IOC Report
EFTRemittance_Kenneth_KHQCSQELUN_attach.svg

loading gifFilesProcessesURLsDomainsIPsDOM642020102Label

Files

File Path
Type
Category
Malicious
Download
EFTRemittance_Kenneth_KHQCSQELUN_attach.svg
SVG Scalable Vector Graphics image
initial sample
 malicious
Chrome Cache Entry: 110
very short file (no magic)
dropped
Chrome Cache Entry: 111
ASCII text, with very long lines (10450)
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (51734)
downloaded
Chrome Cache Entry: 113
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
downloaded
Chrome Cache Entry: 114
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 115
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 116
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 117
ASCII text, with very long lines (10017)
downloaded
Chrome Cache Entry: 118
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 119
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 120
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 121
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 122
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (48316), with no line terminators
downloaded
Chrome Cache Entry: 124
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 125
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 126
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 127
HTML document, ASCII text, with very long lines (23657), with CRLF line terminators
downloaded
Chrome Cache Entry: 128
HTML document, ASCII text, with very long lines (52007), with CRLF line terminators
downloaded
Chrome Cache Entry: 129
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 130
very short file (no magic)
downloaded
Chrome Cache Entry: 131
Web Open Font Format, TrueType, length 36696, version 1.0
downloaded
Chrome Cache Entry: 132
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 133
Web Open Font Format, TrueType, length 35970, version 1.0
downloaded
Chrome Cache Entry: 134
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 135
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 136
Unicode text, UTF-8 text, with very long lines (21720), with CRLF line terminators
downloaded
Chrome Cache Entry: 137
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 138
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
downloaded
Chrome Cache Entry: 139
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
downloaded
Chrome Cache Entry: 140
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 141
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 142
ASCII text, with very long lines (26765), with no line terminators
downloaded
Chrome Cache Entry: 143
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 144
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 145
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 146
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 147
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
downloaded
Chrome Cache Entry: 148
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 149
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 150
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 151
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 152
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 153
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 154
RIFF (little-endian) data, Web/P image
dropped
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,10745882534302202489,2155989706674056279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2560 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,10745882534302202489,2155989706674056279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\EFTRemittance_Kenneth_KHQCSQELUN_attach.svg"

URLs

Name
IP
Malicious
https://nvgy.zonqdkqezktw.es/royrhenxvzfixwzowxlvzgogwieuwutxvkqbbrhrmfxtrzifjhsic415qkjlmkzw90f?WFIJKNWOTPMLPZJ
malicious
https://nvgy.zonqdkqezktw.es/8VVgl7/$kenneth@arts.state.tx.us
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
18.164.124.110
https://nvgy.zonqdkqezktw.es/efi3rk8wIUc9YMdOIaEU8OcmpCn4uvF0kxfeYCgUC9k78143
104.21.112.1
https://www.bestbuy.com
unknown
https://code.jquery.com/jquery-3.6.0.min.js
151.101.130.137
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.25.14
https://nvgy.zonqdkqezktw.es/GDSherpa-regular.woff2
104.21.112.1
https://nvgy.zonqdkqezktw.es/favicon.ico
104.21.112.1
https://nvgy.zonqdkqezktw.es/ghQhE2pqDejp9Y7MdLFFMndvgOCaXawk5VYe2eZxyOT1tgw4UmIfT3vKsPMTBOknFywBmERJ12208
104.21.112.1
https://nvgy.zonqdkqezktw.es/wxKnBd2Doxv9Z6xVjtUMsnFvUoGusamnwLkP04EiJZf9RJIab175
104.21.112.1
https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
18.164.124.110
https://nvgy.zonqdkqezktw.es/GDSherpa-vf2.woff2
104.21.112.1
https://nvgy.zonqdkqezktw.es/qrQLFV4tBdUNjfGWPIgrlrtVJkYZvnuvG98dl4dyM35aDPMUKaoaJYwhqxOIWgef239
104.21.112.1
https://nvgy.zonqdkqezktw.es/GDSherpa-bold.woff2
104.21.112.1
https://nvgy.zonqdkqezktw.es/wxFhtRtVhC7KMNNheLOCQWTqrKKKlUh9cVWK5ArQ12127
104.21.112.1
https://nvgy.zonqdkqezktw.es/pwprw4n0USvq3YlbR2pqVrkJYJXs9t3TupoZvAT8a9LwBvbs8Wyp05
104.21.112.1
https://nvgy.zonqdkqezktw.es/pqt96TcweYdqnhd0986jX7LXc1HTZ5PIiDfttsiNVCJVe1GjO9sUFkkwx3CloONWr9omO4xu8xXySeD7obeU2oc4DOnpN7rI1BQoscop344
104.21.112.1
https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
18.164.124.110
https://rw4d0smqyf63vnruyvywkmg7lmehokwasku0akofn2ljmlxfma.magnusxw.es/52883719647951842359993wscJCZVWKWGESAZFZUVAXODKWAHCDFPGZHCRYTyzgMGWScu6Q2eU569GLTpcop50
104.21.66.134
https://nvgy.zonqdkqezktw.es/GDSherpa-regular.woff
104.21.112.1
https://github.com/fent)
unknown
https://nvgy.zonqdkqezktw.es/GDSherpa-bold.woff
104.21.112.1
https://nvgy.zonqdkqezktw.es/34PRKAyS0bAW7iTwXghMi85IKNLzXZ67102
104.21.112.1
https://a.nel.cloudflare.com/report/v4?s=Zu%2ByaUeYS61IHYNYaYcoTcB3yGMTnmtON9sXcnWF7%2FYVRuWcLzcUbivKUoV98BQjEcbseWCXBr9R%2BPSBkscy3bg0ArgocnccjsNwlV%2FKwNJ0Z2ASev1JBILdjR4G8N6XiK6M
35.190.80.1
https://nvgy.zonqdkqezktw.es/lobIFM35ef0YB7ynrIMZkoZzr3so5LWwiAwAFQMbzp
104.21.112.1
https://nvgy.zonqdkqezktw.es/abJCa5Je0mpqNDWcd22
104.21.112.1
https://nvgy.zonqdkqezktw.es/qrulsYFeJ7GfWwNXjnfefYVl4Kus0dgNtWkBuL45140
104.21.112.1
https://developers.cloudflare.com/favicon.png
104.16.6.189
https://nvgy.zonqdkqezktw.es/kfBuTaOa7Rg6KwTAHoqu0U6wgRR0Y9yHEYj0Dew
104.21.112.1
https://rw4d0smqyf63vnruyvywkmg7lmehokwasku0akofn2ljmlxfma.magnusxw.es/52883719647951842359993wscJCZVWKWGESAZFZUVAXODKWAHCDFPGZHCRYTyzwHvZn4qpm8fOs78QOKdpAKYop50
104.21.66.134
https://nvgy.zonqdkqezktw.es/klbBQk5yHo1GShhrCaUyu3MnfEcdjJd2M8FvkZbk73cpOIuTJ56170
104.21.112.1
https://nvgy.zonqdkqezktw.es/stBXwT2sbjUayhGwpr3Q9ZyNUZxklYmVVXrORKRzNqS5g672qid6nJr35VzqrtK54MbcUQMef256
104.21.112.1
https://nvgy.zonqdkqezktw.es/GDSherpa-vf.woff2
104.21.112.1
https://nvgy.zonqdkqezktw.es/56qKfabgxy7BW6719
104.21.112.1
https://get.geojs.io/v1/ip/geo.json
172.67.70.233
https://rw4d0smqyf63vnruyvywkmg7lmehokwasku0akofn2ljmlxfma.magnusxw.es/52883719647951842359993wscJCZVWKWGESAZFZUVAXODKWAHCDFPGZHCRYTyzMdrY59wxJH5hGZ56pCGMAX4Qqr50
104.21.66.134
https://a3fv1.ajcffp.ru/rand$5ef7y
172.67.196.11
https://nvgy.zonqdkqezktw.es/rsANu3SFS4iI8L02ocqhJnUxRIMTrghludnRwalmcU3o0yV9dwT3jfcd200
104.21.112.1
https://rw4d0smqyf63vnruyvywkmg7lmehokwasku0akofn2ljmlxfma.magnusxw.es/52883719647951842359993wscJCZVWKWGESAZFZUVAXODKWAHCDFPGZHCRYTrs1CE7p3D3U1Rq7yzEDwx40
104.21.66.134
There are 30 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
nvgy.zonqdkqezktw.es
104.21.112.1
 malicious
a.nel.cloudflare.com
35.190.80.1
code.jquery.com
151.101.130.137
developers.cloudflare.com
104.16.6.189
rw4d0smqyf63vnruyvywkmg7lmehokwasku0akofn2ljmlxfma.magnusxw.es
104.21.66.134
cdnjs.cloudflare.com
104.17.25.14
github.com
140.82.112.3
a3fv1.ajcffp.ru
172.67.196.11
get.geojs.io
172.67.70.233
www.google.com
142.250.81.228
d19d360lklgih4.cloudfront.net
18.164.124.110
objects.githubusercontent.com
185.199.108.133
ok4static.oktacdn.com
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.21.112.1
nvgy.zonqdkqezktw.es
United States
malicious
140.82.112.3
github.com
United States
104.21.64.1
unknown
United States
104.21.92.165
unknown
United States
192.168.2.5
unknown
unknown
151.101.130.137
code.jquery.com
United States
172.67.196.11
a3fv1.ajcffp.ru
United States
192.168.2.23
unknown
unknown
104.16.6.189
developers.cloudflare.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.16.2.189
unknown
United States
172.67.160.100
unknown
United States
18.164.124.91
unknown
United States
142.250.81.228
www.google.com
United States
104.21.66.134
rw4d0smqyf63vnruyvywkmg7lmehokwasku0akofn2ljmlxfma.magnusxw.es
United States
18.164.124.110
d19d360lklgih4.cloudfront.net
United States
192.168.2.13
unknown
unknown
172.67.70.233
get.geojs.io
United States
185.199.108.133
objects.githubusercontent.com
Netherlands
104.17.25.14
cdnjs.cloudflare.com
United States
There are 10 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://nvgy.zonqdkqezktw.es/8VVgl7/$kenneth@arts.state.tx.us
 malicious
https://nvgy.zonqdkqezktw.es/8VVgl7/$kenneth@arts.state.tx.us
 malicious
https://nvgy.zonqdkqezktw.es/royrhenxvzfixwzowxlvzgogwieuwutxvkqbbrhrmfxtrzifjhsic415qkjlmkzw90f?WFIJKNWOTPMLPZJ
 malicious
https://nvgy.zonqdkqezktw.es/royrhenxvzfixwzowxlvzgogwieuwutxvkqbbrhrmfxtrzifjhsic415qkjlmkzw90f?WFIJKNWOTPMLPZJ
 malicious
https://nvgy.zonqdkqezktw.es/royrhenxvzfixwzowxlvzgogwieuwutxvkqbbrhrmfxtrzifjhsic415qkjlmkzw90f?WFIJKNWOTPMLPZJ
 malicious
https://nvgy.zonqdkqezktw.es/royrhenxvzfixwzowxlvzgogwieuwutxvkqbbrhrmfxtrzifjhsic415qkjlmkzw90f?WFIJKNWOTPMLPZJ
 malicious
https://nvgy.zonqdkqezktw.es/8VVgl7/$kenneth@arts.state.tx.us