Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\Downloads\9a25b646-7ba5-4e95-ba13-3c430acbcc9e.tmp
|
Zip archive data, at least v4.5 to extract, compression method=store
|
dropped
|
||
C:\Users\user\Downloads\PrivacyGuardBrowser.1.10.78.0.Msix (copy)
|
Zip archive data, at least v4.5 to extract, compression method=store
|
dropped
|
||
C:\Users\user\Downloads\Unconfirmed 403941.crdownload
|
Zip archive data, at least v4.5 to extract, compression method=store
|
dropped
|
||
Chrome Cache Entry: 57
|
ISO Media, MP4 v2 [ISO 14496-14]
|
downloaded
|
||
Chrome Cache Entry: 58
|
ASCII text, with no line terminators
|
dropped
|
||
Chrome Cache Entry: 59
|
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 60
|
ASCII text, with very long lines (607)
|
downloaded
|
||
Chrome Cache Entry: 61
|
HTML document, Unicode text, UTF-8 text, with very long lines (2013)
|
downloaded
|
||
Chrome Cache Entry: 62
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 63
|
ISO Media, MP4 v2 [ISO 14496-14]
|
downloaded
|
||
Chrome Cache Entry: 64
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 65
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 66
|
ASCII text, with no line terminators
|
dropped
|
||
Chrome Cache Entry: 67
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 68
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
Chrome Cache Entry: 69
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 70
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 71
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 72
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
Chrome Cache Entry: 73
|
Unicode text, UTF-8 (with BOM) text, with very long lines (547)
|
downloaded
|
||
Chrome Cache Entry: 74
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 75
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 76
|
PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 77
|
PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1984,i,4643450290400954545,2623845929518352052,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0"
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c "C:\Users\user\Desktop\"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://remotescripps.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDE1Mzc1OSwiaWF0IjoxNzE0MTQ2NTU5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjR0dWRtOGRsODdyZnRzMjAwaGg0czciLCJuYmYiOjE3MTQxNDY1NTksInRzIjoxNzE0MTQ2NTU5NTc0OTUxfQ.4QAtENw-EyGdzGdXpnWXNKSArwdeAYageduFzSwX3pI&sid=8b44beca-03e4-11ef-af17-3cc94e56dea0
|
|||
https://yandex.com/an/sync_cookie
|
unknown
|
||
http://104.154.23.126/data-ingest
|
unknown
|
||
https://impr.zautils.online/impression?c=intpgdirect
|
unknown
|
||
https://red.zautils.online/downloadproxy/intpgdirect/
|
unknown
|
||
https://mc.yandex.
|
unknown
|
||
https://s3.mds.yandex.net/internal-metrika-betas
|
unknown
|
||
https://yastatic.net/s3/gdpr/v3/gdpr
|
unknown
|
||
https://yastatic.net/s3/metrika
|
unknown
|
||
https://ymetrica1.com/watch/3/1
|
unknown
|
||
https://dtools.zautils.online/geturl/PrivacyGuard/intpgdirect
|
unknown
|
||
https://mc.yandex.md/cc
|
unknown
|
||
https://cintlp.zautils.online/?subid=90818143905&cid=8899&tag=dm&dkw=remotescripps.org&rhi=0bc29bef-b9ff-47fa-9c64-762e9458389c
|
|||
https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
|
unknown
|
There are 3 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
162.254.207.52
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
35.186.241.51
|
unknown
|
United States
|
||
192.178.50.46
|
unknown
|
United States
|
||
172.217.2.195
|
unknown
|
United States
|
||
87.250.250.119
|
unknown
|
Russian Federation
|
||
142.250.64.138
|
unknown
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
142.250.64.195
|
unknown
|
United States
|
||
130.211.5.208
|
unknown
|
United States
|
||
172.67.136.85
|
unknown
|
United States
|
||
107.178.240.159
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
206.189.225.178
|
unknown
|
United States
|
||
93.158.134.119
|
unknown
|
Russian Federation
|
||
142.251.35.228
|
unknown
|
United States
|
||
3.220.57.224
|
unknown
|
United States
|
||
142.251.162.84
|
unknown
|
United States
|
||
77.88.21.119
|
unknown
|
Russian Federation
|
||
172.217.3.67
|
unknown
|
United States
|
||
13.35.116.53
|
unknown
|
United States
|
There are 11 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://cintlp.zautils.online/?subid=90818143905&cid=8899&tag=dm&dkw=remotescripps.org&rhi=0bc29bef-b9ff-47fa-9c64-762e9458389c
|