Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Electronic_Receipt_ATT0001.htm
|
HTML document, ASCII text, with CRLF line terminators
|
initial sample
|
||
Chrome Cache Entry: 127
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 128
|
HTML document, ASCII text, with very long lines (394)
|
dropped
|
||
Chrome Cache Entry: 129
|
HTML document, ASCII text, with very long lines (394)
|
downloaded
|
||
Chrome Cache Entry: 130
|
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 131
|
ASCII text, with very long lines (47992), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 132
|
ASCII text, with very long lines (24050)
|
downloaded
|
||
Chrome Cache Entry: 133
|
ASCII text, with very long lines (1369), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 134
|
ASCII text, with very long lines (47992), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 135
|
HTML document, ASCII text, with very long lines (394)
|
downloaded
|
||
Chrome Cache Entry: 136
|
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 137
|
ASCII text, with very long lines (1369), with CRLF line terminators
|
downloaded
|
There are 2 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Electronic_Receipt_ATT0001.htm"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2016,i,16826850735177625839,11304651080124014247,262144
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://href.li/?https://KtqCO.eh5j.com/MlKbF/
|
192.0.78.26
|
||
https://uzerapproved.com/res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail
|
69.49.245.172
|
||
https://KtqCO.eh5j.com/MlKbF/
|
unknown
|
||
https://ktqco.eh5j.com/favicon.ico
|
172.67.183.69
|
||
https://ktqco.eh5j.com/cdn-cgi/images/icon-exclamation.png?1376755637
|
172.67.183.69
|
||
https://ktqco.eh5j.com/MlKbF/
|
172.67.183.69
|
||
https://ktqco.eh5j.com/cdn-cgi/styles/cf.errors.css
|
172.67.183.69
|
||
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
|
104.17.25.14
|
||
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
cdnjs.cloudflare.com
|
104.17.25.14
|
||
ktqco.eh5j.com
|
172.67.183.69
|
||
www.google.com
|
142.250.184.196
|
||
uzerapproved.com
|
69.49.245.172
|
||
href.li
|
192.0.78.26
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.184.196
|
www.google.com
|
United States
|
||
172.67.183.69
|
ktqco.eh5j.com
|
United States
|
||
69.49.245.172
|
uzerapproved.com
|
United States
|
||
192.168.2.8
|
unknown
|
unknown
|
||
192.168.2.17
|
unknown
|
unknown
|
||
192.168.2.4
|
unknown
|
unknown
|
||
192.168.2.6
|
unknown
|
unknown
|
||
216.58.206.68
|
unknown
|
United States
|
||
192.168.2.5
|
unknown
|
unknown
|
||
192.0.78.26
|
href.li
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 2 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://ktqco.eh5j.com/MlKbF/#W#em11bGxpZ2FuQGhhcm1vbnljYXJlcy5jb20=
|