IOC Report
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:50:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:50:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:50:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:50:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:50:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 71
ASCII text, with very long lines (48316), with no line terminators
dropped
Chrome Cache Entry: 72
JSON data
downloaded
Chrome Cache Entry: 73
ASCII text
dropped
Chrome Cache Entry: 74
ASCII text, with very long lines (48316), with no line terminators
downloaded
Chrome Cache Entry: 75
ASCII text
downloaded
Chrome Cache Entry: 76
HTML document, ASCII text, with very long lines (611)
downloaded
Chrome Cache Entry: 77
HTML document, ASCII text, with very long lines (65446)
downloaded
Chrome Cache Entry: 78
JSON data
dropped
There are 5 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1960,i,271901349923696790,2627997087610046514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)"

URLs

Name
IP
Malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
malicious
http://bugs.jquery.com/ticket/12359
unknown
http://jquery.org/license
unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14
http://json.org/json2.js
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=649285
unknown
http://sizzlejs.com/
unknown
https://r29hjdbbius.tkllop.online/obufsssssssscaaatoion/
172.67.164.87
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
unknown
http://jsperf.com/getall-vs-sizzle/2
unknown
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
unknown
https://bugs.webkit.org/show_bug.cgi?id=29084
unknown
http://blindsignals.com/index.php/2009/07/jquery-delay/
unknown
http://bugs.jquery.com/ticket/12282#comment:15
unknown
https://developer.mozilla.org/en-US/docs/CSS/display
unknown
http://dev.w3.org/csswg/cssom/#resolved-values
unknown
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/favicon.ico
162.159.140.237
https://code.jquery.com/jquery-1.9.1.js
151.101.2.137
https://developer.mozilla.org/en/Security/CSP)
unknown
https://a.nel.cloudflare.com/report/v4?s=zBV4UNsAVut%2FcGYjDXCZvVdTjdkssYCH38pvRBc63AFPCFEt5NEZRw448AHF0MaV3AYD5SPfKiOu%2FDBbpo3kMxRJhlG5QASkr4Sn35ReEZBlZ6w0LImkfLJjbkwjvt9srydSCXI9GEh3I%2BM%3D
35.190.80.1
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html
162.159.140.237
https://a.nel.cloudflare.com/report/v4?s=Im9BAz3AJ2NdrcDSAVvdIU%2FlGzaQlL3olWDUXjR5V3eBNtc%2B%2FZFQW49Ps77Ol7JSK7oHGUEnHAEnT1uS1f5i0zrUPRQe62sqcfLSK0nUplQsVOuWZwqdP5Dna422EMcVQe4qD2iqrohF2NEB
35.190.80.1
https://a.nel.cloudflare.com/report/v4?s=9BiNv8jdRELwuxsVwTaF9Pm3OfZY9mi6N1h49FQBPNNfi%2B0nEHXGL7%2BlyHtFbnIhiT5SkutKUY%2F3F0Lz6YoczkG5%2FqMeZwuapI7YNANKPHdFqsQVU2gBrhZa5Zebve6f%2F1MsgO3K87LnyXvY
35.190.80.1
https://www.cloudflare.com/favicon.ico
unknown
https://whc1srlopyd.dffjl.online/obufsssssssscaaatoion/
172.67.185.124
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
unknown
http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
unknown
https://developers.cloudflare.com/r2/data-access/public-buckets/
unknown
https://github.com/jquery/jquery/pull/764
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=491668
unknown
http://javascript.nwbox.com/IEContentLoaded/
unknown
http://jquery.com/
unknown
https://freeipapi.com/api/json/
188.114.96.3
There are 23 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev
162.159.140.237
 malicious
a.nel.cloudflare.com
35.190.80.1
whc1srlopyd.dffjl.online
172.67.185.124
code.jquery.com
151.101.2.137
cdnjs.cloudflare.com
104.17.24.14
r29hjdbbius.tkllop.online
172.67.164.87
freeipapi.com
188.114.96.3
www.google.com
142.250.186.36

IPs

IP
Domain
Country
Malicious
162.159.140.237
pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev
United States
malicious
104.17.24.14
cdnjs.cloudflare.com
United States
142.250.186.36
www.google.com
United States
172.67.185.124
whc1srlopyd.dffjl.online
United States
192.168.2.17
unknown
unknown
151.101.130.137
unknown
United States
151.101.2.137
code.jquery.com
United States
172.67.164.87
r29hjdbbius.tkllop.online
United States
239.255.255.250
unknown
Reserved
188.114.97.3
unknown
European Union
188.114.96.3
freeipapi.com
European Union
35.190.80.1
a.nel.cloudflare.com
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
 malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)
 malicious
https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para)