Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 16:17:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 16:17:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 16:17:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 16:17:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 16:17:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 139
|
ASCII text, with very long lines (631)
|
downloaded
|
||
Chrome Cache Entry: 140
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 141
|
ASCII text, with very long lines (65450), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 142
|
ASCII text, with very long lines (2593)
|
downloaded
|
||
Chrome Cache Entry: 143
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 144
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 145
|
ASCII text, with very long lines (1222), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 146
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 147
|
ASCII text, with very long lines (56412), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 148
|
ASCII text, with very long lines (17673)
|
downloaded
|
||
Chrome Cache Entry: 149
|
Unicode text, UTF-8 text, with very long lines (64394), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 150
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 151
|
assembler source, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 152
|
ASCII text, with no line terminators
|
downloaded
|
There are 11 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://kra.ndml.in/kra-web/Mail/ENEDpDME_ddRnXxVc50cpgYEG3w8mclx4APm6ShyCOrrvM6hBqc3-5vCvQN-X5XN/Pbpp1LlByBKEzvjWvaUdYAoxoxNWtNmpdPLEflzCf0nTwIx6mcECpQ==/PhKsGuPve2w=
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1936,i,2990256087952315808,2795152919663852828,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2044,i,10422334157882643257,4372687792267405033,262144
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://kra.ndml.in/kra-web/Mail/ENEDpDME_ddRnXxVc50cpgYEG3w8mclx4APm6ShyCOrrvM6hBqc3-5vCvQN-X5XN/Pbpp1LlByBKEzvjWvaUdYAoxoxNWtNmpdPLEflzCf0nTwIx6mcECpQ==/PhKsGuPve2w=
|
|||
https://kra.ndml.in/kra-web/MailClose.jsp
|
59.163.48.94
|
||
https://developers.google.com/recaptcha/docs/faq#localhost_support
|
unknown
|
||
https://support.google.com/recaptcha#6262736
|
unknown
|
||
https://kra.ndml.in/kra-web/themes/layout.css
|
59.163.48.94
|
||
https://cloud.google.com/recaptcha-enterprise/billing-information
|
unknown
|
||
http://kra.ndml.in/kra-web/Mail/ENEDpDME_ddRnXxVc50cpgYEG3w8mclx4APm6ShyCOrrvM6hBqc3-5vCvQN-X5XN/Pbpp1LlByBKEzvjWvaUdYAoxoxNWtNmpdPLEflzCf0nTwIx6mcECpQ==/PhKsGuPve2w=
|
59.163.48.94
|
||
http://jqueryui.com
|
unknown
|
||
https://recaptcha.net
|
unknown
|
||
https://www.apache.org/licenses/
|
unknown
|
||
https://www.google.com/async/newtab_promos
|
142.250.217.196
|
||
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGPrDr7EGIjA51nBO0ouJB96IkrPObbeH40esAxTUWJYDSH_tpPv7r8GIlnQ1bntE4rLxvVsQBtUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
||
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.217.196
|
||
https://support.google.com/recaptcha/?hl=en#6223828
|
unknown
|
||
https://www.google.com/favicon.ico
|
142.250.217.196
|
||
https://cloud.google.com/contact
|
unknown
|
||
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
|
unknown
|
||
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.217.196
|
||
https://www.google.com/search?q=nyt+connections+hints+april+26&oq=&gs_lcrp=EgZjaHJvbWUqDggCEAAYAxhCGI8BGOoCMgwIABAuGAMYjwEY6gIyDggBEAAYAxhCGI8BGOoCMg4IAhAAGAMYQhiPARjqAjIOCAMQABgDGEIYjwEY6gIyDggEEAAYAxhCGI8BGOoCMg4IBRAAGAMYQhiPARjqAjIOCAYQABgDGEIYjwEY6gIyDggHEAAYAxhCGI8BGOoC0gEKMjEzMDE2ajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8
|
142.250.217.196
|
||
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dnyt%2Bconnections%2Bhints%2Bapril%2B26%26oq%3D%26gs_lcrp%3DEgZjaHJvbWUqDggCEAAYAxhCGI8BGOoCMgwIABAuGAMYjwEY6gIyDggBEAAYAxhCGI8BGOoCMg4IAhAAGAMYQhiPARjqAjIOCAMQABgDGEIYjwEY6gIyDggEEAAYAxhCGI8BGOoCMg4IBRAAGAMYQhiPARjqAjIOCAYQABgDGEIYjwEY6gIyDggHEAAYAxhCGI8BGOoC0gEKMjEzMDE2ajBqN6gCCLACAQ%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmgZjcGILEr7EGIjDYWZjKno5JvCWZFz_8l_wfRjhUucocyKy4RSU_MxZIiCKq2ngkq1Rr5-2EKs1dAfoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
||
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.217.196
|
||
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
|
unknown
|
||
https://www.google.com/recaptcha/api.js
|
142.250.217.196
|
||
https://support.google.com/recaptcha/#6175971
|
unknown
|
||
https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
|
unknown
|
||
https://kra.ndml.in/kra-web/javascripts/jquery-ui.min.js
|
59.163.48.94
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
|
142.250.217.196
|
||
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGPnDr7EGIjBmzD6XKne16sxc7aHb3W-_JuZBXg9GdeRJ5dqb22OPbS63K98czF4n9otYLEAd3dAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.217.196
|
||
https://kra.ndml.in/kra-web/javascripts/jquery.min.js
|
59.163.48.94
|
||
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.217.196
|
||
https://www.google.com/recaptcha/api2/
|
unknown
|
||
https://kra.ndml.in/kra-web/Mail/ENEDpDME_ddRnXxVc50cpgYEG3w8mclx4APm6ShyCOrrvM6hBqc3-5vCvQN-X5XN/Pbpp1LlByBKEzvjWvaUdYAoxoxNWtNmpdPLEflzCf0nTwIx6mcECpQ==/PhKsGuPve2w=
|
59.163.48.94
|
||
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m
|
142.250.217.196
|
||
https://www.google.com/js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js
|
142.250.217.196
|
||
https://support.google.com/recaptcha
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
kra.ndml.in
|
59.163.48.94
|
||
www.google.com
|
142.250.217.228
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.2.16
|
unknown
|
unknown
|
||
142.250.217.228
|
www.google.com
|
United States
|
||
59.163.48.94
|
kra.ndml.in
|
India
|
||
142.250.217.196
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
9FCE35E000
|
stack
|
page read and write
|
||
246502F8000
|
heap
|
page read and write
|
||
9FCE2DC000
|
stack
|
page read and write
|
||
9FCE67F000
|
stack
|
page read and write
|
||
246502F0000
|
heap
|
page read and write
|
||
246504D0000
|
heap
|
page read and write
|
||
24650510000
|
heap
|
page read and write
|
||
24650500000
|
heap
|
page read and write
|
||
246503F0000
|
heap
|
page read and write
|
||
24651E70000
|
heap
|
page read and write
|
||
24650505000
|
heap
|
page read and write
|
||
9FCE3DE000
|
stack
|
page read and write
|
There are 2 hidden memdumps, click here to show them.