1.linodeobjects.com/app.html
unknown
https://a.nel.cloudflare.com/report/v4?s=nrKzxdK6ZWtiB360dfcgyfHlEyQrmcteEszO2SGLLfo%2BWTBTqD5nD2LJw3uYAZoDVdYoYw0VIFG%2BykgplEJ7ziwW4QVub3UEYQePbdig3sSEGaNiOrII630vnzkYOXSd2ll%2FzHuhGhVFdlUIhPf32re2
35.190.80.1
https://openfpcdn.io/botd/v1
13.32.99.33
https://media.licdn.com/dms/document/media/D4E1FAQHFhtSoZc3ecA/feedshare-document-pdf-analyzed/0/1719999064861?e=1720656000&v=beta&t=LBGMvkRjVKeHwsuNkcV3IvRRVllumgKht0mdUo0Jks4
http://fontawesome.io/license
unknown
There are 14 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
document-display-verifycation-download-pdf.us-east-1.linodeobjects.com
unknown
 malicious
lnkd.in
13.107.42.14
openfpcdn.io
13.32.99.33
s-part-0014.t-0009.t-msedge.net
13.107.246.42
a9d041c33434.wazo-biawalkeks.ru
104.21.44.57
a.nel.cloudflare.com
35.190.80.1
4454275f.rwnbqwuligbumyzvpodsthfkaftacy.pages.dev
188.114.97.3
code.jquery.com
151.101.194.137
cdnjs.cloudflare.com
104.17.24.14
cs1404.wpc.epsiloncdn.net
152.199.21.118
www.google.com
142.250.185.164
media.licdn.com
unknown
new-pdf-document-approval.us-lax-1.linodeobjects.com
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
13.107.246.42
s-part-0014.t-0009.t-msedge.net
United States
152.199.21.118
cs1404.wpc.epsiloncdn.net
United States
104.21.44.57
a9d041c33434.wazo-biawalkeks.ru
United States
192.168.2.17
unknown
unknown
13.32.99.33
openfpcdn.io
United States
13.107.42.14
lnkd.in
United States
239.255.255.250
unknown
Reserved
188.114.97.3
4454275f.rwnbqwuligbumyzvpodsthfkaftacy.pages.dev
European Union
142.250.185.164
www.google.com
United States
188.114.96.3
unknown
European Union
151.101.194.137
code.jquery.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
There are 3 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://document-display-verifycation-download-pdf.us-east-1.linodeobjects.com/safe.html
 malicious
https://new-pdf-document-approval.us-lax-1.linodeobjects.com/app.html#john.smith@outlook.com
 malicious
https://new-pdf-document-approval.us-lax-1.linodeobjects.com/app.html#john.smith@outlook.com
 malicious
https://media.licdn.com/dms/document/media/D4E1FAQHFhtSoZc3ecA/feedshare-document-pdf-analyzed/0/1719999064861?e=1720656000&v=beta&t=LBGMvkRjVKeHwsuNkcV3IvRRVllumgKht0mdUo0Jks4
file:///C:/Users/user/Downloads/downloaded.pdf
file:///C:/Users/user/Downloads/downloaded.pdf
file:///C:/Users/user/Downloads/downloaded.pdf
about:blank
https://document-display-verifycation-download-pdf.us-east-1.linodeobjects.com/safe.html
https://new-pdf-document-approval.us-lax-1.linodeobjects.com/app.html#john.smith@outlook.com