IOC Report
http://clicks.sharefile.com/f/a/SncqrsfZOz93buaMHHZ1EQ~~/AACuKQA~/RgRo3Qm5P4Q1AWh0dHBzOi8vY2FtcGFpZ25zdHVkaW8uc2hhcmVmaWxlLmNvbS9yL2IxZTJlYWMzYjA5ZGVkZTJjMjgzMmVlYzk_Y3Q9WVRvMU9udHpPalk2SW5OdmRYSmpaU0k3WVRveU9udHBPakE3Y3pveE5Eb2lZMkZ0Y0dGcFoyNHVaWFpsYm5RaU8yazZNVHRwT2pnd08zMXpPalU2SW1WdFlXbHNJanRwT2

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 63
ASCII text, with very long lines (3545)
downloaded
Chrome Cache Entry: 64
ASCII text, with very long lines (2026)
dropped
Chrome Cache Entry: 65
ASCII text, with very long lines (2026)
downloaded
Chrome Cache Entry: 66
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 67
ASCII text, with very long lines (65310)
dropped
Chrome Cache Entry: 68
ASCII text
downloaded
Chrome Cache Entry: 69
Unicode text, UTF-8 text, with very long lines (13545), with no line terminators
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (3545)
dropped
Chrome Cache Entry: 71
JSON data
dropped
Chrome Cache Entry: 72
HTML document, ASCII text, with very long lines (2178), with no line terminators
downloaded
Chrome Cache Entry: 73
JSON data
downloaded
Chrome Cache Entry: 74
Unicode text, UTF-8 text, with very long lines (13545), with no line terminators
dropped
Chrome Cache Entry: 75
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 76
ASCII text, with very long lines (65310)
downloaded
Chrome Cache Entry: 77
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 78
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 79
GIF image data, version 89a, 1 x 1
dropped
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2464,i,7416979685850918852,11471496941835541218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clicks.sharefile.com/f/a/SncqrsfZOz93buaMHHZ1EQ~~/AACuKQA~/RgRo3Qm5P4Q1AWh0dHBzOi8vY2FtcGFpZ25zdHVkaW8uc2hhcmVmaWxlLmNvbS9yL2IxZTJlYWMzYjA5ZGVkZTJjMjgzMmVlYzk_Y3Q9WVRvMU9udHpPalk2SW5OdmRYSmpaU0k3WVRveU9udHBPakE3Y3pveE5Eb2lZMkZ0Y0dGcFoyNHVaWFpsYm5RaU8yazZNVHRwT2pnd08zMXpPalU2SW1WdFlXbHNJanRwT2pJM08zTTZORG9pYzNSaGRDSTdjem95TWpvaU5qWm1ZVGcwWWpjellXWTNNakUzT1RrNE5qa3lOU0k3Y3pvME9pSnNaV0ZrSWp0ek9qYzZJalkwTlRFek1EVWlPM002TnpvaVkyaGhibTVsYkNJN1lUb3hPbnR6T2pVNkltVnRZV2xzSWp0cE9qSTNPMzE5JlcDc3BjQgpm-LmE-mYhmDDJUhdTYXJhaC5BbHRvbkBhc2h1cnN0LmNvbVgEAAAG3w~~"

URLs

Name
IP
Malicious
http://clicks.sharefile.com/f/a/SncqrsfZOz93buaMHHZ1EQ~~/AACuKQA~/RgRo3Qm5P4Q1AWh0dHBzOi8vY2FtcGFpZ25zdHVkaW8uc2hhcmVmaWxlLmNvbS9yL2IxZTJlYWMzYjA5ZGVkZTJjMjgzMmVlYzk_Y3Q9WVRvMU9udHpPalk2SW5OdmRYSmpaU0k3WVRveU9udHBPakE3Y3pveE5Eb2lZMkZ0Y0dGcFoyNHVaWFpsYm5RaU8yazZNVHRwT2pnd08zMXpPalU2SW1WdFlXbHNJanRwT2pJM08zTTZORG9pYzNSaGRDSTdjem95TWpvaU5qWm1ZVGcwWWpjellXWTNNakUzT1RrNE5qa3lOU0k3Y3pvME9pSnNaV0ZrSWp0ek9qYzZJalkwTlRFek1EVWlPM002TnpvaVkyaGhibTVsYkNJN1lUb3hPbnR6T2pVNkltVnRZV2xzSWp0cE9qSTNPMzE5JlcDc3BjQgpm-LmE-mYhmDDJUhdTYXJhaC5BbHRvbkBhc2h1cnN0LmNvbVgEAAAG3w~~
https://secure.sharefile.com/AuthUI/build/static/js/726.b72a5bb0.chunk.js?v=MQwbgb4Lbb6pR0AtkP0wL-Y4sza8X6QviHy-kTXJvss
13.248.193.251
https://citrix-sharefile-data.customer.pendo.io/data/ptm.gif/74b07336-7560-45fc-7cd1-95032a784d52?v=2.248.1_prod&ct=1727754885994&jzb=eJzNkc1vnDAQxf8X97oCljULuzck-qU0SVuSfmxVIQNesGRsYo9JV9H-7xmTLsdcW07w3szjNzO_ngicRk72ZODAyIrURj9abioQA6rrNE7ThGZZssuSFZmEFaBNJVpsqD6_vSluq7vKRdfCUtpn2wcMYE2jnYK5RjkpV8QZieU9wGj3YWh54wwPbM8MPwrJg0YPYe6g5wpEw0BoFX7SnVBvwhKYgW-Cla5u9cCEwvjR6NGS_dOFxb--hiOZ6hzr_IRcVfclOS-Il1ZPieqIQAryxUOpZeAbN1EY7cI4iikGTtxYZEQ5DmKaBesKkVof-xJwx-qPy-jw8kF-TkW81d8Ph4Jv8-M7P8jRsIHPZndfuh86_UL1-8kU_QFNy63_yWzXfz5cy69X7DGX6ma6TWf7wXHVIFuEFzsBx41QujuvlmtKzdpXr5n9X9f0vH8pk22UBdHu8qTpP1rtelntZkPPv58BP_AI1g
34.107.204.85
https://citrix-sharefile-content.customer.pendo.io/guide.-323232.1622565221517.css
34.111.138.51
https://secure.sharefile.com/Authentication/Login?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czoxNDoiY2FtcGFpZ24uZXZlbnQiO2k6MTtpOjgwO31zOjU6ImVtYWlsIjtpOjI3O3M6NDoic3RhdCI7czoyMjoiNjZmYTg0YjczYWY3MjE3OTk4NjkyNSI7czo0OiJsZWFkIjtzOjc6IjY0NTEzMDUiO3M6NzoiY2hhbm5lbCI7YToxOntzOjU6ImVtYWlsIjtpOjI3O319
13.248.193.251
https://secure.sharefile.com/Authentication/Login#/StartViaSubdomain
https://campaignstudio.sharefile.com/r/b1e2eac3b09dede2c2832eec9?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czoxNDoiY2FtcGFpZ24uZXZlbnQiO2k6MTtpOjgwO31zOjU6ImVtYWlsIjtpOjI3O3M6NDoic3RhdCI7czoyMjoiNjZmYTg0YjczYWY3MjE3OTk4NjkyNSI7czo0OiJsZWFkIjtzOjc6IjY0NTEzMDUiO3M6NzoiY2hhbm5lbCI7YToxOntzOjU6ImVtYWlsIjtpOjI3O319&
18.213.75.129
https://citrix-sharefile-content.customer.pendo.io/guide-content/wotSbq5SNToNGIBxeYKbdsIn35Q
unknown
https://secure.sharefile.com/AuthUI/build/static/js/748.0bde3ed9.chunk.js?v=FQaynjASfZm6cky4DqwdWXbyUpmvAfV65CLsSDqZB1Q
13.248.193.251
https://secure.sharefile.com/Authentication/StartLogin?client_id=Dzi4UPUAg5l8beKdioecdcnmHUTWWln6&state=f4uVqL4mHe4wOn7HGYp3uA--&redirect_uri=https%3a%2f%2fsecure.sharefile.com%2flogin%2foauthlogin&saml_noiframe=False&subdomain=secure&autoredirect=False&requirev3=False&fix_mie_viewport=False&PromptLoginAfterActivation=False&device_id_supported=True&wcs_auth_login_url=https%3a%2f%2fauth.sharefile.io%2fconnect%2fauthorize%3fclient_id%3dDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3df4uVqL4mHe4wOn7HGYp3uA--%26acr_values%3dtenant%253Asecure%26response_type%3dcode%26redirect_uri%3dhttps%3a%2f%2fsecure.sharefile.com%2flogin%2foauthlogin%26scope%3dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid
13.248.193.251
https://secure.sharefile.com/AuthUI/build/static/js/124.2e4f676c.chunk.js?v=CID9KQVn9a2YQpRL3fogqsTVNN7uC9-fVaEU1yuHjU0
13.248.193.251
https://secure.sharefile.com/AuthUI/build/static/js/258.141c3426.chunk.js?v=GX7-l4A8TbdDUjtkrqXFGGlNpXtyqvHSbcA-tcun8h4
13.248.193.251
https://secure.sharefile.com/favicon-32x32.png
13.248.193.251
https://secure.sharefile.com/manifest.json
13.248.193.251
https://citrix-sharefile-content.customer.pendo.io/guide-content/u6RYL2wEa9xrpUJMTeOXl41AeJI/qrJmWADnkufXgGqv6M-p2xBSYIU/xBPyrN0M2r6IFxno71T0shlp-Qc.dom.json?sha256=OG9P3pymuWfB-ZaKqljhBPBaH2alktLkYBmVTjLKrSQ
34.111.138.51
http://secure.sharefile.com/Authentication/Login#
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/moENhVNGkRpdnhKRCzqkG8MUQPk/Mp9uRb2
unknown
https://secure.sharefile.com/AuthUI/build/static/js/270.6be85df0.chunk.js?v=0BVoMzsUMQ521uV-L2dhESZ809Gahn-9nBV3D-3SHaQ
13.248.193.251
https://secure.sharefile.com/AuthUI/build/static/js/619.103cb058.chunk.js?v=t3w-7kgESs6gtUDVhObF9osWSWG3_i_tauIE75EVs8g
13.248.193.251
https://secure.sharefile.com/AuthUI/build/static/media/PublicSans-Medium.f6ebd504e3b19c186177.woff2
13.248.193.251
https://citrix-sharefile-content.customer.pendo.io/guide-content/WPvkzGkOrfIvp3qkN5N54f_1PEk/YiOA-0Y
unknown
https://secure.sharefile.com/AuthUI/build/static/js/787.670bc603.chunk.js?v=BiFKq3qpMFWIoP7RxxIQPSs0sf02kf6bFGIM-K6ERkA
13.248.193.251
https://citrix-sharefile-data.customer.pendo.io/data/guide.gif/74b07336-7560-45fc-7cd1-95032a784d52?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1727754885998&v=2.248.1_prod
34.107.204.85
https://api-js-log.trustarc.com/error
unknown
https://consent-pref.trustarc.com?type=sharefile_granular&layout=gdpr
unknown
https://secure.sharefile.com/AuthUI/build/static/media/PublicSans-Regular.e86d2642f412b9493b14.woff2
13.248.193.251
https://agent.pendo.io/licenses
unknown
https://citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js
34.111.138.51
https://secure.sharefile.com/AuthUI/build/static/js/636.b86a29b1.chunk.js?v=gZ4giYab1Nf806qu_gNgaRiu9yIYeEF_8fhB3SZsyvw
13.248.193.251
https://consent.trustarc.com/get?name=crossdomain.html&domain=sharefile.com
13.225.78.53
https://consent.trustarc.com/
unknown
http://consent.trustarc.com/noticemsg?
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/mfS2ulYoG7dN1QSakrLPIk6LA7Q/4_xFPLt
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/u6RYL2wEa9xrpUJMTeOXl41AeJI/qrJmWAD
unknown
https://secure.sharefile.com/AuthUI/build/static/css/main.2803c8fc.css?v=IKRRL9DKIoD5-vhbFOUvewEfMisRbemzVbys8_M9K2o
13.248.193.251
https://citrix-sharefile-content.customer.pendo.io/guide-content/qgx_AaYBkGN6StQWJLhgBhCmZsY/ZEFqtCH
unknown
https://secure.sharefile.com/AuthUI/build/static/js/757.79916e6d.chunk.js?v=kAfS3hC4IaXWeWjf4ip6vdL-u7p7h4Q0XA1S0eVEGTc
13.248.193.251
https://citrix-sharefile-content.customer.pendo.io/guide-content/kRiIYerdgZdzqYlUiCx61iLjnBU/vJf7TMD
unknown
https://secure.sharefile.com/AuthUI/build/static/js/516.bb5af45f.chunk.js?v=HkEAqtfibkRGDiEw4UOvO5dc97t7Doq7O21Jm-yGzro
13.248.193.251
https://secure.sharefile.com/AuthUI/build/static/media/PublicSans-SemiBold.1cb825ff043ef7521574.woff2
13.248.193.251
https://citrix-sharefile-content.customer.pendo.io/guide-content/DGXiXepNeRvpgcvqVVwgerMyl9c/FzHL74W
unknown
https://consent.trustarc.com/bannermsg?
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/njPoQ1-6YEZw5vUbZJ0_GVUQ91Y
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/z6GAMp5KCypHWLnasLOIn0RVcPQ/vzuAMPt
unknown
https://secure.sharefile.com/AuthUI/build/static/js/32.15fb0945.chunk.js?v=haT9MhgAEKklEYeYIFgF1HweAT81fD1jP9iTINJETM8
13.248.193.251
https://citrix-sharefile-content.customer.pendo.io/guide-content/freMllnYvBAwsP7Q8plLkQuQk9o/iIvmdJJ
unknown
https://secure.sharefile.com/AuthUI/build/static/js/658.ab03e1a4.chunk.js?v=kwL_toi540AiRh-6wuk1c-WPNpO7TPxlPH2OTM1NiC4
13.248.193.251
https://consent.trustarc.com/asset/notice.js/v/v1.7-5097
13.225.78.53
https://citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52
unknown
https://consent.trustarc.com/notice?domain=sharefile.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=1&fade=30000
13.225.78.53
https://citrix-sharefile-content.customer.pendo.io/guide-content/jfhRXEM-T3XDOIl2P_kjewAdeGc/LhZTKWo
unknown
https://secure.sharefile.com/Authentication/Login
13.248.193.251
https://secure.sharefile.com/android-chrome-192x192.png
13.248.193.251
https://consent.trustarc.com/log?domain=sharefile.com&country=us&state=&behavior=implied&session=57ba1ea8-eeed-44e2-8939-92369e59a412&userType=NEW&c=0209&referer=https://secure.sharefile.com&language=en
13.225.78.53
https://consent.trustarc.com/log
unknown
https://secure.sharefile.com/AuthUI/build/static/js/main.b06a57ba.js?v=Pf3ELaUreSOVHwcXIs-4Q-Zg7GPSCrQ0dlGlgrIqaWs
13.248.193.251
https://secure.sharefile.com/login
13.248.193.251
https://secure.sharefile.com/AuthUI/build/static/media/sharefile-logo-with-icon.3aa33bb6fffd83a61c47.svg
13.248.193.251
There are 47 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
51.138.111.34.bc.googleusercontent.com
34.111.138.51
spgo.io
34.208.225.223
secure.sharefile.com
13.248.193.251
www.google.com
172.217.16.196
sharefile-prod.mautic.net
18.213.75.129
fp2e7a.wpc.phicdn.net
192.229.221.95
consent.trustarc.com
13.225.78.53
85.204.107.34.bc.googleusercontent.com
34.107.204.85
clicks.sharefile.com
unknown
citrix-sharefile-data.customer.pendo.io
unknown
citrix-sharefile-content.customer.pendo.io
unknown
campaignstudio.sharefile.com
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
34.107.204.85
85.204.107.34.bc.googleusercontent.com
United States
13.225.78.53
consent.trustarc.com
United States
18.213.75.129
sharefile-prod.mautic.net
United States
13.225.78.26
unknown
United States
192.168.2.4
unknown
unknown
192.168.2.5
unknown
unknown
13.248.193.251
secure.sharefile.com
United States
34.111.138.51
51.138.111.34.bc.googleusercontent.com
United States
239.255.255.250
unknown
Reserved
34.208.225.223
spgo.io
United States
172.217.16.196
www.google.com
United States
172.217.18.100
unknown
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://secure.sharefile.com/Authentication/Login#/StartViaSubdomain
https://secure.sharefile.com/Authentication/Login#/StartViaSubdomain
https://secure.sharefile.com/Authentication/Login#/StartViaSubdomain