Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 100
|
ASCII text, with very long lines (15984), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 101
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 102
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 103
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 104
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 105
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 106
|
ASCII text, with very long lines (6634)
|
downloaded
|
||
Chrome Cache Entry: 107
|
Unicode text, UTF-8 text, with very long lines (45233)
|
downloaded
|
||
Chrome Cache Entry: 108
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 109
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 110
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 111
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 112
|
Unicode text, UTF-8 text, with very long lines (36630)
|
downloaded
|
||
Chrome Cache Entry: 113
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 114
|
ASCII text, with very long lines (15184), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 115
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 116
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 117
|
Web Open Font Format, TrueType, length 37153, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 118
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 119
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 120
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 121
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 122
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 123
|
Generic INItialization configuration []
|
downloaded
|
||
Chrome Cache Entry: 124
|
ASCII text, with very long lines (41563), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 125
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 126
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 127
|
ASCII text, with very long lines (8951), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 128
|
ASCII text, with very long lines (3960)
|
downloaded
|
||
Chrome Cache Entry: 129
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 130
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 131
|
Unicode text, UTF-8 text, with very long lines (41211), with LF, NEL line terminators
|
downloaded
|
||
Chrome Cache Entry: 132
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 133
|
Unicode text, UTF-8 text, with very long lines (61600)
|
downloaded
|
||
Chrome Cache Entry: 134
|
Generic INItialization configuration []
|
dropped
|
||
Chrome Cache Entry: 135
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 136
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 137
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 138
|
ASCII text, with very long lines (31804)
|
downloaded
|
||
Chrome Cache Entry: 139
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 140
|
Web Open Font Format, TrueType, length 57172, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 141
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 142
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 143
|
Unicode text, UTF-8 text, with very long lines (3256), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 144
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 145
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 146
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 147
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 148
|
ASCII text, with very long lines (32092), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 149
|
ASCII text, with very long lines (20686), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 150
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 151
|
Unicode text, UTF-8 text, with very long lines (65136), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 152
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 153
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 154
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 155
|
ASCII text, with very long lines (31923), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 156
|
ASCII text, with very long lines (2693), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 97
|
Unicode text, UTF-8 text, with very long lines (40350), with NEL line terminators
|
downloaded
|
||
Chrome Cache Entry: 98
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 99
|
SVG Scalable Vector Graphics image
|
downloaded
|
There are 57 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.americanexpress.com/us/pakyc/
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2008,i,11165410213512412256,6401227915527638973,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.americanexpress.com/us/pakyc/
|
|||
https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-f60a62d583bd.min.js
|
unknown
|
||
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-c5299abd23ef05bd6d
|
unknown
|
||
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-4454a9ef97c1c8cd89
|
unknown
|
||
https://feross.org/opensource
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-186af9da7404-staging.min.js
|
unknown
|
||
https://html2canvas.hertzen.com
|
unknown
|
||
https://github.com/js-cookie/js-cookie
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/66bfa1f1c370/launch-a84bcfcd9f88-staging.min.js
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-ffeccfbfebd3.min.js
|
unknown
|
||
http://feross.org
|
unknown
|
||
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-bea3c9697c62409967
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/61650f53735f/launch-77374eae9c9b-staging.min.js
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-25c1ded7854b-staging.min.js
|
unknown
|
||
https://hertzen.com
|
unknown
|
||
https://github.com/facebook/regenerator/blob/main/LICENSE
|
unknown
|
||
https://assets.adobedtm.com/dcb19cbd6cbf/333b39a46679/launch-df6a13efe609-staging.min.js
|
unknown
|
||
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
d2pz9khpjpljz2.cloudfront.net
|
108.138.85.124
|
||
www.google.com
|
142.250.9.105
|
||
americanexpress.com.ssl.d2.sc.omtrdc.net
|
63.140.38.132
|
||
omns.americanexpress.com
|
unknown
|
||
functions.americanexpress.com
|
unknown
|
||
assets.adobedtm.com
|
unknown
|
||
iformservice.americanexpress.com
|
unknown
|
||
siteintercept.qualtrics.com
|
unknown
|
||
www.americanexpress.com
|
unknown
|
||
icm.aexp-static.com
|
unknown
|
||
lptag.liveperson.net
|
unknown
|
||
www.aexp-static.com
|
unknown
|
||
nexus.ensighten.com
|
unknown
|
||
oneforms.americanexpress.com
|
unknown
|
There are 4 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.9.105
|
www.google.com
|
United States
|
||
63.140.38.132
|
americanexpress.com.ssl.d2.sc.omtrdc.net
|
United States
|
||
192.168.2.17
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
63.140.39.35
|
unknown
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://oneforms.americanexpress.com/iForms/open/paKycOptions_en_US?page=1
|