IOC Report
https://d3k0gij77b1jti.cloudfront.net

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:47:51 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:47:51 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:47:51 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:47:51 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:47:51 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 64
ASCII text, with very long lines (3114)
downloaded
Chrome Cache Entry: 65
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x64, components 3
downloaded
Chrome Cache Entry: 66
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x44, components 3
downloaded
Chrome Cache Entry: 67
ASCII text, with very long lines (609)
downloaded
Chrome Cache Entry: 68
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 69
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 70
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (935)
downloaded
Chrome Cache Entry: 72
ASCII text
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (2045)
downloaded
Chrome Cache Entry: 74
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, description=OLYMPUS DIGITAL CAMERA, software=Google], baseline, precision 8, 92x92, components 3
downloaded
Chrome Cache Entry: 75
ASCII text, with very long lines (799)
downloaded
Chrome Cache Entry: 76
ASCII text, with very long lines (630)
downloaded
Chrome Cache Entry: 77
ASCII text, with very long lines (547)
downloaded
Chrome Cache Entry: 78
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 79
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x58, components 3
downloaded
Chrome Cache Entry: 80
XML 1.0 document, ASCII text
downloaded
Chrome Cache Entry: 81
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 82
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x35, components 3
downloaded
Chrome Cache Entry: 83
ASCII text
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (363)
downloaded
Chrome Cache Entry: 85
ASCII text
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (1617)
downloaded
Chrome Cache Entry: 87
PNG image data, 64 x 42, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 88
ASCII text, with very long lines (362)
downloaded
Chrome Cache Entry: 89
PNG image data, 64 x 27, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 90
ASCII text
downloaded
Chrome Cache Entry: 91
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 92
ASCII text
downloaded
Chrome Cache Entry: 93
HTML document, ASCII text
downloaded
Chrome Cache Entry: 94
XML 1.0 document, ASCII text
downloaded
Chrome Cache Entry: 95
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
Chrome Cache Entry: 96
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x36, components 3
downloaded
Chrome Cache Entry: 97
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
downloaded
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://d3k0gij77b1jti.cloudfront.net/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1928,i,11253576738177546024,6209397194130133784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://d3k0gij77b1jti.cloudfront.net
https://pb-logs.media.net/
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23.82&oit=4&cp=5&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23.82.12.&oit=4&cp=9&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23%3A82%3A&oit=4&cp=6&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23&oit=4&cp=2&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n&oit=1&cp=6&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd8&oit=1&cp=4&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-&oit=1&cp=3&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://23.82.12.31:443/
23.82.12.31
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23%3A82%3A12%3A&oit=4&cp=9&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb&oit=1&cp=2&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.med&oit=3&cp=11&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23.&oit=4&cp=3&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.media&oit=3&cp=13&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7apv&oit=1&cp=10&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7apv.bea&oit=1&cp=14&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://esd80n7apv.beauty/
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs&oit=1&cp=7&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.m&oit=1&cp=9&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.medi&oit=1&cp=12&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80&oit=1&cp=5&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.me&oit=3&cp=10&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7apv.be&oit=3&cp=13&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.media.&oit=3&cp=14&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://lh5.googleusercontent.com/p/AF1QipM1AF06CxaMLr3ogY34t4eZnkQ0EgX3PGYL8Iua=w92-h92-n-k-no
172.217.23.97
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.&oit=1&cp=8&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.media.n&oit=1&cp=15&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=pb-logs.media.net&oit=3&cp=17&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.186.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7apv.beau&oit=1&cp=15&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7apv.b&oit=1&cp=12&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23%3A&oit=4&cp=3&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7ap&oit=1&cp=9&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd&oit=1&cp=3&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://d3k0gij77b1jti.cloudfront.net/favicon.ico
13.32.118.214
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7a&oit=1&cp=8&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=esd80n7apv.beauty&oit=3&cp=17&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23.8&oit=4&cp=4&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23.82.12&oit=4&cp=8&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=23.82.12.31&oit=3&cp=11&pgcl=4&gs_rn=42&psi=62JYTPuu1jgnXuqn&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.23.100
https://d3k0gij77b1jti.cloudfront.net/
13.32.118.214
There are 31 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d3k0gij77b1jti.cloudfront.net
13.32.118.214
www.google.com
172.217.23.100
esd80n7apv.beauty
34.197.100.133
googlehosted.l.googleusercontent.com
172.217.23.97
lh5.googleusercontent.com
unknown
pb-logs.media.net
unknown

IPs

IP
Domain
Country
Malicious
13.32.118.214
d3k0gij77b1jti.cloudfront.net
United States
192.168.2.17
unknown
unknown
172.217.23.97
googlehosted.l.googleusercontent.com
United States
239.255.255.250
unknown
Reserved
172.217.23.100
www.google.com
United States
142.250.186.100
unknown
United States
34.197.100.133
esd80n7apv.beauty
United States
23.82.12.31
unknown
United States

DOM / HTML

URL
Malicious
https://esd80n7apv.beauty/
https://pb-logs.media.net/