Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:25 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 15:48:24 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 73
|
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
|
dropped
|
||
Chrome Cache Entry: 74
|
gzip compressed data, was "tmp2ne1zt4s", last modified: Fri Apr 26 16:19:19 2024, max compression, original size modulo 2^32
10118
|
downloaded
|
||
Chrome Cache Entry: 75
|
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 76
|
gzip compressed data, was "tmplrdegmtp", last modified: Fri Apr 26 16:19:16 2024, max compression, original size modulo 2^32
108698
|
downloaded
|
||
Chrome Cache Entry: 77
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 78
|
ASCII text, with very long lines (65460)
|
downloaded
|
||
Chrome Cache Entry: 79
|
gzip compressed data, was "tmpal41mhu_", last modified: Fri Apr 26 14:50:44 2024, max compression, original size modulo 2^32
24244
|
downloaded
|
||
Chrome Cache Entry: 80
|
gzip compressed data, was "tmpvrxozzka", last modified: Fri Apr 26 14:50:40 2024, max compression, original size modulo 2^32
163781
|
downloaded
|
||
Chrome Cache Entry: 81
|
gzip compressed data, was "tmphzxt6b3r", last modified: Fri Apr 26 14:50:44 2024, max compression, original size modulo 2^32
347588
|
downloaded
|
||
Chrome Cache Entry: 82
|
HTML document, ASCII text, with very long lines (59546)
|
downloaded
|
There are 7 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=2032,i,1493493240830737483,1153212126501728940,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUbw5SOTlYmHWrdXr3FajOPmkSx5zoRHmxVaRd1BAEnce9rwTUjg3B8RvbzsDNP12Ff75VbzqYaZV5Cch3PbDQFtk10jVQqNbcsmLi4jbymPatVX5nY7tI1TlNbICQcLWNoxnYTJgmNELYwsXEEyqH2dxuntngVlJ6Z5h4m8HTOdRvlzxMPPL1L36N7DfQ59FtksF3b25id7YUBVFqjGt3LH-2F4wQvWszO5P9romYsnx5xdYnZz4-2BvTlr4xH9rLXNCZvwZaFyCV5JCfrq0ShrCd8C37Bd0qlt8gUCAnKNy5LPus8JZi21TXrOrGNU6d5sxCqNYmCsEwhH6C9K5d2wszv7qw-2Fv-2FHjEM-3D"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUbw5SOTlYmHWrdXr3FajOPmkSx5zoRHmxVaRd1BAEnce9rwTUjg3B8RvbzsDNP12Ff75VbzqYaZV5Cch3PbDQFtk10jVQqNbcsmLi4jbymPatVX5nY7tI1TlNbICQcLWNoxnYTJgmNELYwsXEEyqH2dxuntngVlJ6Z5h4m8HTOdRvlzxMPPL1L36N7DfQ59FtksF3b25id7YUBVFqjGt3LH-2F4wQvWszO5P9romYsnx5xdYnZz4-2BvTlr4xH9rLXNCZvwZaFyCV5JCfrq0ShrCd8C37Bd0qlt8gUCAnKNy5LPus8JZi21TXrOrGNU6d5sxCqNYmCsEwhH6C9K5d2wszv7qw-2Fv-2FHjEM-3D
|
|||
https://assets.apollo.io/js/bundle-app-production-7012-50c34dca8b7ca494c30f.js
|
34.102.205.190
|
||
https://u43140843.ct.sendgrid.net/ls/click?upn=u001.FULPoWoOJjjMK7Iu3Hm9dKua1Ujg-2BXfmD3Dpv413Ur-2Bguspdn2MOgHExqb-2BHV1ab2eCm9V4giLEeU4sr24VchYln1wH-2FzU5qN3bG8tgo8dE3q40-2FkEp8mm3kFm9RbmkRDgzL3r7GOi2yLaUwTIbjvw-3D-3DLm78_EDJSrGUK2rdmRgVlbW4kzix0SMOC9Aad6NUmnIyhty5lBnt69TBV1Ypr17mqpfKnfw3BT6HZkBmUbw5SOTlYmHWrdXr3FajOPmkSx5zoRHmxVaRd1BAEnce9rwTUjg3B8RvbzsDNP12Ff75VbzqYaZV5Cch3PbDQFtk10jVQqNbcsmLi4jbymPatVX5nY7tI1TlNbICQcLWNoxnYTJgmNELYwsXEEyqH2dxuntngVlJ6Z5h4m8HTOdRvlzxMPPL1L36N7DfQ59FtksF3b25id7YUBVFqjGt3LH-2F4wQvWszO5P9romYsnx5xdYnZz4-2BvTlr4xH9rLXNCZvwZaFyCV5JCfrq0ShrCd8C37Bd0qlt8gUCAnKNy5LPus8JZi21TXrOrGNU6d5sxCqNYmCsEwhH6C9K5d2wszv7qw-2Fv-2FHjEM-3D
|
167.89.118.118
|
||
https://disarming-individualist-2448d018e760.herokuapp.com/u?mid=662111e2b41b5c000793ac46
|
18.211.231.38
|
||
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
|
|||
https://bam.nr-data.net/1/f318cdbaae?a=127348941&v=1.257.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=14163&ck=0&s=897981c547c13349&ref=https://www.aptracking1.com/u&af=err,xhr,stn,ins,spa&ap=10&be=6173&fe=5818&dc=4221&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1714150104607,%22n%22:0,%22f%22:4537,%22dn%22:4584,%22dne%22:4769,%22c%22:4769,%22s%22:4770,%22ce%22:5685,%22rq%22:5685,%22rp%22:6173,%22rpe%22:7887,%22di%22:7934,%22ds%22:10394,%22de%22:10394,%22dc%22:11988,%22l%22:11989,%22le%22:11991%7D,%22navigation%22:%7B%7D%7D&fp=10410&fcp=12057
|
162.247.243.29
|
||
https://www.aptracking1.com/favicon.ico
|
34.149.61.18
|
||
https://assets.apollo.io/js/bundle-app-production-8015-a4a05b611c31fdf0ac15.js
|
34.102.205.190
|
||
https://assets.apollo.io/js/bundle-app-production-7977-78bb72fada7e81315467.js
|
34.102.205.190
|
||
https://js-agent.newrelic.com/nr-spa-1.257.0.min.js
|
162.247.243.39
|
||
https://bam.nr-data.net/events/1/f318cdbaae?a=127348941&v=1.257.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=24893&ck=0&s=897981c547c13349&ref=https://www.aptracking1.com/u
|
162.247.243.29
|
||
https://assets.apollo.io/js/unsubscribe-ui.js
|
34.102.205.190
|
||
https://assets.apollo.io/js/bundle-app-production-8627-07fdd6b2e595c0888e76.js
|
34.102.205.190
|
||
https://bam.nr-data.net/events/1/f318cdbaae?a=127348941&v=1.257.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=54900&ck=0&s=897981c547c13349&ref=https://www.aptracking1.com/u
|
162.247.243.29
|
There are 3 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
fastly-tls12-bam.nr-data.net
|
162.247.243.29
|
||
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
www.aptracking1.com
|
34.149.61.18
|
||
assets.apollo.io
|
34.102.205.190
|
||
js-agent.newrelic.com
|
162.247.243.39
|
||
www.google.com
|
142.250.217.164
|
||
u43140843.ct.sendgrid.net
|
167.89.118.118
|
||
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
disarming-individualist-2448d018e760.herokuapp.com
|
18.211.231.38
|
||
bam.nr-data.net
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
167.89.118.118
|
u43140843.ct.sendgrid.net
|
United States
|
||
34.149.61.18
|
www.aptracking1.com
|
United States
|
||
18.211.231.38
|
disarming-individualist-2448d018e760.herokuapp.com
|
United States
|
||
192.168.2.5
|
unknown
|
unknown
|
||
34.102.205.190
|
assets.apollo.io
|
United States
|
||
142.250.217.164
|
www.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
192.168.2.15
|
unknown
|
unknown
|
||
162.247.243.29
|
fastly-tls12-bam.nr-data.net
|
United States
|
||
162.247.243.39
|
js-agent.newrelic.com
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
|
||
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
|
||
https://www.aptracking1.com/u?action=render_unsubscribe&controller=redirector&mid=662111e2b41b5c000793ac46
|