Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Audio.wavqvc.com10098.html
|
HTML document, ASCII text, with very long lines (9900), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 12:53:44 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 12:53:44 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 12:53:44 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 12:53:44 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 12:53:44 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 74
|
ASCII text, with very long lines (48316), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 75
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 76
|
ASCII text, with very long lines (1325), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 77
|
PNG image data, 48 x 27, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 78
|
ASCII text, with very long lines (47459)
|
downloaded
|
||
Chrome Cache Entry: 79
|
ASCII text, with very long lines (1313), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 80
|
very short file (no magic)
|
downloaded
|
||
Chrome Cache Entry: 81
|
ASCII text, with very long lines (65447)
|
dropped
|
||
Chrome Cache Entry: 82
|
ASCII text, with very long lines (47459)
|
dropped
|
||
Chrome Cache Entry: 83
|
PNG image data, 48 x 27, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 84
|
ASCII text, with very long lines (47992), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 85
|
ASCII text, with very long lines (47992), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 86
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 87
|
ASCII text, with very long lines (48316), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 88
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 89
|
very short file (no magic)
|
dropped
|
||
Chrome Cache Entry: 90
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 91
|
HTML document, ASCII text, with very long lines (6477), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 92
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
There are 16 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Audio.wavqvc.com10098.html
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2032,i,9994889272680913447,6764105540733817126,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://9q.iountanic.com/4rGra/#Q#Tdavid.dimauro@qvc.com
|
|||
https://9q.iountanic.com/4rGra/
|
104.21.68.104
|
||
https://community.sephora.com/html/assets/img_community-logo.svg
|
18.245.86.6
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d0f56a70cadc3ff&lang=auto
|
104.18.94.41
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d0f56a70cadc3ff/1728654830319/ed0dfd9d95f03a14d7f4f65d6e79c89bcf16f1c60c7616b4771f0c4404addab0/QyWZqM6CsEeF5Ob
|
104.18.94.41
|
||
https://code.jquery.com/jquery-3.6.0.min.js
|
151.101.194.137
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwmyp/0x4AAAAAAAhBMPdr3vMigrA3/auto/fbE/normal/auto/
|
104.18.94.41
|
||
https://a.nel.cloudflare.com/report/v4?s=5xJ5G3j67gd9uRnLQr%2B9b1d%2FtkLoeQd%2BeM2Q9%2Fb5F4eI4n7FRSEiLgaTwq3bxzR9qCE%2F4KaAiZVQLQq1qANIt26%2BfP5j2iDFwSvMiE9W1eTJjR0RAt6FI3dg3GoNgA%3D%3D
|
35.190.80.1
|
||
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
|
104.17.24.14
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.18.94.41
|
||
https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js
|
104.18.95.41
|
||
https://mollysirishpub-tol.com/res444.php?2-68747470733a2f2f39512e696f756e74616e69632e636f6d2f34724772612f-mandrill
|
69.49.245.172
|
||
https://9q.iountanic.com/favicon.ico
|
104.21.68.104
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d0f56a70cadc3ff/1728654830321/Brmsrk1UDqp3rhl
|
104.18.94.41
|
||
https://ugrssk2xcnmyafkbur3ma854zqoajfwne1fjkqg37ynrm8rpseo.diblethe.com/539977775575586577HoxufoYVCQOLDQGFXGMZEQOIITJBSUOIJQZQAKITIRDRGTSI
|
188.114.97.3
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/45662806:1728652483:UESNLT3H3QxqO_wId2lAkhZLoYB2rUVT4FgDxeg5U30/8d0f56a70cadc3ff/f3abe9e63e0e531
|
104.18.94.41
|
||
file:///C:/Users/user/Desktop/Audio.wavqvc.com10098.html
|
|||
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
|
104.17.25.14
|
||
https://www.sephora.com/
|
There are 9 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
9q.iountanic.com
|
104.21.68.104
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
dycxm6nnyo2aj.cloudfront.net
|
18.245.86.6
|
||
cnstrc.com
|
99.86.4.116
|
||
gke-ingress.bluecore.com
|
35.190.19.88
|
||
code.jquery.com
|
151.101.194.137
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
challenges.cloudflare.com
|
104.18.95.41
|
||
www.google.com
|
142.250.186.68
|
||
ugrssk2xcnmyafkbur3ma854zqoajfwne1fjkqg37ynrm8rpseo.diblethe.com
|
188.114.97.3
|
||
mollysirishpub-tol.com
|
69.49.245.172
|
||
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
|
54.77.0.81
|
||
js-cdn.dynatrace.com
|
52.222.236.22
|
||
e309da9b9aaf.cdn4.forter.com
|
18.245.86.4
|
||
sephora-track.inside-graph.com
|
unknown
|
||
sephora.demdex.net
|
unknown
|
||
www.sephora.com
|
unknown
|
||
assets.adobedtm.com
|
unknown
|
||
api.bluecore.com
|
unknown
|
||
community.sephora.com
|
unknown
|
There are 10 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.21.68.104
|
9q.iountanic.com
|
United States
|
||
142.250.186.68
|
www.google.com
|
United States
|
||
192.168.2.17
|
unknown
|
unknown
|
||
104.18.94.41
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
52.222.236.22
|
js-cdn.dynatrace.com
|
United States
|
||
151.101.194.137
|
code.jquery.com
|
United States
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
104.17.24.14
|
unknown
|
United States
|
||
18.245.86.11
|
unknown
|
United States
|
||
69.49.245.172
|
mollysirishpub-tol.com
|
United States
|
||
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
99.86.4.116
|
cnstrc.com
|
United States
|
||
216.58.206.68
|
unknown
|
United States
|
||
18.245.86.4
|
e309da9b9aaf.cdn4.forter.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
188.114.97.3
|
ugrssk2xcnmyafkbur3ma854zqoajfwne1fjkqg37ynrm8rpseo.diblethe.com
|
European Union
|
||
35.190.19.88
|
gke-ingress.bluecore.com
|
United States
|
||
188.114.96.3
|
unknown
|
European Union
|
||
54.77.0.81
|
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
|
United States
|
||
18.245.86.6
|
dycxm6nnyo2aj.cloudfront.net
|
United States
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 12 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
file:///C:/Users/user/Desktop/Audio.wavqvc.com10098.html
|
||
https://9q.iountanic.com/4rGra/#Q#Tdavid.dimauro@qvc.com
|
||
https://9q.iountanic.com/4rGra/#Q#Tdavid.dimauro@qvc.com
|
||
https://9q.iountanic.com/4rGra/#Q#Tdavid.dimauro@qvc.com
|
||
https://www.sephora.com/
|