Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\Downloads\643a1987-55d3-4d58-8660-d86b6f576bed.tmp
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application (1).xls.z (copy)
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application (1).xls.z.crdownload
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application.xls.z (copy)
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\Mandatory Notice for all December Leave and Vacation application.xls.z.crdownload
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\bc926371-fb61-4026-ac03-5bdb9c957e0a.tmp
|
RAR archive data, v5
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2168,i,1335209173485336982,5855269918199286586,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net."
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net.
|
|||
https://security-za.m.mimecastprotect.com/ttpwp/resources/languages/en.json
|
41.74.192.87
|
||
https://cdn.discordapp.com/attachments/1309071256703991839/1309114652906491935/Mandatory_Notice_for_all_December_Leave_and_Vacation_application.xls.z?ex=67406787&is=673f1607&hm=7cc1154f0d5655485232483d18f50467f8f6693e8153e451db4924feef63cd2f&
|
162.159.135.233
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/images/favicon.ico
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/polyfills.5257ca6e429949972959.js
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/images/mimecast-logo.png
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
|
|||
https://security-za.m.mimecastprotect.com/ttpwp/resources/main.5257ca6e429949972959.js
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/styles.5257ca6e429949972959.js
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/ttpwp/resources/runtime.5257ca6e429949972959.js
|
41.74.192.87
|
||
https://security-za.m.mimecastprotect.com/api/ttp/url/get-page-data
|
41.74.192.87
|
||
https://url.za.m.mimecastprotect.com/s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net.
|
41.74.196.103
|
There are 4 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
cdn.discordapp.com
|
162.159.135.233
|
||
www.google.com
|
172.217.16.132
|
||
security-za.m.mimecastprotect.com
|
41.74.192.87
|
||
url.za.m.mimecastprotect.com
|
41.74.196.103
|
||
u48186210.ct.sendgrid.net
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
167.89.123.122
|
unknown
|
United States
|
||
41.74.196.103
|
url.za.m.mimecastprotect.com
|
South Africa
|
||
192.168.2.4
|
unknown
|
unknown
|
||
162.159.135.233
|
cdn.discordapp.com
|
United States
|
||
192.168.2.5
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
41.74.192.87
|
security-za.m.mimecastprotect.com
|
South Africa
|
||
172.217.16.132
|
www.google.com
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
|
||
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
|
||
https://security-za.m.mimecastprotect.com/ttpwp/#/warn?key=iYdOYhcvEkJvUfK4yzEM9De1GfmHAN4wVuzBJ69YZiEiWV9jbiuYp1ZjRWFgT6TeWNDU0F0xCIi-moTToqioFKe4tfzO0FCg9o5OxrqUUZUEVx0gU6CZyVRitWXYTJx7
|