Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:54 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:53 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:53 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:54 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:22:53 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Downloads\76dcb663-2e81-461e-9b72-8fb10e7d180f.tmp
|
PDF document, version 1.6
|
dropped
|
||
C:\Users\user\Downloads\ProjectUpdate-X.pdf (copy)
|
PDF document, version 1.6
|
dropped
|
||
C:\Users\user\Downloads\ProjectUpdate-X.pdf.crdownload
|
PDF document, version 1.6
|
dropped
|
||
C:\Users\user\Downloads\bb9b9f8a-3667-4c1c-a153-54141f8fc828.tmp
|
PDF document, version 1.6
|
dropped
|
||
Chrome Cache Entry: 79
|
ASCII text, with very long lines (65325)
|
downloaded
|
||
Chrome Cache Entry: 80
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 81
|
HTML document, Unicode text, UTF-8 text, with very long lines (52023), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 82
|
ASCII text, with very long lines (48664)
|
downloaded
|
||
Chrome Cache Entry: 83
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
downloaded
|
||
Chrome Cache Entry: 84
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
Chrome Cache Entry: 85
|
ASCII text, with very long lines (32012)
|
downloaded
|
||
Chrome Cache Entry: 86
|
ASCII text, with very long lines (19015)
|
downloaded
|
||
Chrome Cache Entry: 87
|
HTML document, ASCII text, with very long lines (1238)
|
downloaded
|
||
Chrome Cache Entry: 88
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 89
|
ASCII text, with very long lines (54456)
|
downloaded
|
||
Chrome Cache Entry: 90
|
PDF document, version 1.6
|
downloaded
|
||
Chrome Cache Entry: 91
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 92
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 93
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 94
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
Chrome Cache Entry: 95
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 96
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1960,i,14208868564962595604,3052524558064138358,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X
|
|||
https://onetw.wanglinfeng.com/minetake/
|
|||
https://fontawesome.com
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://www.pdfescape.com
|
unknown
|
||
https://onetw.wanglinfeng.com/favicon.ico
|
104.21.89.211
|
||
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
104.17.24.14
|
||
https://getbootstrap.com)
|
unknown
|
||
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
151.101.66.137
|
||
https://onetw.wanglinfeng.com/minetake/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
104.21.89.211
|
||
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
https://onetw.wanglinfeng.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
|
104.21.89.211
|
||
https://use.fontawesome.com/releases/v5.7.0/css/all.css
|
unknown
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
104.18.11.207
|
||
http://opensource.org/licenses/MIT).
|
unknown
|
||
file:///C:/Users/user/Downloads/ProjectUpdate-X.pdf
|
|||
https://www.radpdf.com
|
unknown
|
||
https://onetw.wanglinfeng.com/minetake/images/bg.jpg
|
104.21.89.211
|
||
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
|
104.18.11.207
|
||
https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X
|
54.94.125.253
|
||
https://onetw.wanglinfeng.com/minetake/images/key.svg
|
104.21.89.211
|
||
https://fontawesome.com/license/free
|
unknown
|
||
https://a.nel.cloudflare.com/report/v4?s=Wy3P%2B3cnyD%2BQ6J2%2Fb6beA07x7AnwOy39eWmsjzDhRdOLfw8Dj7TF3Fy353TdzZTCgr6v6wl6T5P3UFSpSu7NEgwUeaRQ2T%2BgMuUhJ4HHgSJ7S3bZVcpmUPWX52uaHQMC8CS6T867sAg%3D
|
35.190.80.1
|
There are 13 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
a.nel.cloudflare.com
|
35.190.80.1
|
||
onetw.wanglinfeng.com
|
104.21.89.211
|
||
code.jquery.com
|
151.101.66.137
|
||
cdnjs.cloudflare.com
|
104.17.24.14
|
||
maxcdn.bootstrapcdn.com
|
104.18.11.207
|
||
www.google.com
|
142.250.217.228
|
||
brazil-proxy-6dd3fa02e902f93c.elb.sa-east-1.amazonaws.com
|
54.94.125.253
|
||
open.camscanner.com
|
unknown
|
||
use.fontawesome.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
192.168.2.17
|
unknown
|
unknown
|
||
142.250.217.228
|
www.google.com
|
United States
|
||
104.18.11.207
|
maxcdn.bootstrapcdn.com
|
United States
|
||
104.21.89.211
|
onetw.wanglinfeng.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
151.101.66.137
|
code.jquery.com
|
United States
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
54.94.125.253
|
brazil-proxy-6dd3fa02e902f93c.elb.sa-east-1.amazonaws.com
|
United States
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://onetw.wanglinfeng.com/minetake/
|
||
file:///C:/Users/user/Downloads/ProjectUpdate-X.pdf
|
||
file:///C:/Users/user/Downloads/ProjectUpdate-X.pdf
|