Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 20:07:28 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 20:07:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 20:07:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 20:07:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 20:07:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 102
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
Web Open Font Format, TrueType, length 36696, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 104
|
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 105
|
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 106
|
ASCII text, with very long lines (1222), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
ASCII text, with very long lines (45667)
|
downloaded
|
||
|
Chrome Cache Entry: 110
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 111
|
PNG image data, 53 x 52, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 112
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 113
|
PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 114
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 115
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 116
|
Web Open Font Format, TrueType, length 35970, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 117
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 118
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
PNG image data, 53 x 52, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 120
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 121
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 122
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 123
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 124
|
PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 125
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 126
|
HTML document, ASCII text, with very long lines (1445), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 127
|
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 128
|
HTML document, ASCII text, with very long lines (59293), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 86
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 87
|
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (23398), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 92
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
ASCII text, with very long lines (1437), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 96
|
PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 97
|
ASCII text, with very long lines (42414)
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
ASCII text, with very long lines (597)
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
|
downloaded
|
There are 41 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2384,i,13496683094245167062,5294417639727405623,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clicks.aweber.com/y/ct/?l=irQzWw&m=hE2OWd5T.UYPuTr&b=hqint4ojZ0QPjD7.f4mxDg#Ym5hbmRlcnNvbkBwcmVzaWRpby5jb20="
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://clicks.aweber.com/y/ct/?l=irQzWw&m=hE2OWd5T.UYPuTr&b=hqint4ojZ0QPjD7.f4mxDg#Ym5hbmRlcnNvbkBwcmVzaWRpby5jb20=
|
 |
||
|
https://jcq36.einewomi.com/opWIFXeQPwUDleHRlFYOXglfASDUJNPYISEKKQYRINTUSJURHFTOGRNOCEULEL?ClhWUfZlggCMPRqerKBkssUKSQEJWVCFYHRPJJEODRZJTXUUHAVFJFE#
|
|
||
|
https://jcq36.einewomi.com/opWIFXeQPwUDleHRlFYOXglfASDUJNPYISEKKQYRINTUSJURHFTOGRNOCEULEL?ClhWUfZlggCMPRqerKBkssUKSQEJWVCFYHRPJJEODRZJTXUUHAVFJFE
|
|
||
|
https://jcq36.einewomi.com/56amDdS8Xlyi23UibOV0yuuv60
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/ijOfinxA7CvHEQtqSiH0dm44FbnCcdGY7Mn76sJFMRmjfT6Mk78168
|
172.67.137.23
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1171231238:1713990317:E_uv8VEIvF7ePz7GD71W1gsYg6SqwvDL8AyFrjK0IDo/8799105f5a5e09f7/0156a4786a5aa7e
|
104.17.2.184
|
||
|
https://jcq36.einewomi.com/klnKXIDTw6njKjUToXUWnIfQmP23S5BdZkCuZ9bmo56EPKEf8G6ddzcLmhpUXmMDwx219
|
172.67.137.23
|
||
|
https://code.jquery.com/jquery-3.6.0.min.js
|
151.101.130.137
|
||
|
https://developers.google.com/recaptcha/docs/faq#localhost_support
|
unknown
|
||
|
https://acmeauto.in/wp/#Ym5hbmRlcnNvbkBwcmVzaWRpby5jb20=
|
|||
|
https://jcq36.einewomi.com/3lwz8fh/#M
|
unknown
|
||
|
https://jcq36.einewomi.com/3lwz8fh/?IMbnanderson@presidio.com
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/ajs3vQkF6me832n2I0kJAyFST9MVlOeyQ4NMkb1NFQ6YwIlSyQtGtSL6YGv0t
|
172.67.137.23
|
||
|
https://support.google.com/recaptcha#6262736
|
unknown
|
||
|
https://jcq36.einewomi.com/favicon.ico
|
172.67.137.23
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8799105f5a5e09f7/1713992859511/WtT2jcbnXI7j1g2
|
104.17.2.184
|
||
|
https://support.google.com/recaptcha/?hl=en#6223828
|
unknown
|
||
|
https://cloud.google.com/contact
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8799105f5a5e09f7
|
104.17.2.184
|
||
|
https://www.google.com/recaptcha/api.js
|
142.250.101.104
|
||
|
https://support.google.com/recaptcha/#6175971
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.17.2.184
|
||
|
https://jcq36.einewomi.com/23GDvvg9apn90HB2XHHcK3Svw70
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/34U7ffLhOWdVCsyO1MklEh7jAJLCHRKI089103
|
172.67.137.23
|
||
|
https://www.google.com/recaptcha/api2/
|
unknown
|
||
|
https://jcq36.einewomi.com/opQ1VLLxlmCyN0H1bJZA12Sf5aAzBd7njDwdYX50uvvGCU6B7h61ClQhaEkS3imef240
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/wxvmmr0dvvMRPJAsjsIlZCtz2ev3opgvXt8OR3buSD34130
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket
|
172.67.137.23
|
||
|
https://a.nel.cloudflare.com/report/v4?s=jtWZp9UYGtvzaNQ8LcAd7hjEyfpgSkrT2gFHR8AhHIRobEYaySv4GvNVpxEaRIXeEMbeDYy7EFFcLxbcOHwjefp%2FpfSh0357UMAFGfuSR4VzOABbhef%2BZRCRSuPbDA%3D%3D
|
35.190.80.1
|
||
|
https://jcq36.einewomi.com/uve2MfajydXQgpw6QNYt2YCKmeylMRnRO1pnOJW67Vr4A1GFFdFd4qCsqWQNd7ULnGol1RNAD28kYNgh253
|
172.67.137.23
|
||
|
https://support.google.com/recaptcha
|
unknown
|
||
|
https://jcq36.einewomi.com/qrLs7Dn8lp4Gow0sl0LIw3toGAEsOGXef8pFFrJ39Ftha1Mn4N45137
|
172.67.137.23
|
||
|
https://acmeauto.in/wp/
|
51.210.113.194
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j2r0y/0x4AAAAAAAYAC32yuaG42rzP/auto/normal
|
|||
|
https://jcq36.einewomi.com/xycKEKEFEwwCncpq6Ycd30
|
172.67.137.23
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8799105f5a5e09f7/1713992859511/9be289fbebc6b4b3a22797ac778fe8b1969b1f35e8eb77ad6b7438e982c1b885/yeAuYz4NAjBXHTy
|
104.17.2.184
|
||
|
https://jcq36.einewomi.com/ef8nL56d8pZlD34Xb3O9fQ6A4DEUrkl97
|
172.67.137.23
|
||
|
https://cloud.google.com/recaptcha-enterprise/billing-information
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
https://www.apache.org/licenses/
|
unknown
|
||
|
https://clicks.aweber.com/y/ct/?l=irQzWw&m=hE2OWd5T.UYPuTr&b=hqint4ojZ0QPjD7.f4mxDg
|
172.64.151.51
|
||
|
https://acmeauto.in/wp
|
51.210.113.194
|
||
|
https://www.gstatic.c..?/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__.
|
unknown
|
||
|
https://jcq36.einewomi.com/56ghqiC6i6EZZmmqxyr895G6720
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/yzOjGmJZRfp6MuDr3pmkD5LZxwLbSd0sUt315UrsOHo8W9f7PGnesPXgKkUab175
|
172.67.137.23
|
||
|
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://jcq36.einewomi.com/89dBaTGaMI14cdC3GglM670jDab80
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/ghdwLwhtUo6JsNMGaykPpPmURTIsJDWlY9ZJvklNhTvmC6ukVYDmzvSTvxthORbvG7OuyBvef210
|
172.67.137.23
|
||
|
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
|
unknown
|
||
|
https://jcq36.einewomi.com/3lwz8fh/
|
172.67.137.23
|
||
|
https://cdn.socket.io/4.6.0/socket.io.min.js
|
13.226.210.57
|
||
|
https://jcq36.einewomi.com/ijnd9WI2swr3KhCMK2bXk7NO7Iop5ndR6Sx7dTSErq3S0c1Qe36iT8Iyz228
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/dxYuNfPDDu8evm7k5QtzW8BRxjPpdbn
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/mn2tvkDL0be18LjQsWGZKqwE0CYAeDAtybmuvh00UnDQUQO7h4eUGNnD90145
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/rsa4mS61xGUn0buMs3WF6CuvpI65UD2BYSQqVDOb9wWKBf92Edef200
|
172.67.137.23
|
||
|
https://jcq36.einewomi.com/rspdG2mv8NZTvRyzmcBZuv40
|
172.67.137.23
|
||
|
http://www.webtoolkit.info/
|
unknown
|
||
|
https://jcq36.einewomi.com/3lwz8fh/#Mbnanderson@presidio.com
|
|||
|
https://jcq36.einewomi.com/yzTXN8LUzG9iFgM78Xozit0SHqr50
|
172.67.137.23
|
There are 49 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jcq36.einewomi.com
|
172.67.137.23
|
||
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
code.jquery.com
|
151.101.130.137
|
||
|
d2vgu95hoyrpkh.cloudfront.net
|
13.226.210.57
|
||
|
presidio.com
|
141.193.213.20
|
||
|
challenges.cloudflare.com
|
104.17.3.184
|
||
|
www.google.com
|
142.250.101.105
|
||
|
acmeauto.in
|
51.210.113.194
|
||
|
clicks.aweber.com
|
172.64.151.51
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
|
cdn.socket.io
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
51.210.113.194
|
acmeauto.in
|
France
|
||
|
142.250.101.105
|
www.google.com
|
United States
|
||
|
142.250.101.104
|
unknown
|
United States
|
||
|
172.64.151.51
|
clicks.aweber.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
151.101.130.137
|
code.jquery.com
|
United States
|
||
|
104.17.3.184
|
challenges.cloudflare.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.67.137.23
|
jcq36.einewomi.com
|
United States
|
||
|
141.193.213.20
|
presidio.com
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
104.17.2.184
|
unknown
|
United States
|
||
|
13.226.210.57
|
d2vgu95hoyrpkh.cloudfront.net
|
United States
|
There are 3 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://jcq36.einewomi.com/opWIFXeQPwUDleHRlFYOXglfASDUJNPYISEKKQYRINTUSJURHFTOGRNOCEULEL?ClhWUfZlggCMPRqerKBkssUKSQEJWVCFYHRPJJEODRZJTXUUHAVFJFE
|
|
|
|
https://jcq36.einewomi.com/opWIFXeQPwUDleHRlFYOXglfASDUJNPYISEKKQYRINTUSJURHFTOGRNOCEULEL?ClhWUfZlggCMPRqerKBkssUKSQEJWVCFYHRPJJEODRZJTXUUHAVFJFE#
|
|
|
|
https://acmeauto.in/wp/#Ym5hbmRlcnNvbkBwcmVzaWRpby5jb20=
|
||
|
https://jcq36.einewomi.com/3lwz8fh/#Mbnanderson@presidio.com
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j2r0y/0x4AAAAAAAYAC32yuaG42rzP/auto/normal
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/j2r0y/0x4AAAAAAAYAC32yuaG42rzP/auto/normal
|