Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 15:26:57 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 15:26:57 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 15:26:57 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 15:26:57 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 23 15:26:57 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 159
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 160
|
HTML document, ASCII text, with very long lines (4845)
|
downloaded
|
||
|
Chrome Cache Entry: 161
|
HTML document, ASCII text, with very long lines (1048)
|
dropped
|
||
|
Chrome Cache Entry: 162
|
HTML document, ASCII text, with very long lines (1048)
|
dropped
|
||
|
Chrome Cache Entry: 163
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 164
|
GIF image data, version 89a, 362 x 362
|
downloaded
|
||
|
Chrome Cache Entry: 165
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 166
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 167
|
Unicode text, UTF-8 text, with very long lines (4046)
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
ASCII text, with very long lines (65461)
|
downloaded
|
||
|
Chrome Cache Entry: 169
|
HTML document, ASCII text, with very long lines (1048)
|
downloaded
|
||
|
Chrome Cache Entry: 170
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 171
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=6, software=Picasa, datetime=2024:04:15 05:09:00], baseline, precision 8, 658x263, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 172
|
PNG image data, 300 x 76, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 173
|
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 174
|
HTML document, ASCII text, with very long lines (4845)
|
downloaded
|
||
|
Chrome Cache Entry: 175
|
GIF image data, version 89a, 362 x 362
|
dropped
|
||
|
Chrome Cache Entry: 176
|
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 177
|
PNG image data, 300 x 76, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 178
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=6, software=Picasa, datetime=2024:04:15 05:09:00], baseline, precision 8, 658x263, components 3
|
dropped
|
||
|
Chrome Cache Entry: 179
|
HTML document, ASCII text
|
downloaded
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1968,i,3506459919583409056,7252220338635904808,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773
|
 |
||
|
https://dataupload.top/bless/arsmtp/main.php
|
66.29.153.243
|
|
|
|
https://us-exg7-exghost-owa-auth-ty2u.onrender.com/index
|
|
||
|
https://us-exg7-exghost-owa-auth-ty2u.onrender.com/
|
|
||
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773
|
|
||
|
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/0cc4a623-6510-ef11-9f83-002248da15fa/landingpageforms/forms/6e39a88b-9710-ef11-9f89-002248d9c773
|
51.138.215.192
|
||
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/forms/6e39a88
|
unknown
|
||
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/images/8c7c8a
|
unknown
|
||
|
https://wafsd.com/new/arsm/media/download-logo.png
|
195.35.33.215
|
||
|
https://wafsd.com/new/arsm/media/download.gif
|
195.35.33.215
|
||
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/images/8c7c8a3d-9710-ef11-9f89-002248d9c773?ts=638511395356782131
|
13.107.253.67
|
||
|
https://wafsd.com/new/arsm/media/favicon.ico
|
195.35.33.215
|
||
|
https://yummy-healthy-pantry.glitch.me
|
unknown
|
||
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/forms/6e39a88b-9710-ef11-9f89-002248d9c773
|
13.107.253.67
|
||
|
https://assets-fra.mkt.dynamics.com/favicon.ico
|
13.107.253.67
|
||
|
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/0cc4a623-6510-ef11-9f83-002248da15fa/landingpagefo
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.185.132
|
||
|
https://mail.greersteel.com/owa
|
unknown
|
||
|
https://public-fra.mkt.dynamics.com/api/v1.0/orgs/0cc4a623-6510-ef11-9f83-002248da15fa/landingpageforms/forms/6e39a88b-9710-ef11-9f89-002248d9c773/visits
|
51.138.215.192
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dataupload.top
|
66.29.153.243
|
|
|
|
assets-fra.mkt.dynamics.com
|
unknown
|
|
|
|
part-0039.t-0009.t-msedge.net
|
13.107.246.67
|
||
|
part-0017.t-0009.t-msedge.net
|
13.107.213.45
|
||
|
wafsd.com
|
195.35.33.215
|
||
|
prdia888cfr0aks.mkt.dynamics.com
|
51.138.215.192
|
||
|
www.google.com
|
142.250.185.132
|
||
|
s-part-0039.t-0009.fb-t-msedge.net
|
13.107.253.67
|
||
|
public-fra.mkt.dynamics.com
|
unknown
|
||
|
us-exg7-exghost-owa-auth-ty2u.onrender.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.17
|
unknown
|
unknown
|
|
|
|
66.29.153.243
|
dataupload.top
|
United States
|
|
|
|
195.35.33.215
|
wafsd.com
|
Germany
|
||
|
13.107.246.67
|
part-0039.t-0009.t-msedge.net
|
United States
|
||
|
13.107.246.45
|
unknown
|
United States
|
||
|
13.107.253.67
|
s-part-0039.t-0009.fb-t-msedge.net
|
United States
|
||
|
142.250.185.132
|
www.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
13.107.213.45
|
part-0017.t-0009.t-msedge.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
51.138.215.192
|
prdia888cfr0aks.mkt.dynamics.com
|
United Kingdom
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 2 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773
|
|
|
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773
|
|
|
|
https://us-exg7-exghost-owa-auth-ty2u.onrender.com/
|
|
|
|
https://us-exg7-exghost-owa-auth-ty2u.onrender.com/
|
|
|
|
https://us-exg7-exghost-owa-auth-ty2u.onrender.com/index
|
|
|
|
https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773
|