Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:52:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:52:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:52:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:52:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:52:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 74
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 75
|
ASCII text, with very long lines (631)
|
downloaded
|
||
Chrome Cache Entry: 76
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 77
|
HTML document, ASCII text
|
dropped
|
||
Chrome Cache Entry: 78
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 79
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 80
|
ASCII text, with very long lines (1256), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 81
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 82
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 83
|
ASCII text, with very long lines (631)
|
downloaded
|
||
Chrome Cache Entry: 84
|
gzip compressed data, from Unix, original size modulo 2^32 4747
|
downloaded
|
||
Chrome Cache Entry: 85
|
MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
Chrome Cache Entry: 86
|
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 87
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 88
|
Unicode text, UTF-8 text
|
downloaded
|
||
Chrome Cache Entry: 89
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 90
|
ASCII text, with very long lines (17673)
|
downloaded
|
||
Chrome Cache Entry: 91
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 92
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 93
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 94
|
ASCII text, with very long lines (56412), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 95
|
MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 96
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 97
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
There are 21 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2212,i,10201416782276459292,16793361872005347098,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0
|
|||
http://www.iana.org/help/example-domains
|
|||
https://james-fay.bradentoncc.store/index.php?mail=%20james.fay@countynationalbank.com&codeveri=shareddocument18293sgdickd857&denys=102.129.152.220&paths=above&file=https://drive.google.com/file/d/1TmxsZZG1hQtw87bBlO_DVay1gYIMbGhE/view?usp=sharing&link=Fax_Outlook
|
188.116.24.148
|
||
https://developers.google.com/recaptcha/docs/faq#localhost_support
|
unknown
|
||
https://www.iana.org/_img/2022/iana-logo-header.svg
|
192.0.33.8
|
||
https://support.google.com/recaptcha#6262736
|
unknown
|
||
https://cloud.google.com/recaptcha-enterprise/billing-information
|
unknown
|
||
https://recaptcha.net
|
unknown
|
||
https://www.apache.org/licenses/
|
unknown
|
||
https://www.iana.org/_img/bookmark_icon.ico
|
192.0.33.8
|
||
https://www.iana.org/_css/2022/iana_website.css
|
192.0.33.8
|
||
https://vmmessanger.rdocmglobal.com/docs/index.php?mail=%20james.fay@countynationalbank.com&paths=above&link=Fax_Outlook
|
38.180.91.41
|
||
about:blank
|
|||
https://james-fay.bradentoncc.store/index0.php
|
|||
https://support.google.com/recaptcha/?hl=en#6223828
|
unknown
|
||
https://www.google.com/recaptcha/api2/reload?k=6Lc5jKspAAAAAPzFbvZ4x6Zatum613Go4S0ujelf
|
192.178.50.68
|
||
https://cloud.google.com/contact
|
unknown
|
||
https://www.iana.org/_img/2022/fonts/NotoSans-Bold.woff
|
192.0.33.8
|
||
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
|
unknown
|
||
https://migconsultings.com/?xgshwmpx&qrc=james.fay@countynationalbank.com
|
82.180.161.153
|
||
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
|
unknown
|
||
https://href.li/?https://example.com
|
192.0.78.26
|
||
https://www.iana.org/_js/iana.js
|
192.0.33.8
|
||
https://james-fay.bradentoncc.store/verify.php
|
188.116.24.148
|
||
https://www.iana.org/_img/2022/fonts/NotoSans-Regular.woff
|
192.0.33.8
|
||
https://example.com/favicon.ico
|
93.184.215.14
|
||
https://support.google.com/recaptcha/#6175971
|
unknown
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5jKspAAAAAPzFbvZ4x6Zatum613Go4S0ujelf&co=aHR0cHM6Ly9qYW1lcy1mYXkuYnJhZGVudG9uY2Muc3RvcmU6NDQz&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=vxeyk0h3vqbr
|
|||
https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
|
unknown
|
||
https://www.iana.org/domains/example
|
192.0.33.8
|
||
https://vmmessanger.rdocmglobal.com/docs/index0.php
|
38.180.91.41
|
||
https://www.google.com/recaptcha/api2/
|
unknown
|
||
https://www.google.com/recaptcha/api.js?render=6Lc5jKspAAAAAPzFbvZ4x6Zatum613Go4S0ujelf
|
142.250.217.164
|
||
https://www.iana.org/_js/jquery.js
|
192.0.33.8
|
||
https://example.com/
|
|||
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m
|
192.178.50.68
|
||
https://www.google.com/js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js
|
192.178.50.68
|
||
https://www.google.com/recaptcha/api2/clr?k=6Lc5jKspAAAAAPzFbvZ4x6Zatum613Go4S0ujelf
|
192.178.50.68
|
||
https://support.google.com/recaptcha
|
unknown
|
||
https://james-fay.bradentoncc.store/favicon.ico
|
188.116.24.148
|
There are 30 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
james-fay.bradentoncc.store
|
188.116.24.148
|
||
migconsultings.com
|
82.180.161.153
|
||
www.google.com
|
142.250.217.196
|
||
vmmessanger.rdocmglobal.com
|
38.180.91.41
|
||
global-cdp1.sfdc-yfeipo.svc.sfdcfc.net
|
52.205.88.207
|
||
example.com
|
93.184.215.14
|
||
ianawww.vip.icann.org
|
192.0.33.8
|
||
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
href.li
|
192.0.78.26
|
||
cdp1.tracking.e360.salesforce.com
|
unknown
|
||
www.iana.org
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.0.33.8
|
ianawww.vip.icann.org
|
United States
|
||
188.116.24.148
|
james-fay.bradentoncc.store
|
Poland
|
||
192.178.50.68
|
unknown
|
United States
|
||
142.250.217.228
|
unknown
|
United States
|
||
192.168.2.5
|
unknown
|
unknown
|
||
192.0.78.26
|
href.li
|
United States
|
||
142.250.217.164
|
unknown
|
United States
|
||
142.250.217.196
|
www.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
93.184.215.14
|
example.com
|
European Union
|
||
38.180.91.41
|
vmmessanger.rdocmglobal.com
|
United States
|
||
82.180.161.153
|
migconsultings.com
|
Denmark
|
||
52.205.88.207
|
global-cdp1.sfdc-yfeipo.svc.sfdcfc.net
|
United States
|
There are 3 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://james-fay.bradentoncc.store/index0.php
|
||
https://james-fay.bradentoncc.store/index0.php
|
||
about:blank
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5jKspAAAAAPzFbvZ4x6Zatum613Go4S0ujelf&co=aHR0cHM6Ly9qYW1lcy1mYXkuYnJhZGVudG9uY2Muc3RvcmU6NDQz&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=vxeyk0h3vqbr
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5jKspAAAAAPzFbvZ4x6Zatum613Go4S0ujelf&co=aHR0cHM6Ly9qYW1lcy1mYXkuYnJhZGVudG9uY2Muc3RvcmU6NDQz&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=vxeyk0h3vqbr
|
||
https://example.com/
|
||
http://www.iana.org/help/example-domains
|