IOC Report
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 10:18:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 10:18:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 10:18:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 10:18:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 10:18:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 64
ASCII text, with very long lines (48316), with no line terminators
dropped
Chrome Cache Entry: 65
JSON data
downloaded
Chrome Cache Entry: 66
ASCII text
dropped
Chrome Cache Entry: 67
ASCII text, with very long lines (48316), with no line terminators
downloaded
Chrome Cache Entry: 68
ASCII text
downloaded
Chrome Cache Entry: 69
HTML document, ASCII text, with very long lines (611)
downloaded
Chrome Cache Entry: 70
HTML document, ASCII text, with very long lines (65446)
downloaded
Chrome Cache Entry: 71
JSON data
dropped
There are 5 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1884,i,11828077503824926269,3476625149964184889,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)"

URLs

Name
IP
Malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
malicious
https://a.nel.cloudflare.com/report/v4?s=S0fBBCnxNJXNyGaG8xD0yDPTm0c0UWhFOSBCRCd4dOk40UCOGg7wk8eXyxx5QfrIsiAwZ2I22YGRp1NhRJ4cUA1ia4z%2B0xNfq%2F3TLyiRUnOelZL0msLQm%2FfHbkFn%2BLY36MyfkV1ewCN3Id%2FO
35.190.80.1
http://bugs.jquery.com/ticket/12359
unknown
http://jquery.org/license
unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.25.14
http://json.org/json2.js
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=649285
unknown
http://sizzlejs.com/
unknown
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
unknown
https://a.nel.cloudflare.com/report/v4?s=pyCwixMqQzILA5F9uawMnnXlgXhx2rUAOsLtKIndYi36ld8ns%2F98JCcVQRCwiIFJO3uOo7vtZpQNyMGRz9br04vxI5rNgQjW%2ByecjDm6wmRO8eBGG18pSnUICEN5rO2iuCmN1M%2BhQuPRxY%2FQ
35.190.80.1
http://jsperf.com/getall-vs-sizzle/2
unknown
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
unknown
https://bugs.webkit.org/show_bug.cgi?id=29084
unknown
http://blindsignals.com/index.php/2009/07/jquery-delay/
unknown
http://bugs.jquery.com/ticket/12282#comment:15
unknown
https://developer.mozilla.org/en-US/docs/CSS/display
unknown
http://dev.w3.org/csswg/cssom/#resolved-values
unknown
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/favicon.ico
162.159.140.237
https://code.jquery.com/jquery-1.9.1.js
151.101.194.137
https://ziumvqp0e8.dffjl.online/obufsssssssscaaatoion/
104.21.48.111
https://developer.mozilla.org/en/Security/CSP)
unknown
https://7feiapxrtg6.tkllop.online/obufsssssssscaaatoion/
104.21.57.143
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html
162.159.140.237
https://www.cloudflare.com/favicon.ico
unknown
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
unknown
http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
unknown
https://developers.cloudflare.com/r2/data-access/public-buckets/
unknown
https://github.com/jquery/jquery/pull/764
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=491668
unknown
http://javascript.nwbox.com/IEContentLoaded/
unknown
http://jquery.com/
unknown
https://freeipapi.com/api/json/
188.114.97.3
There are 22 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev
162.159.140.237
 malicious
a.nel.cloudflare.com
35.190.80.1
code.jquery.com
151.101.194.137
cdnjs.cloudflare.com
104.17.25.14
freeipapi.com
188.114.97.3
www.google.com
142.250.185.228
7feiapxrtg6.tkllop.online
104.21.57.143
ziumvqp0e8.dffjl.online
104.21.48.111

IPs

IP
Domain
Country
Malicious
162.159.140.237
pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev
United States
malicious
104.17.24.14
unknown
United States
142.250.185.228
www.google.com
United States
192.168.2.16
unknown
unknown
151.101.2.137
unknown
United States
239.255.255.250
unknown
Reserved
188.114.97.3
freeipapi.com
European Union
104.21.57.143
7feiapxrtg6.tkllop.online
United States
151.101.194.137
code.jquery.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.21.48.111
ziumvqp0e8.dffjl.online
United States
104.17.25.14
cdnjs.cloudflare.com
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
 malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)