Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:38:39 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:38:39 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:38:39 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:38:39 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:38:39 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 144
|
ASCII text, with very long lines (5818)
|
downloaded
|
||
Chrome Cache Entry: 145
|
ASCII text, with very long lines (47564)
|
downloaded
|
||
Chrome Cache Entry: 146
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 147
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 148
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 149
|
Unicode text, UTF-8 text, with very long lines (39370)
|
downloaded
|
||
Chrome Cache Entry: 150
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 151
|
C source, ASCII text, with very long lines (7810)
|
downloaded
|
||
Chrome Cache Entry: 152
|
ASCII text, with no line terminators
|
dropped
|
||
Chrome Cache Entry: 153
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 154
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 155
|
ASCII text, with very long lines (40143)
|
downloaded
|
||
Chrome Cache Entry: 156
|
ASCII text, with very long lines (5482)
|
downloaded
|
||
Chrome Cache Entry: 157
|
ASCII text, with very long lines (2538), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 158
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 159
|
HTML document, ASCII text, with very long lines (61063), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 160
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 161
|
PNG image data, 744 x 1056, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 162
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 163
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 164
|
ASCII text, with very long lines (57671), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 165
|
PNG image data, 744 x 1056, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 166
|
ASCII text, with very long lines (2343)
|
downloaded
|
||
Chrome Cache Entry: 167
|
ASCII text, with very long lines (5945)
|
downloaded
|
||
Chrome Cache Entry: 168
|
ASCII text, with very long lines (32000)
|
downloaded
|
||
Chrome Cache Entry: 169
|
ASCII text, with very long lines (64347)
|
downloaded
|
||
Chrome Cache Entry: 170
|
ASCII text, with very long lines (2500), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 171
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 172
|
gzip compressed data, from Unix, original size modulo 2^32 43430
|
downloaded
|
||
Chrome Cache Entry: 173
|
ASCII text
|
downloaded
|
There are 27 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2468,i,8799287499187348250,9871557580759045562,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3D"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3D
|
|||
https://stats.g.doubleclick.net/g/collect
|
unknown
|
||
https://p.teads.tv/teads-fellow.js
|
unknown
|
||
https://www.facebook.com/tr/?id=541164370529087&ev=PageView&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325963&sw=1280&sh=1024&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=GET
|
157.240.0.35
|
||
https://www.redditstatic.com/ads/pixel.js
|
151.101.129.140
|
||
https://get.sinchemail.com/pr/js
|
104.18.10.212
|
||
https://ampcid.google.com/v1/publisher:getClientId
|
unknown
|
||
https://px.ads.linkedin.com/collect?
|
unknown
|
||
https://x.clearbitjs.com/v1/pk_54258638e2140e223e87c6c868ec9a93/forms.js?page_path=%2FC%3A%2FUsers%2FAdministrator%2FDesktop%2FNEW%2520ERA%2FMAILGUNPAGE%25202023%2Fpage%2Findex.html
|
3.127.196.46
|
||
https://www.google.com
|
unknown
|
||
https://www.youtube.com/iframe_api
|
unknown
|
||
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=939cc2b0-a976-4b0b-a894-1b98e3298bf7&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=eeb64410-e513-4069-a922-41bb6f75921e&tw_document_href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdministrator%2FDesktop%2FNEW%2520ERA%2FMAILGUNPAGE%25202023%2Fpage%2Findex.html&tw_iframe_status=0&txn_id=o57gg&type=javascript&version=2.3.29
|
104.244.42.195
|
||
https://login.mailgun.com/login/static/style.css?v=1.0.0
|
34.160.63.108
|
||
https://connect.facebook.net/en_US/fbevents.js
|
157.240.0.6
|
||
https://cdn.rudderlabs.com/v1.1/js-integrations/GoogleTagManager.min.js
|
18.239.83.17
|
||
https://github.com/krux/postscribe/blob/master/LICENSE.
|
unknown
|
||
https://login.mailgun.com/login/static/roboto-v27-latin-regular.woff
|
34.160.63.108
|
||
https://www.facebook.com/tr/?redirect=0&rqm=GET&coo=false&it=1720010324745&cdl=API_unavailable&ler=empty&fbp=fb.1.1720010325961.1187528993&o=4126&ec=2&r=stable&v=2.9.160&sh=1024&sw=1280&ts=1720010327099&if=false&rl=&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&ev=Scroll_50&id=541164370529087
|
157.240.0.35
|
||
https://stats.g.doubleclick.net/j/collect
|
unknown
|
||
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=939cc2b0-a976-4b0b-a894-1b98e3298bf7&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=eeb64410-e513-4069-a922-41bb6f75921e&tw_document_href=file%3A%2F%2F%2FC%3A%2FUsers%2FAdministrator%2FDesktop%2FNEW%2520ERA%2FMAILGUNPAGE%25202023%2Fpage%2Findex.html&tw_iframe_status=0&txn_id=o57gg&type=javascript&version=2.3.29
|
93.184.221.165
|
||
https://login.mailgun.com/login/static/mailgun-login-leftrail.png
|
34.160.63.108
|
||
https://login.mailgun.com/login/static/logo-mailgun-sinch.svg
|
34.160.63.108
|
||
https://login.mailgun.com/login/static/roboto-v27-latin-700.woff
|
34.160.63.108
|
||
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010327099&sw=1280&sh=1024&v=2.9.160&r=stable&ec=2&o=4126&fbp=fb.1.1720010325961.1187528993&ler=empty&cdl=API_unavailable&it=1720010324745&coo=false&rqm=FGET
|
157.240.0.35
|
||
https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js
|
18.239.83.17
|
||
https://1b3rmrwdw.buzz/gun/index.js
|
142.11.212.118
|
||
https://googleads.g.doubleclick.net
|
unknown
|
||
https://tagassistant.google.com/
|
unknown
|
||
https://x.clearbitjs.com/v2/pk_54258638e2140e223e87c6c868ec9a93/tracking.min.js
|
3.127.196.46
|
||
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=541164370529087&ev=PageView&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325963&sw=1280&sh=1024&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=FGET
|
157.240.0.35
|
||
https://login.mailgun.com/login/static/red-hat-display-v11-latin-700.woff
|
34.160.63.108
|
||
https://cct.google/taggy/agent.js
|
unknown
|
||
https://static.ads-twitter.com/uwt.js
|
146.75.120.157
|
||
https://www.google.com/pagead/1p-user-list/1005952947/?random
|
unknown
|
||
https://snap.licdn.com/li.lms-analytics/insight.min.js
|
unknown
|
||
https://connect.facebook.net/signals/config/541164370529087?v=2.9.160&r=stable&domain=9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
|
157.240.0.6
|
||
https://9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net/
|
|||
https://87484878475.alt-xm-38iszmu.workers.dev/
|
172.67.147.221
|
||
https://www.facebook.com/tr/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010327099&sw=1280&sh=1024&v=2.9.160&r=stable&ec=2&o=4126&fbp=fb.1.1720010325961.1187528993&ler=empty&cdl=API_unavailable&it=1720010324745&coo=false&rqm=GET
|
157.240.0.35
|
||
https://www.google.com/ads/ga-audiences
|
unknown
|
||
https://www.google.%/ads/ga-audiences
|
unknown
|
||
https://td.doubleclick.net
|
unknown
|
||
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325966&sw=1280&sh=1024&v=2.9.160&r=stable&ec=1&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=FGET
|
157.240.0.35
|
||
https://www.merchant-center-analytics.goog
|
unknown
|
||
https://tag.clearbitscripts.com/v1/pk_54258638e2140e223e87c6c868ec9a93/tags.js
|
13.226.175.10
|
||
https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3D
|
167.89.118.28
|
||
https://login.mailgun.com/login/static/favicon.png
|
34.160.63.108
|
||
https://x.clearbitjs.com/v2/pk_54258638e2140e223e87c6c868ec9a93/destinations.min.js
|
3.127.196.46
|
||
https://google.com
|
unknown
|
||
https://www.facebook.com/tr/?id=541164370529087&ev=Scroll_50&dl=https%3A%2F%2F9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net%2F&rl=&if=false&ts=1720010325966&sw=1280&sh=1024&v=2.9.160&r=stable&ec=1&o=4126&fbp=fb.1.1720010325961.1187528993&it=1720010324745&coo=false&rqm=GET
|
157.240.0.35
|
||
https://connect.facebook.net/signals/config/541164370529087?v=2.9.104&r=stable
|
157.240.0.6
|
||
https://adservice.google.com/pagead/regclk?
|
unknown
|
There are 41 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
star-mini.c10r.facebook.com
|
157.240.0.35
|
||
d330tt87tgwpr0.cloudfront.net
|
18.239.83.17
|
||
tag.clearbitscripts.com
|
13.226.175.10
|
||
s.twitter.com
|
104.244.42.195
|
||
login.mailgun.com
|
34.160.63.108
|
||
u6071375.ct.sendgrid.net
|
167.89.118.28
|
||
platform.twitter.map.fastly.net
|
146.75.120.157
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
s-part-0014.t-0009.t-msedge.net
|
13.107.246.42
|
||
dualstack.reddit.map.fastly.net
|
151.101.129.140
|
||
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
scontent.xx.fbcdn.net
|
157.240.0.6
|
||
t.co
|
93.184.221.165
|
||
1b3rmrwdw.buzz
|
142.11.212.118
|
||
googleads.g.doubleclick.net
|
142.250.185.130
|
||
global-v4.clearbit.com
|
3.127.196.46
|
||
www.google.com
|
142.250.185.132
|
||
87484878475.alt-xm-38iszmu.workers.dev
|
172.67.147.221
|
||
grsm.io
|
104.18.10.212
|
||
windowsupdatebg.s.llnwi.net
|
178.79.238.0
|
||
static.ads-twitter.com
|
unknown
|
||
www.facebook.com
|
unknown
|
||
www.redditstatic.com
|
unknown
|
||
get.sinchemail.com
|
unknown
|
||
td.google.com
|
unknown
|
||
c.6sc.co
|
unknown
|
||
x.clearbitjs.com
|
unknown
|
||
connect.facebook.net
|
unknown
|
||
px.ads.linkedin.com
|
unknown
|
||
9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net
|
unknown
|
||
analytics.twitter.com
|
unknown
|
||
snap.licdn.com
|
unknown
|
||
j.6sc.co
|
unknown
|
||
ipv6.6sc.co
|
unknown
|
||
cdn.rudderlabs.com
|
unknown
|
There are 25 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.186.68
|
unknown
|
United States
|
||
13.107.246.42
|
s-part-0014.t-0009.t-msedge.net
|
United States
|
||
13.226.175.10
|
tag.clearbitscripts.com
|
United States
|
||
216.58.212.164
|
unknown
|
United States
|
||
192.168.2.18
|
unknown
|
unknown
|
||
192.168.2.6
|
unknown
|
unknown
|
||
192.168.2.5
|
unknown
|
unknown
|
||
157.240.0.6
|
scontent.xx.fbcdn.net
|
United States
|
||
172.67.147.221
|
87484878475.alt-xm-38iszmu.workers.dev
|
United States
|
||
167.89.118.28
|
u6071375.ct.sendgrid.net
|
United States
|
||
157.240.0.35
|
star-mini.c10r.facebook.com
|
United States
|
||
104.18.10.212
|
grsm.io
|
United States
|
||
142.250.185.132
|
www.google.com
|
United States
|
||
142.11.212.118
|
1b3rmrwdw.buzz
|
United States
|
||
104.244.42.195
|
s.twitter.com
|
United States
|
||
216.58.206.68
|
unknown
|
United States
|
||
93.184.221.165
|
t.co
|
European Union
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
3.127.196.46
|
global-v4.clearbit.com
|
United States
|
||
142.250.185.130
|
googleads.g.doubleclick.net
|
United States
|
||
146.75.120.157
|
platform.twitter.map.fastly.net
|
Sweden
|
||
151.101.129.140
|
dualstack.reddit.map.fastly.net
|
United States
|
||
18.239.83.17
|
d330tt87tgwpr0.cloudfront.net
|
United States
|
||
34.160.63.108
|
login.mailgun.com
|
United States
|
There are 14 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net/
|
||
https://9438923743-g7h3dbg4gzeac5gs.z03.azurefd.net/
|