IOC Report
https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUb

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 73
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
dropped
Chrome Cache Entry: 74
gzip compressed data, was "tmp2ne1zt4s", last modified: Fri Apr 26 16:19:19 2024, max compression, original size modulo 2^32 10118
downloaded
Chrome Cache Entry: 75
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
downloaded
Chrome Cache Entry: 76
gzip compressed data, was "tmplrdegmtp", last modified: Fri Apr 26 16:19:16 2024, max compression, original size modulo 2^32 108698
downloaded
Chrome Cache Entry: 77
JSON data
dropped
Chrome Cache Entry: 78
ASCII text, with very long lines (65460)
downloaded
Chrome Cache Entry: 79
gzip compressed data, was "tmpal41mhu_", last modified: Fri Apr 26 14:50:44 2024, max compression, original size modulo 2^32 24244
downloaded
Chrome Cache Entry: 80
gzip compressed data, was "tmpvrxozzka", last modified: Fri Apr 26 14:50:40 2024, max compression, original size modulo 2^32 163781
downloaded
Chrome Cache Entry: 81
gzip compressed data, was "tmphzxt6b3r", last modified: Fri Apr 26 14:50:44 2024, max compression, original size modulo 2^32 347588
downloaded
Chrome Cache Entry: 82
HTML document, ASCII text, with very long lines (59546)
downloaded
There are 7 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=2032,i,1493493240830737483,1153212126501728940,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUbw5SOTlYmHWrdXr3FajOPmkSx5zoRHmxVaRd1BAEnce9rwTUjg3B8RvbzsDNP12Ff75VbzqYaZV5Cch3PbDQFtk10jVQqNbcsmLi4jbymPatVX5nY7tI1TlNbICQcLWNoxnYTJgmNELYwsXEEyqH2dxuntngVlJ6Z5h4m8HTOdRvlzxMPPL1L36N7DfQ59FtksF3b25id7YUBVFqjGt3LH-2F4wQvWszO5P9romYsnx5xdYnZz4-2BvTlr4xH9rLXNCZvwZaFyCV5JCfrq0ShrCd8C37Bd0qlt8gUCAnKNy5LPus8JZi21TXrOrGNU6d5sxCqNYmCsEwhH6C9K5d2wszv7qw-2Fv-2FHjEM-3D"

URLs

Name
IP
Malicious
https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUbw5SOTlYmHWrdXr3FajOPmkSx5zoRHmxVaRd1BAEnce9rwTUjg3B8RvbzsDNP12Ff75VbzqYaZV5Cch3PbDQFtk10jVQqNbcsmLi4jbymPatVX5nY7tI1TlNbICQcLWNoxnYTJgmNELYwsXEEyqH2dxuntngVlJ6Z5h4m8HTOdRvlzxMPPL1L36N7DfQ59FtksF3b25id7YUBVFqjGt3LH-2F4wQvWszO5P9romYsnx5xdYnZz4-2BvTlr4xH9rLXNCZvwZaFyCV5JCfrq0ShrCd8C37Bd0qlt8gUCAnKNy5LPus8JZi21TXrOrGNU6d5sxCqNYmCsEwhH6C9K5d2wszv7qw-2Fv-2FHjEM-3D
https://assets.apollo.io/js/bundle-app-production-7012-50c34dca8b7ca494c30f.js
34.102.205.190
https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUbw5SOTlYmHWrdXr3FajOPmkSx5zoRHmxVaRd1BAEnce9rwTUjg3B8RvbzsDNP12Ff75VbzqYaZV5Cch3PbDQFtk10jVQqNbcsmLi4jbymPatVX5nY7tI1TlNbICQcLWNoxnYTJgmNELYwsXEEyqH2dxuntngVlJ6Z5h4m8HTOdRvlzxMPPL1L36N7DfQ59FtksF3b25id7YUBVFqjGt3LH-2F4wQvWszO5P9romYsnx5xdYnZz4-2BvTlr4xH9rLXNCZvwZaFyCV5JCfrq0ShrCd8C37Bd0qlt8gUCAnKNy5LPus8JZi21TXrOrGNU6d5sxCqNYmCsEwhH6C9K5d2wszv7qw-2Fv-2FHjEM-3D
167.89.118.118
https://disarming-individualist-2448d018e760.herokuapp.com/u?mid=662111e2b41b5c000793ac46
18.211.231.38
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
https://bam.nr-data.net/1/f318cdbaae?a=127348941&v=1.257.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=14163&ck=0&s=897981c547c13349&ref=https://www.aptracking1.com/u&af=err,xhr,stn,ins,spa&ap=10&be=6173&fe=5818&dc=4221&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1714150104607,%22n%22:0,%22f%22:4537,%22dn%22:4584,%22dne%22:4769,%22c%22:4769,%22s%22:4770,%22ce%22:5685,%22rq%22:5685,%22rp%22:6173,%22rpe%22:7887,%22di%22:7934,%22ds%22:10394,%22de%22:10394,%22dc%22:11988,%22l%22:11989,%22le%22:11991%7D,%22navigation%22:%7B%7D%7D&fp=10410&fcp=12057
162.247.243.29
https://www.aptracking1.com/favicon.ico
34.149.61.18
https://assets.apollo.io/js/bundle-app-production-8015-a4a05b611c31fdf0ac15.js
34.102.205.190
https://assets.apollo.io/js/bundle-app-production-7977-78bb72fada7e81315467.js
34.102.205.190
https://js-agent.newrelic.com/nr-spa-1.257.0.min.js
162.247.243.39
https://bam.nr-data.net/events/1/f318cdbaae?a=127348941&v=1.257.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=24893&ck=0&s=897981c547c13349&ref=https://www.aptracking1.com/u
162.247.243.29
https://assets.apollo.io/js/unsubscribe-ui.js
34.102.205.190
https://assets.apollo.io/js/bundle-app-production-8627-07fdd6b2e595c0888e76.js
34.102.205.190
https://bam.nr-data.net/events/1/f318cdbaae?a=127348941&v=1.257.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=54900&ck=0&s=897981c547c13349&ref=https://www.aptracking1.com/u
162.247.243.29
There are 3 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fastly-tls12-bam.nr-data.net
162.247.243.29
bg.microsoft.map.fastly.net
199.232.210.172
www.aptracking1.com
34.149.61.18
assets.apollo.io
34.102.205.190
js-agent.newrelic.com
162.247.243.39
www.google.com
142.250.217.164
u43140843.ct.sendgrid.net
167.89.118.118
fp2e7a.wpc.phicdn.net
192.229.211.108
disarming-individualist-2448d018e760.herokuapp.com
18.211.231.38
bam.nr-data.net
unknown

IPs

IP
Domain
Country
Malicious
167.89.118.118
u43140843.ct.sendgrid.net
United States
34.149.61.18
www.aptracking1.com
United States
18.211.231.38
disarming-individualist-2448d018e760.herokuapp.com
United States
192.168.2.5
unknown
unknown
34.102.205.190
assets.apollo.io
United States
142.250.217.164
www.google.com
United States
239.255.255.250
unknown
Reserved
192.168.2.15
unknown
unknown
162.247.243.29
fastly-tls12-bam.nr-data.net
United States
162.247.243.39
js-agent.newrelic.com
United States

DOM / HTML

URL
Malicious
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46