Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 05:18:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 100
|
ASCII text, with very long lines (49529)
|
dropped
|
||
Chrome Cache Entry: 101
|
gzip compressed data, from Unix, original size modulo 2^32 141803
|
dropped
|
||
Chrome Cache Entry: 102
|
PNG image data, 1420 x 1080, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 103
|
ASCII text, with very long lines (64616)
|
dropped
|
||
Chrome Cache Entry: 104
|
Unicode text, UTF-8 text, with very long lines (32002)
|
downloaded
|
||
Chrome Cache Entry: 77
|
HTML document, ASCII text, with very long lines (1101)
|
downloaded
|
||
Chrome Cache Entry: 78
|
PNG image data, 260 x 35, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 79
|
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 80
|
PNG image data, 1420 x 1080, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 81
|
ASCII text, with very long lines (64616)
|
downloaded
|
||
Chrome Cache Entry: 82
|
PNG image data, 260 x 35, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 83
|
ASCII text, with very long lines (14442)
|
dropped
|
||
Chrome Cache Entry: 84
|
gzip compressed data, from Unix, original size modulo 2^32 315
|
downloaded
|
||
Chrome Cache Entry: 85
|
ASCII text, with very long lines (14442)
|
downloaded
|
||
Chrome Cache Entry: 86
|
HTML document, ASCII text, with very long lines (945)
|
downloaded
|
||
Chrome Cache Entry: 87
|
ASCII text, with very long lines (8095), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 88
|
gzip compressed data, from Unix, original size modulo 2^32 10462
|
downloaded
|
||
Chrome Cache Entry: 89
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 90
|
ASCII text, with very long lines (49529)
|
downloaded
|
||
Chrome Cache Entry: 91
|
ASCII text, with very long lines (61177)
|
downloaded
|
||
Chrome Cache Entry: 92
|
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 93
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 94
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 95
|
ASCII text, with very long lines (7960), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 96
|
Unicode text, UTF-8 text, with very long lines (32002)
|
dropped
|
||
Chrome Cache Entry: 97
|
gzip compressed data, from Unix, original size modulo 2^32 141803
|
downloaded
|
||
Chrome Cache Entry: 98
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 99
|
SVG Scalable Vector Graphics image
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,1171109190669764174,17585143211424108510,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1
|
|||
https://cnrsys.com/.jhg/
|
188.114.96.3
|
||
https://69cde8a9-b98cbfac.signform.us/favicon.ico
|
206.206.125.198
|
||
https://cnrsys.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
|
188.114.96.3
|
||
https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#
|
|||
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com
|
206.206.125.198
|
||
https://accounts.signform.us/favicon.ico
|
206.206.125.198
|
||
https://69cde8a9-b98cbfac.signform.us/adfs/portal/logo/logo.png?id=ED67F68E42EDB0D1E6087D97445D46B2A475DAD7A6697670C1F161B419E5D2B4
|
206.206.125.198
|
||
https://accounts.signform.us/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=2101&client-request-id=3a0a2696-c8bc-49cf-8889-338545843932&hpgrequestid=02e5502b-6a80-4091-90bd-8fa0da3eb300
|
206.206.125.198
|
||
https://134694a7-b98cbfac.signform.us/api/report?catId=GW+estsfd+ams2
|
206.206.125.198
|
||
https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0
|
206.206.125.198
|
||
https://accounts.signform.us/b98cbfac3b4f48f1a0cb583440b2d360/
|
206.206.125.198
|
||
https://69cde8a9-b98cbfac.signform.us/adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151
|
206.206.125.198
|
||
https://69cde8a9-b98cbfac.signform.us/adfs/portal/illustration/illustration.png?id=0C5D289F7460277C6F03A53FB814E3CB9DFED9A48038DB976535D9C1A7B89970
|
206.206.125.198
|
||
https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation
|
|||
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com&sso_reload=true
|
206.206.125.198
|
||
https://3555af0f-b98cbfac.signform.us/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js
|
206.206.125.198
|
||
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885
|
|||
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqx
|
unknown
|
||
https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1
|
199.36.158.100
|
||
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficc
|
unknown
|
||
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
|
152.199.21.175
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b
|
unknown
|
||
https://ingenieriawj.com/dobe.php?url=
|
unknown
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
|
152.199.21.175
|
||
http://knockoutjs.com/
|
unknown
|
||
https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c9960913bc242c7
|
188.114.96.3
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d
|
unknown
|
||
https://github.com/douglascrockford/JSON-js
|
unknown
|
||
https://login.windows-ppe.net
|
unknown
|
||
https://a.nel.cloudflare.com/report/v4?s=YMLOLPGSRSsmwqIpR3fASjuCOZFyw2vqRj30ILIMSrYqMs%2BSqnDEjfXqZcDkX7Ba3r%2Bnd0eB9RJep02H0bLqRSKLTKeluxI%2FFC6uy6lWSfTwTYgQT%2FO0KIiV436O
|
35.190.80.1
|
||
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
|
152.199.21.175
|
||
https://login.microsoftonline.com
|
unknown
|
||
https://cnrsys.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c99609c4fe34276
|
188.114.96.3
|
||
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
https://login.microsoftonline.com/common/login
|
unknown
|
||
https://ingenieriawj.com/dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1
|
149.56.200.84
|
||
https://a.nel.cloudflare.com/report/v4?s=ZXLKTnD3NvmH3q%2BrR84lxrDyALoZ9B34Rs29sdUWQ2cB1BnFFlAvE%2Bt%2FFSnUcL9vr6%2FKoFU4KyJUf4x5lcItQ1VRMj1H5WDLXrx%2FWoyGZqE%2F%2FrPPc8zysNvO2UKa
|
35.190.80.1
|
||
http://www.ingenieriawj.com/dobe.php?url=https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1
|
149.56.200.84
|
||
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
|
152.199.21.175
|
||
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_1
|
unknown
|
||
https://login.microsoftonline.com/jsdisabled
|
unknown
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
|
152.199.21.175
|
||
https://aadcdn.msftauth.net
|
unknown
|
||
https://cnrsys.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
|
188.114.96.3
|
||
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js
|
152.199.21.175
|
||
https://docu8ign.web.app/$
|
unknown
|
||
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js
|
152.199.21.175
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d
|
unknown
|
There are 38 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
69cde8a9-b98cbfac.signform.us
|
206.206.125.198
|
||
134694a7-b98cbfac.signform.us
|
206.206.125.198
|
||
accounts.signform.us
|
206.206.125.198
|
||
3555af0f-b98cbfac.signform.us
|
206.206.125.198
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
sni1gl.wpc.omegacdn.net
|
152.199.21.175
|
||
www.google.com
|
142.250.186.164
|
||
ingenieriawj.com
|
149.56.200.84
|
||
docu8ign.web.app
|
199.36.158.100
|
||
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
cnrsys.com
|
188.114.96.3
|
||
windowsupdatebg.s.llnwi.net
|
46.228.146.128
|
||
www.ingenieriawj.com
|
unknown
|
||
aadcdn.msftauth.net
|
unknown
|
There are 5 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.2.5
|
unknown
|
unknown
|
||
206.206.125.198
|
69cde8a9-b98cbfac.signform.us
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
192.168.2.6
|
unknown
|
unknown
|
||
199.36.158.100
|
docu8ign.web.app
|
United States
|
||
149.56.200.84
|
ingenieriawj.com
|
Canada
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
188.114.96.3
|
cnrsys.com
|
European Union
|
||
142.250.186.164
|
www.google.com
|
United States
|
||
152.199.21.175
|
sni1gl.wpc.omegacdn.net
|
United States
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
There are 1 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation
|
||
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885
|
||
https://69cde8a9-b98cbfac.signform.us/adfs/ls/?login_hint=stefan.bubestinger%40hoerbiger.com&client-request-id=4c278519-17f3-4322-9523-e7d2bea4058f&username=stefan.bubestinger%40hoerbiger.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQkW9V9PosrOU9Vfn5p3xLW_lWMyoSN0L_AyPiCkXESk0JxSWpaYp5eUmlSanFJZl56apFDRn5qUVImkAVSeYtJ0L8o3TMlvNgtNSW1KLEkMz_vETNBbRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnTvenPxhy56k30WVWztXuFym-EUq76pSaJxoYtPvllOZWlukIulZ3FWoqV5lF-2QVJ2kIV5WJV2bphpQaFTaLGFraGV4QQ2oQlsTKfYGD6wMXawM8xiZzjAyXiAl-EH3_N3zyYdub79nccGAYYHAgwA0#
|
||
https://docu8ign.web.app/5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1#40444/docu8ign.web.app/user/settings/notification-4e0rr70db9ec/oauth2/_3TUE34aDfFZ4KFYPT2LS/redirecting_to_organisation
|
||
https://accounts.signform.us/?username=stefan.bubestinger@hoerbiger.com#/common/oauth2/authorize?client_id=0.45184072966307-0ff1-0.062128664488964&auth=1-0.95789965379885
|