IOC Report
PO#150623.html

loading gif

Files

File Path
Type
Category
Malicious
PO#150623.html
HTML document, ASCII text, with CRLF line terminators
initial sample
 malicious
Chrome Cache Entry: 127
PNG image data, 300 x 168, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 128
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 236x334, components 3
dropped
Chrome Cache Entry: 129
PNG image data, 300 x 168, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 130
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 236x334, components 3
downloaded

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PO#150623.html"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2252,i,2106847254082382091,4944369899380202969,262144 /prefetch:8

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/PO%23150623.html
malicious
https://grupopfp.com.br/exc.php
unknown
https://i.gyazo.com/843426683ddbd46030d521670badac8c.jpg
104.18.24.163
https://i.gyazo.com/843426683ddbd46030d521670badac8c.jpg);
unknown
https://i.gyazo.com/40a8327b4278a35bc0c3d6a6d1a4a52d.png
104.18.24.163

Domains

Name
IP
Malicious
i.gyazo.com
104.18.24.163
www.google.com
142.250.186.68
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
142.250.186.68
www.google.com
United States
192.168.2.4
unknown
unknown
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
104.18.24.163
i.gyazo.com
United States

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/PO%23150623.html