Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
securedoc_20241028T070148.html
|
HTML document, Unicode text, UTF-8 text, with very long lines (514), with CRLF, LF line terminators
|
initial sample
|
 |
|
|
Chrome Cache Entry: 149
|
assembler source, ASCII text, with very long lines (554)
|
downloaded
|
||
|
Chrome Cache Entry: 150
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 151
|
ASCII text, with very long lines (57791)
|
dropped
|
||
|
Chrome Cache Entry: 152
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 153
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, comment: "LEADTOOLS v22.0", baseline,
precision 8, 160x41, components 3
|
dropped
|
||
|
Chrome Cache Entry: 154
|
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter
LightRegular3.019;
|
downloaded
|
||
|
Chrome Cache Entry: 155
|
TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
|
downloaded
|
||
|
Chrome Cache Entry: 156
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, comment: "LEADTOOLS v22.0", baseline,
precision 8, 160x41, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 157
|
ASCII text, with very long lines (57791)
|
downloaded
|
||
|
Chrome Cache Entry: 158
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1440x960, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 159
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 160
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 161
|
TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
|
downloaded
|
||
|
Chrome Cache Entry: 162
|
assembler source, ASCII text, with very long lines (532)
|
downloaded
|
||
|
Chrome Cache Entry: 163
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1920x1280, components 3
|
dropped
|
||
|
Chrome Cache Entry: 164
|
Unicode text, UTF-8 text, with very long lines (64131)
|
downloaded
|
||
|
Chrome Cache Entry: 165
|
Unicode text, UTF-8 text, with very long lines (64131)
|
dropped
|
||
|
Chrome Cache Entry: 166
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 167
|
TrueType Font data, 15 tables, 1st "FFTM", 30 names, Macintosh
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1920x1280, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 169
|
ASCII text, with very long lines (65447)
|
dropped
|
||
|
Chrome Cache Entry: 170
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 171
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com.
2016], baseline, precision 8, 1440x960, components 3
|
dropped
|
||
|
Chrome Cache Entry: 172
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 173
|
ASCII text, with very long lines (20831)
|
dropped
|
||
|
Chrome Cache Entry: 174
|
ASCII text, with very long lines (65324)
|
downloaded
|
||
|
Chrome Cache Entry: 175
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 176
|
ASCII text, with very long lines (14965)
|
downloaded
|
||
|
Chrome Cache Entry: 177
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 178
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 179
|
ASCII text, with very long lines (20831)
|
downloaded
|
||
|
Chrome Cache Entry: 180
|
TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
|
downloaded
|
||
|
Chrome Cache Entry: 181
|
TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter
SemiBoldRegular3.0
|
downloaded
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\securedoc_20241028T070148.html"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2036,i,11714635817237412283,15918365930633884916,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
file:///C:/Users/user/Desktop/securedoc_20241028T070148.html
|
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fi18n.authframe.safr.button.open&c=E
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fih.data&c=E
|
unknown
|
||
|
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
|
unknown
|
||
|
http://res.cisco.com?lp=en
|
unknown
|
||
|
https://res.cisco.com/websafe/help?topic=AddrNotShown
|
|||
|
https://res.cisco.com/websafe/templates/standard-scripts.js
|
34.206.224.40
|
||
|
https://res.cisco.com/admin/fonts/Inter/Inter-Regular.ttf
|
34.206.224.40
|
||
|
https://res.cisco.com/websafe/images/loginbg.gif
|
34.235.221.210
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fthis.save&c=E
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
|
104.17.25.14
|
||
|
https://github.com/select2/select2/blob/master/LICENSE.md
|
unknown
|
||
|
https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fthis.total&c=E
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwindow.open&c=E
|
unknown
|
||
|
http://res.cisco.com/?button=google&lp=en
|
34.235.221.210
|
||
|
http://res.cisco.com?button=google&lp=en
|
unknown
|
||
|
https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
|
unknown
|
||
|
https://res.cisco.com/websafe/templates/css/postx.css
|
34.206.224.40
|
||
|
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
|
http://res.cisco.com/?lp=en
|
34.235.221.210
|
||
|
https://res.cisco.com/?button=ok&lp=en
|
34.235.221.210
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fdC.name&c=E
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
|
104.18.11.207
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fil.data&c=E
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f_n.save&c=E
|
unknown
|
||
|
https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
|
unknown
|
||
|
https://res.cisco.com:443
|
unknown
|
||
|
https://res.cisco.com:443/keyserver/keyserver
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fd6.run&c=E
|
unknown
|
||
|
https://static.cres-aws.com/postx.css
|
13.32.121.40
|
||
|
https://res.cisco.com/admin/cisco-fonts.min.css
|
34.206.224.40
|
||
|
https://github.com/rsms/inter)Inter
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2ff1.data&c=E
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
|
104.17.25.14
|
||
|
http://opensource.org/licenses/MIT).
|
unknown
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
|
104.18.11.207
|
||
|
https://res.cisco.com/?button=google&lp=en
|
34.235.221.210
|
||
|
https://res.cisco.com:443/keyserver/Logout
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fstatic.cres-aws.com%2fpostx.css&c=E
|
unknown
|
||
|
https://res.cisco.com/websafe/logo/HZio7Pe9aCv75Ci5tcUaFOo3gwSwWH1fmVNz4z-FwW-EfOrJiAw6iFbvTh4IP35z7
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
|
104.17.25.14
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f_l.data&c=E
|
unknown
|
||
|
http://res.cisco.com/?button=ok&lp=en
|
34.235.221.210
|
||
|
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf
|
13.32.121.40
|
||
|
https://res.cisco.com/favicon.ico
|
34.206.224.40
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fiA.name&c=E
|
unknown
|
||
|
https://res.cisco.com/admin/fonts/Inter/Inter-Bold.ttf
|
34.206.224.40
|
||
|
https://res.cisco.com/admin/fonts/SharpSans/SharpSans-Bold.ttf
|
34.206.224.40
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fm.data&c=E
|
unknown
|
||
|
https://getbootstrap.com/)
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2falgnames.encryption.data&c=E
|
unknown
|
||
|
https://res.cisco.com:443/websafe/help?topic=RegEnvelope
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fstatic.cres-aws.com%2fpostx.css&c=E,1,_oNzUaaJ6Oh_nmW_uRHKD7LdB7nJv5nE_YElsWxHIL-NU42TXK4qYBmvLBLeAQOn2J9dTpT7BwPZoOaqPQ0RYcNDJvyshA79Xq8drtgBOg,,&typo=1
|
18.159.67.181
|
||
|
https://res.cisco.com/?lp=en
|
34.235.221.210
|
||
|
https://res.cisco.com/websafe/custom.action?cmd=authFrame
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2ftext_i18n.authframe.safr.link.help&c=E
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fi18n.authframe.safr.passphrase.more.info&c=E
|
unknown
|
||
|
https://res.cisco.com/websafe/templates/css/customHelp.css
|
34.206.224.40
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fiB.name&c=E
|
unknown
|
||
|
http://res.cisco.com?button=ok&lp=en
|
unknown
|
||
|
https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf
|
13.32.121.40
|
||
|
https://res.cisco.com/websafe/root
|
34.235.221.210
|
||
|
http://scripts.sil.org/OFLWeightSlant
|
unknown
|
||
|
https://res.cisco.com:443/websafe/help?topic=PPNotShown
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fdocument.open&c=E
|
unknown
|
||
|
http://scripts.sil.org/OFLWeightSlantRegular
|
unknown
|
||
|
https://res.cisco.com:443/websafe/help?topic=AddrNotShown
|
unknown
|
||
|
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf
|
13.32.121.40
|
||
|
https://res.cisco.com:443/websafe/pswdForgot.action
|
unknown
|
||
|
http://scripts.sil.org/OFLInterLightWeightSlant
|
unknown
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://res.cisco.com/websafe/logo/HZio7Pe9aCv75Ci5tcUaFOo3gwSwWH1fmVNz4z-FwW-EfOrJiAw6iFbvTh4IP35z7lYX2A!!/branding/customer-logo.gif?f=1
|
34.235.221.210
|
||
|
http://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://w
|
unknown
|
||
|
https://static.cres-aws.com/CRES_login_bg.jpg
|
13.32.121.40
|
||
|
http://www.sharptype.co
|
unknown
|
||
|
http://scripts.sil.org/OFLInterSemiBoldWeightSlant
|
unknown
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fopenerObj.run&c=E
|
unknown
|
||
|
https://res.cisco.com/websafe/templates/screen-reader.js
|
34.206.224.40
|
||
|
https://static.cres-aws.com/fonts/Inter/Inter-Bold.ttf
|
13.32.121.40
|
||
|
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgM.nr&c=E
|
unknown
|
There are 71 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
res.cisco.com
|
34.235.221.210
|
||
|
cdnjs.cloudflare.com
|
104.17.25.14
|
||
|
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
||
|
www.google.com
|
142.250.184.228
|
||
|
linkprotect.cudasvc.com
|
18.159.67.181
|
||
|
d2qj7djftjbj85.cloudfront.net
|
13.32.121.40
|
||
|
static.cres-aws.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
34.206.224.40
|
unknown
|
United States
|
||
|
192.168.2.17
|
unknown
|
unknown
|
||
|
192.168.2.8
|
unknown
|
unknown
|
||
|
192.168.2.7
|
unknown
|
unknown
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
13.32.121.40
|
d2qj7djftjbj85.cloudfront.net
|
United States
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
34.235.221.210
|
res.cisco.com
|
United States
|
||
|
18.159.67.181
|
linkprotect.cudasvc.com
|
United States
|
||
|
142.250.184.228
|
www.google.com
|
United States
|
||
|
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
13.32.121.110
|
unknown
|
United States
|
There are 4 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
file:///C:/Users/user/Desktop/securedoc_20241028T070148.html
|
|
|
|
https://res.cisco.com/websafe/help?topic=AddrNotShown
|