Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 17:49:15 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 17:49:15 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 17:49:15 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 17:49:15 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Mar 26 17:49:15 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 70
|
gzip compressed data, was "tmpsqol5o1w", last modified: Tue Mar 26 18:28:22 2024, max compression, original size modulo 2^32
346968
|
downloaded
|
||
|
Chrome Cache Entry: 71
|
gzip compressed data, was "tmpaaird6q4", last modified: Tue Mar 26 17:15:58 2024, max compression, original size modulo 2^32
23756
|
downloaded
|
||
|
Chrome Cache Entry: 72
|
ASCII text, with very long lines (65460)
|
downloaded
|
||
|
Chrome Cache Entry: 73
|
gzip compressed data, was "tmpnajcdet_", last modified: Tue Mar 26 17:15:59 2024, max compression, original size modulo 2^32
162110
|
downloaded
|
||
|
Chrome Cache Entry: 74
|
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 76
|
gzip compressed data, was "tmpctdvkv64", last modified: Tue Mar 26 17:15:56 2024, max compression, original size modulo 2^32
108698
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
HTML document, ASCII text, with very long lines (59941)
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
gzip compressed data, was "tmp43awyien", last modified: Tue Mar 26 17:15:54 2024, max compression, original size modulo 2^32
10118
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
JSON data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2020,i,3268176836136726466,13000087644650507593,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://agattu.plix.ai/u?mid=6601ae2964c7bd00071c13cd"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://agattu.plix.ai/u?mid=6601ae2964c7bd00071c13cd
|
|||
|
https://assets.apollo.io/js/bundle-app-production-8015-a4a05b611c31fdf0ac15.js
|
34.102.205.190
|
||
|
https://assets.apollo.io/js/bundle-app-production-7977-3598acce02a7abed456a.js
|
34.102.205.190
|
||
|
https://js-agent.newrelic.com/nr-spa-1.253.0.min.js
|
162.247.243.39
|
||
|
https://assets.apollo.io/js/unsubscribe-ui.js
|
34.102.205.190
|
||
|
https://assets.apollo.io/js/bundle-app-production-7012-2a61c6ae5d188b6c9911.js
|
34.102.205.190
|
||
|
https://bam.nr-data.net/1/f318cdbaae?a=127348941&v=1.253.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=4125&ck=0&s=b100e2003efc3156&ref=https://agattu.plix.ai/u&hr=0&af=err,xhr,stn,ins,spa&ap=11&be=909&fe=2284&dc=1223&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1711478954827,%22n%22:0,%22f%22:4,%22dn%22:325,%22dne%22:325,%22c%22:325,%22s%22:326,%22ce%22:616,%22rq%22:616,%22rp%22:910,%22rpe%22:1163,%22di%22:1183,%22ds%22:2132,%22de%22:2132,%22dc%22:3189,%22l%22:3189,%22le%22:3193%7D,%22navigation%22:%7B%7D%7D&fp=2245&fcp=3268
|
162.247.243.29
|
||
|
https://assets.apollo.io/js/bundle-app-production-8627-07fdd6b2e595c0888e76.js
|
34.102.205.190
|
||
|
https://bam.nr-data.net/events/1/f318cdbaae?a=127348941&v=1.253.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=15276&ck=0&s=b100e2003efc3156&ref=https://agattu.plix.ai/u&hr=0
|
162.247.243.29
|
||
|
https://agattu.plix.ai/u?mid=6601ae2964c7bd00071c13cd
|
|||
|
https://agattu.plix.ai/favicon.ico
|
34.28.233.175
|
||
|
https://bam.nr-data.net/events/1/f318cdbaae?a=127348941&v=1.253.0&to=dwoPEBZaCQgDR01QQl1KF1VLUAgFD1kHQ21ZABIXBVIAOwNDB19GR0oTAQpRABY5UA9QW1g6FAoXQAcXBUcLU1c%3D&rst=45288&ck=0&s=b100e2003efc3156&ref=https://agattu.plix.ai/u&hr=0
|
162.247.243.29
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aplolinks.com
|
34.28.233.175
|
||
|
fastly-tls12-bam.nr-data.net
|
162.247.243.29
|
||
|
assets.apollo.io
|
34.102.205.190
|
||
|
js-agent.newrelic.com
|
162.247.243.39
|
||
|
www.google.com
|
172.253.122.104
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
|
bam.nr-data.net
|
unknown
|
||
|
agattu.plix.ai
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
34.102.205.190
|
assets.apollo.io
|
United States
|
||
|
172.253.122.104
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
162.247.243.29
|
fastly-tls12-bam.nr-data.net
|
United States
|
||
|
34.28.233.175
|
aplolinks.com
|
United States
|
||
|
162.247.243.39
|
js-agent.newrelic.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://agattu.plix.ai/u?mid=6601ae2964c7bd00071c13cd
|
||
|
https://agattu.plix.ai/u?mid=6601ae2964c7bd00071c13cd
|
||
|
https://agattu.plix.ai/u?mid=6601ae2964c7bd00071c13cd
|