IOC Report
https://job.wiz.bi/vTznY

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:34:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:34:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:34:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:34:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:34:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 102
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 3200x3934, components 3
dropped
Chrome Cache Entry: 103
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (7117)
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 106
JSON data
downloaded
Chrome Cache Entry: 107
JSON data
dropped
Chrome Cache Entry: 108
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 109
ASCII text, with very long lines (1856)
downloaded
Chrome Cache Entry: 110
JSON data
dropped
Chrome Cache Entry: 111
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 79
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 80
ASCII text, with very long lines (6815)
downloaded
Chrome Cache Entry: 81
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 82
PNG image data, 680 x 850, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 83
JSON data
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 85
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 8 bits/pixel
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (6815)
dropped
Chrome Cache Entry: 87
ASCII text, with very long lines (3721)
dropped
Chrome Cache Entry: 88
JSON data
dropped
Chrome Cache Entry: 89
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 8 bits/pixel
dropped
Chrome Cache Entry: 90
JSON data
downloaded
Chrome Cache Entry: 91
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 92
JSON data
downloaded
Chrome Cache Entry: 93
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 94
JSON data
dropped
Chrome Cache Entry: 95
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 96
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 3200x3934, components 3
downloaded
Chrome Cache Entry: 97
HTML document, ASCII text, with very long lines (44980)
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (7117)
dropped
Chrome Cache Entry: 99
ASCII text, with very long lines (3721)
downloaded
There are 30 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1972,i,10556890110816804608,2110946796034204969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://job.wiz.bi/vTznY"

URLs

Name
IP
Malicious
https://job.wiz.bi/vTznY
https://cvbook-api.wizbii.com/api/cvbook/candidates?token=bf4ced2e-142d-4ed0-a14e-fe0846715c26
34.77.72.35
https://cv-book.event.wizbii.com/global.a88bab6102f73725.css
34.77.72.35
https://cv-book.event.wizbii.com/polyfills.9a6d10528a59e476.js
34.77.72.35
https://cv-book.event.wizbii.com/assets/sprite.svg?token=bf4ced2e-142d-4ed0-a14e-fe0846715c26
34.77.72.35
https://file.wizbii.com/v1/file/e5f00558-055f-457b-9073-d35eb66f941f.jpg
34.77.72.35
https://cv-book.event.wizbii.com/vendor.ad9bfb0d98416751.js
34.77.72.35
https://job.wiz.bi/vTznY
34.77.72.35
https://www.wizbii.com/_api/web-metrics-api
34.77.72.35
https://file.wizbii.com/v1/file/2bf29dea-6c3f-4448-b25f-e541b242e7a0.png
34.77.72.35
https://cv-book.event.wizbii.com/main.2b3e8a409b3173ce.js
34.77.72.35
https://cv-book.event.wizbii.com/3738.a0b70f9247e42ccb.js
34.77.72.35
https://cv-book.event.wizbii.com/common.813146b5f4707928.js
34.77.72.35
https://cvbook-api.wizbii.com/api/cvbook?token=bf4ced2e-142d-4ed0-a14e-fe0846715c26
34.77.72.35
https://cv-book.event.wizbii.com/assets/favicons/favicon.ico
34.77.72.35
https://cv-book.event.wizbii.com/?token=bf4ced2e-142d-4ed0-a14e-fe0846715c26
https://cv-book.event.wizbii.com/reset-normalize.99f71829c6d3b2b2.css
34.77.72.35
https://cv-book.event.wizbii.com/runtime.4fbf5578e81f7503.js
34.77.72.35
There are 7 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cv-book.event.wizbii.com
34.77.72.35
file.wizbii.com
34.77.72.35
imaginary.wizbii.com
34.77.72.35
job.wiz.bi
34.77.72.35
www.google.com
142.250.181.68
www.wizbii.com
34.77.72.35
cvbook-api.wizbii.com
34.77.72.35

IPs

IP
Domain
Country
Malicious
192.168.2.8
unknown
unknown
34.77.72.35
cv-book.event.wizbii.com
United States
239.255.255.250
unknown
Reserved
142.250.181.68
www.google.com
United States

DOM / HTML

URL
Malicious
https://cv-book.event.wizbii.com/?token=bf4ced2e-142d-4ed0-a14e-fe0846715c26
https://cv-book.event.wizbii.com/?token=bf4ced2e-142d-4ed0-a14e-fe0846715c26