IOC Report
https://claim.eventsmidasbuys.com/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:30:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:30:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:30:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:30:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:30:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (30837)
downloaded
Chrome Cache Entry: 101
PNG image data, 512 x 512, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 102
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3
downloaded
Chrome Cache Entry: 103
PNG image data, 1511 x 901, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 104
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 105
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 106
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 107
PNG image data, 800 x 344, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 108
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 109
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 110
ASCII text
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (65371)
downloaded
Chrome Cache Entry: 112
PNG image data, 2000 x 609, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 113
ASCII text
downloaded
Chrome Cache Entry: 114
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo
downloaded
Chrome Cache Entry: 115
HTML document, Unicode text, UTF-8 text, with very long lines (370), with CRLF line terminators
downloaded
Chrome Cache Entry: 116
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 117
PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 118
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo
downloaded
Chrome Cache Entry: 119
PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 120
Web Open Font Format (Version 2), TrueType, length 22220, version 1.0
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 122
ASCII text
downloaded
Chrome Cache Entry: 123
ASCII text
dropped
Chrome Cache Entry: 124
ASCII text
dropped
Chrome Cache Entry: 125
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3
dropped
Chrome Cache Entry: 126
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo
downloaded
Chrome Cache Entry: 127
ASCII text
downloaded
Chrome Cache Entry: 128
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 129
assembler source, ASCII text, with very long lines (305)
downloaded
Chrome Cache Entry: 130
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 131
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=300, orientation=[*0*], width=1440], baseline, precision 8, 1440x300, components 3
downloaded
Chrome Cache Entry: 132
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo
downloaded
Chrome Cache Entry: 133
ASCII text
downloaded
Chrome Cache Entry: 134
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 135
PNG image data, 1511 x 901, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 136
PNG image data, 30 x 31, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 137
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1260x2800, components 3
downloaded
Chrome Cache Entry: 138
PNG image data, 2000 x 609, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (32061)
downloaded
Chrome Cache Entry: 140
PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 141
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 142
PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 143
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 144
PNG image data, 800 x 344, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 145
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 146
Web Open Font Format (Version 2), TrueType, length 15044, version 1.0
downloaded
Chrome Cache Entry: 147
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1161, orientation=[*0*], width=1080], baseline, precision 8, 1080x1161, components 3
downloaded
Chrome Cache Entry: 148
PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 149
ASCII text
downloaded
Chrome Cache Entry: 150
PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 151
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 152
ASCII text, with very long lines (32061)
dropped
Chrome Cache Entry: 153
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 154
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 155
PNG image data, 512 x 512, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 156
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1001, orientation=[*0*], width=880], baseline, precision 8, 880x1001, components 3
dropped
Chrome Cache Entry: 157
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 158
ASCII text
dropped
Chrome Cache Entry: 159
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 160
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo
downloaded
Chrome Cache Entry: 161
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 162
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 163
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 164
PNG image data, 30 x 31, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 165
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 166
PNG image data, 700 x 774, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 167
PNG image data, 722 x 170, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 168
PNG image data, 243 x 249, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 169
PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 170
PNG image data, 243 x 249, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 171
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
downloaded
Chrome Cache Entry: 172
ASCII text, with very long lines (32180)
downloaded
Chrome Cache Entry: 173
ASCII text
downloaded
Chrome Cache Entry: 174
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=300, orientation=[*0*], width=1440], baseline, precision 8, 1440x300, components 3
dropped
Chrome Cache Entry: 175
ASCII text
downloaded
Chrome Cache Entry: 176
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
downloaded
Chrome Cache Entry: 177
ASCII text, with very long lines (32180)
dropped
Chrome Cache Entry: 178
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1001, orientation=[*0*], width=880], baseline, precision 8, 880x1001, components 3
downloaded
Chrome Cache Entry: 179
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1161, orientation=[*0*], width=1080], baseline, precision 8, 1080x1161, components 3
dropped
Chrome Cache Entry: 180
PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 99
ASCII text
downloaded
There are 79 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2016,i,16103745122714947359,4788103846012999014,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://claim.eventsmidasbuys.com/"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4256 --field-trial-handle=2016,i,16103745122714947359,4788103846012999014,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://claim.eventsmidasbuys.com/
malicious
https://claim.eventsmidasbuys.com/favicon.ico
103.59.95.62
 malicious
https://claim.eventsmidasbuys.com/
malicious
https://www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg
unknown
https://sdf.donegabang.com/js/showHide.js
103.59.95.62
http://fontawesome.io
unknown
https://sdf.donegabang.com/img/rewards/8.png
103.59.95.62
https://sdf.donegabang.com/img/nam1.png
103.59.95.62
https://sdf.donegabang.com/img/namekheader.png
103.59.95.62
https://sdf.donegabang.com/css/loader.css
103.59.95.62
https://sdf.donegabang.com/img/nam3.png
103.59.95.62
https://sdf.donegabang.com/img/bgreward.jpg
103.59.95.62
https://sdf.donegabang.com/img/rewards/7.png
103.59.95.62
https://sdf.donegabang.com/img/namtw.png
103.59.95.62
https://daneden.github.io/animate.css/
unknown
https://sdf.donegabang.com/img/rewards/suit/1.jpg
103.59.95.62
https://sdf.donegabang.com/img/rewards/6.png
103.59.95.62
https://a.top4top.io/m_1725zobal2.mp3
65.21.235.194
https://i.postimg.cc/02KwtTc7/footer-bg.jpg)
unknown
https://sdf.donegabang.com/js/selowscript.js
103.59.95.62
http://www.videolan.org/x264.html
unknown
https://sdf.donegabang.com/js/loginall.js
103.59.95.62
http://getbootstrap.com)
unknown
https://sdf.donegabang.com/css/style.css
103.59.95.62
https://sdf.donegabang.com/img/rewards/5.png
103.59.95.62
https://sdf.donegabang.com/img/icon_fb.png
103.59.95.62
https://www.pubgmobile.com/en/images/footer_link_bg_on.png)
unknown
https://sdf.donegabang.com/img/nam10x.png
103.59.95.62
https://sdf.donegabang.com/img/nam2.png
103.59.95.62
https://sdf.donegabang.com/media/open.mp3
103.59.95.62
https://github.com/nickpettit/glide
unknown
https://sdf.donegabang.com/js/myscript.js
103.59.95.62
https://sdf.donegabang.com/js/kinnonscript.js
103.59.95.62
https://sdf.donegabang.com/js/slidernotif.js
103.59.95.62
https://sdf.donegabang.com/img/namfb.png
103.59.95.62
https://www.pubgmobile.com
unknown
https://sdf.donegabang.com/js/click.js
103.59.95.62
https://sdf.donegabang.com/
103.59.95.62
https://sdf.donegabang.com/media/namekwait.webm
103.59.95.62
https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-
unknown
https://www.pubgmobile.com/common/images/icon_logo.jpg
unknown
https://sdf.donegabang.com/media/putaran.mp3
103.59.95.62
https://i.ibb.co/PYpHF6b/Twitter-Show-Password.png
162.19.58.157
https://sdf.donegabang.com/css/bukanlog/twitter.css
103.59.95.62
http://opensource.org/licenses/MIT
unknown
https://cdn.jsdelivr.net/gh/penguasa-de/de
unknown
https://i.postimg.cc/jdq9pLMZ/navbar-logo.jpg
unknown
http://fontawesome.io/license
unknown
https://sdf.donegabang.com/css/arpanyet.css
103.59.95.62
https://sdf.donegabang.com/img/nam4.jpg
103.59.95.62
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207
https://sdf.donegabang.com/css/bukanlog/facebook.css
103.59.95.62
https://sdf.donegabang.com/fonts/selow.woff2
103.59.95.62
https://sdf.donegabang.com/js/sliders.js
103.59.95.62
https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css
104.17.25.14
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.18.11.207
https://www.pubgmobile.com/en/images/footer_link_bg.png)
unknown
https://sdf.donegabang.com/img/nam5.png
103.59.95.62
https://l.top4top.io/m_1725u5z7i1.mp3
135.181.63.70
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://sdf.donegabang.com/css/animate.css
103.59.95.62
http://code.jquery.com/jquery-1.10.2.min.js
unknown
https://sdf.donegabang.com/img/nameklogin.png
103.59.95.62
https://i.postimg.cc/3wBVgZTz/login-Method1.png
46.105.222.161
https://sdf.donegabang.com/img/popup-close2.png
103.59.95.62
https://sdf.donegabang.com/img/namfot.jpg
103.59.95.62
https://sdf.donegabang.com/media/close.mp3
103.59.95.62
https://i.ibb.co/pZDr8sd/Twitter-Hide-Password.png
162.19.58.157
https://pubgmobile.com/
unknown
There are 58 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
stackpath.bootstrapcdn.com
104.18.11.207
sdf.donegabang.com
103.59.95.62
cdnjs.cloudflare.com
104.17.25.14
l.top4top.io
135.181.63.70
i.postimg.cc
46.105.222.161
www.google.com
142.250.185.164
claim.eventsmidasbuys.com
103.59.95.62
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.34
fp2e7a.wpc.phicdn.net
192.229.221.95
i.ibb.co
162.19.58.157
a.top4top.io
65.21.235.194
www.pubgmobile.com
unknown
cdn.jsdelivr.net
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
162.19.58.160
unknown
United States
192.168.2.6
unknown
unknown
192.168.2.5
unknown
unknown
103.59.95.62
sdf.donegabang.com
Korea Republic of
142.250.185.164
www.google.com
United States
46.105.222.81
unknown
France
46.105.222.161
i.postimg.cc
France
162.19.58.157
i.ibb.co
United States
104.18.11.207
stackpath.bootstrapcdn.com
United States
239.255.255.250
unknown
Reserved
135.181.63.70
l.top4top.io
Germany
65.21.235.194
a.top4top.io
United States
104.17.25.14
cdnjs.cloudflare.com
United States
There are 3 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://claim.eventsmidasbuys.com/
 malicious
https://claim.eventsmidasbuys.com/