Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
securedoc_20241008T101508.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (491), with CRLF, LF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 147
|
assembler source, ASCII text, with very long lines (554)
|
downloaded
|
||
Chrome Cache Entry: 148
|
ASCII text, with very long lines (322), with CRLF, LF line terminators
|
dropped
|
||
Chrome Cache Entry: 149
|
ASCII text, with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 150
|
ASCII text, with very long lines (57791)
|
dropped
|
||
Chrome Cache Entry: 151
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 152
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 153
|
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter
LightRegular3.019;
|
downloaded
|
||
Chrome Cache Entry: 154
|
TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
|
downloaded
|
||
Chrome Cache Entry: 155
|
ASCII text, with very long lines (57791)
|
downloaded
|
||
Chrome Cache Entry: 156
|
GIF image data, version 89a, 1280 x 808
|
downloaded
|
||
Chrome Cache Entry: 157
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1440x960, components 3
|
downloaded
|
||
Chrome Cache Entry: 158
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 159
|
GIF image data, version 89a, 1280 x 808
|
dropped
|
||
Chrome Cache Entry: 160
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 161
|
TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
|
downloaded
|
||
Chrome Cache Entry: 162
|
assembler source, ASCII text, with very long lines (532)
|
downloaded
|
||
Chrome Cache Entry: 163
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1920x1280, components 3
|
dropped
|
||
Chrome Cache Entry: 164
|
Unicode text, UTF-8 text, with very long lines (64131)
|
downloaded
|
||
Chrome Cache Entry: 165
|
Unicode text, UTF-8 text, with very long lines (64131)
|
dropped
|
||
Chrome Cache Entry: 166
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 167
|
TrueType Font data, 15 tables, 1st "FFTM", 30 names, Macintosh
|
downloaded
|
||
Chrome Cache Entry: 168
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1920x1280, components 3
|
downloaded
|
||
Chrome Cache Entry: 169
|
ASCII text, with very long lines (65447)
|
dropped
|
||
Chrome Cache Entry: 170
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 171
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 172
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1440x960, components 3
|
dropped
|
||
Chrome Cache Entry: 173
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
dropped
|
||
Chrome Cache Entry: 174
|
ASCII text, with very long lines (20831)
|
dropped
|
||
Chrome Cache Entry: 175
|
ASCII text, with very long lines (65324)
|
downloaded
|
||
Chrome Cache Entry: 176
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 177
|
ASCII text, with very long lines (14965)
|
downloaded
|
||
Chrome Cache Entry: 178
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 179
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 180
|
ASCII text, with very long lines (20831)
|
downloaded
|
||
Chrome Cache Entry: 181
|
TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
|
downloaded
|
||
Chrome Cache Entry: 182
|
TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
|
downloaded
|
||
Chrome Cache Entry: 183
|
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter
SemiBoldRegular3.0
|
downloaded
|
||
Chrome Cache Entry: 184
|
ASCII text, with very long lines (322), with CRLF, LF line terminators
|
downloaded
|
There are 35 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20241008T101508.html
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5445686682342090761,7875340082080687336,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Desktop/securedoc_20241008T101508.html
|
|||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en
|
50.17.52.147
|
||
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
|
50.17.52.147
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en
|
50.17.52.147
|
||
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgn
|
unknown
|
||
https://res.cisco.com/websafe/templates/standard-scripts.js
|
54.204.51.182
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en
|
50.17.52.147
|
||
https://res.cisco.com/admin/fonts/Inter/Inter-Regular.ttf
|
54.204.51.182
|
||
https://res.cisco.com/websafe/images/loginbg.gif
|
50.17.52.147
|
||
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
|
104.17.25.14
|
||
https://github.com/select2/select2/blob/master/LICENSE.md
|
unknown
|
||
https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
|
unknown
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en
|
50.17.52.147
|
||
https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
|
unknown
|
||
https://res.cisco.com/websafe/templates/css/postx.css
|
54.204.51.182
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6
|
unknown
|
||
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1
|
50.17.52.147
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
|
104.18.11.207
|
||
https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
|
unknown
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en&try=1
|
50.17.52.147
|
||
https://res.cisco.com:443
|
unknown
|
||
https://res.cisco.com:443/keyserver/keyserver
|
unknown
|
||
https://static.cres-aws.com/postx.css
|
13.32.121.110
|
||
https://res.cisco.com/admin/cisco-fonts.min.css
|
54.204.51.182
|
||
https://github.com/rsms/inter)Inter
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
|
104.17.25.14
|
||
http://opensource.org/licenses/MIT).
|
unknown
|
||
https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=en
|
|||
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
|
104.18.11.207
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en&try=1
|
50.17.52.147
|
||
https://res.cisco.com:443/keyserver/Logout
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
|
104.17.25.14
|
||
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en
|
50.17.52.147
|
||
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf
|
13.32.121.110
|
||
https://res.cisco.com/favicon.ico
|
54.204.51.182
|
||
https://res.cisco.com/admin/fonts/Inter/Inter-Bold.ttf
|
54.204.51.182
|
||
https://res.cisco.com/admin/fonts/SharpSans/SharpSans-Bold.ttf
|
54.204.51.182
|
||
https://getbootstrap.com/)
|
unknown
|
||
https://res.cisco.com:443/websafe/help?topic=RegEnvelope
|
unknown
|
||
https://res.cisco.com/websafe/custom.action?cmd=authFrame
|
unknown
|
||
https://res.cisco.com/websafe/templates/css/customHelp.css
|
54.204.51.182
|
||
https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf
|
13.32.121.110
|
||
http://scripts.sil.org/OFLWeightSlant
|
unknown
|
||
https://res.cisco.com:443/websafe/help?topic=PPNotShown
|
unknown
|
||
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en
|
50.17.52.147
|
||
http://scripts.sil.org/OFLWeightSlantRegular
|
unknown
|
||
https://res.cisco.com:443/websafe/help?topic=AddrNotShown
|
unknown
|
||
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf
|
13.32.121.110
|
||
https://res.cisco.com:443/websafe/pswdForgot.action
|
unknown
|
||
http://scripts.sil.org/OFLInterLightWeightSlant
|
unknown
|
||
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
https://res.cisco.com/keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__61365b13000001926cb2c7d2956fcd8219945c83%40mail10674.corpmailsvcs.com&s=1&f=0&d=1728414926610&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36
|
50.17.52.147
|
||
http://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://w
|
unknown
|
||
https://static.cres-aws.com/CRES_login_bg.jpg
|
13.32.121.110
|
||
http://www.sharptype.co
|
unknown
|
||
http://scripts.sil.org/OFLInterSemiBoldWeightSlant
|
unknown
|
||
https://res.cisco.com/websafe/templates/screen-reader.js
|
54.204.51.182
|
||
https://static.cres-aws.com/fonts/Inter/Inter-Bold.ttf
|
13.32.121.110
|
There are 49 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
res.cisco.com
|
50.17.52.147
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
www.google.com
|
142.250.186.68
|
||
d2qj7djftjbj85.cloudfront.net
|
13.32.121.110
|
||
static.cres-aws.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.186.68
|
www.google.com
|
United States
|
||
104.17.24.14
|
unknown
|
United States
|
||
50.17.52.147
|
res.cisco.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
54.204.51.182
|
unknown
|
United States
|
||
13.32.121.35
|
unknown
|
United States
|
||
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
52.21.182.221
|
unknown
|
United States
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
||
13.32.121.110
|
d2qj7djftjbj85.cloudfront.net
|
United States
|
There are 1 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
file:///C:/Users/user/Desktop/securedoc_20241008T101508.html
|
||
https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=en
|
||
file:///C:/Users/user/Desktop/securedoc_20241008T101508.html
|