Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 09:51:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 09:51:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 09:51:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 09:51:19 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 09:51:18 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
ASCII text, with very long lines (65474), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 101
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 80
|
ASCII text, with very long lines (32012)
|
dropped
|
||
|
Chrome Cache Entry: 81
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text, with very long lines (65474), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
PNG image data, 49 x 60, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
ASCII text, with very long lines (32012)
|
downloaded
|
||
|
Chrome Cache Entry: 86
|
ASCII text, with very long lines (32065)
|
dropped
|
||
|
Chrome Cache Entry: 87
|
gzip compressed data, from Unix, original size modulo 2^32 11816
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
ASCII text, with very long lines (47531)
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (50758)
|
dropped
|
||
|
Chrome Cache Entry: 90
|
PNG image data, 76 x 39, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 91
|
ASCII text, with very long lines (47531)
|
dropped
|
||
|
Chrome Cache Entry: 92
|
PNG image data, 76 x 39, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
ASCII text, with very long lines (19015)
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
PNG image data, 49 x 60, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 96
|
ASCII text, with very long lines (19015)
|
dropped
|
||
|
Chrome Cache Entry: 97
|
ASCII text, with very long lines (50758)
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
ASCII text, with very long lines (48664)
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
ASCII text, with very long lines (48664)
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1964,i,9781522929910904521,4618831596100513275,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://dcrealestateclasses.com/sirmy359ka/logfds65475mnvn/0Px7KgmP2ER6zsKKoRahD/ZGFuaWVscGxvdHRlbEBxdWFudGV4YS5jb20="
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://dcrealestateclasses.com/sirmy359ka/logfds65475mnvn/0Px7KgmP2ER6zsKKoRahD/ZGFuaWVscGxvdHRlbEBxdWFudGV4YS5jb20=
|
 |
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
|
||
|
https://passwordnotice.appinvoices.com/favicon.ico
|
104.21.18.100
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8da29c317d4f476f/1730199087762/w3ASj17X2LxRJjN
|
104.18.95.41
|
||
|
https://code.jquery.com/jquery-3.2.1.slim.min.js
|
151.101.194.137
|
||
|
https://a.nel.cloudflare.com/report/v4?s=5wSRwrotZH0DBZ%2FvDDQJhFPDOmysjvJy1GSpcHzejLRhitHEIbD%2BK6uiRrapMAQJiApNE%2BeSQvL4t8DPcybOEsoHjC5whI7tNpZYdkyuMMAoINJZj2wlNUlRq6bqFiu7NEiJbRxtFscX5lejLZrLuS0%3D
|
35.190.80.1
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1474175413:1730198309:gPmaJxQ99p8XMC4DH_1DuiBEwLIQv-BgSPF00_4g6_Q/8da29c317d4f476f/KkNePyWJnDHm7xzp8DA8AyEvUUVHTzGBgw6GYHaxzU0-1730199083-1.1.1.1-kjODhcnX2JShGcLLQQFGNaOQ4T.9Ap4My0SHiD6MhglAKJzgnYVHCtN7myFe7mGf
|
104.18.95.41
|
||
|
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
|
104.18.10.207
|
||
|
https://getbootstrap.com/)
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8da29e122c744684/1730199163370/e170db52bca62db656a21d55b99d6a228f73771b1fbd81df54e4a63284398249/pd-FkR_S0XZZKDv
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8da29c317d4f476f/1730199087762/456dbef42ceb30607f650faa78c3aeb81ab6b596b1919a1517dcf3c0559daa64/s8Mu0LKHi42E5_7
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/h912n/0x4AAAAAAAxLCrZsTzlxu3ck/auto/fbE/normal/auto/
|
104.18.95.41
|
||
|
https://5298925908-1323985617.cos.eu-frankfurt.myqcloud.com/bootstrap.min.js
|
162.62.150.187
|
||
|
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
|
104.17.24.14
|
||
|
https://getbootstrap.com)
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da29c317d4f476f&lang=auto
|
104.18.95.41
|
||
|
http://dcrealestateclasses.com/favicon.ico
|
192.185.13.169
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/4ohp2/0x4AAAAAAAxLCrZsTzlxu3ck/auto/fbE/normal/auto/
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da29e122c744684&lang=auto
|
104.18.95.41
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1062843115:1730198380:ss9yhYR6yn9V8O2U1kwmCuq2ZYYxU3zU8sb0yBbj5l8/8da29e122c744684/J8nDEvxtK7IVRiRthmi9u074SbHI.zfMri.ZELACIuM-1730199160-1.1.1.1-COx9VouvOrH91iWZ9eKJZkKlX5CYHRkgzilVwHM5oTmdo.oyfaruOUSE7qud_ZFK
|
104.18.95.41
|
||
|
http://dcrealestateclasses.com/sirmy359ka/logfds65475mnvn/0Px7KgmP2ER6zsKKoRahD/ZGFuaWVscGxvdHRlbEBxdWFudGV4YS5jb20=
|
|||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8da29e122c744684/1730199163371/kRW1sAjOvawNTGj
|
104.18.95.41
|
||
|
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
|
104.18.10.207
|
||
|
http://opensource.org/licenses/MIT).
|
unknown
|
||
|
https://challenges.cloudflare.com/turnstile/v0/g/f2bbd6738e15/api.js
|
104.18.94.41
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
passwordnotice.appinvoices.com
|
104.21.18.100
|
|
|
|
stackpath.bootstrapcdn.com
|
104.18.10.207
|
||
|
dcrealestateclasses.com
|
192.185.13.169
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
ger.file.myqcloud.com
|
162.62.150.187
|
||
|
code.jquery.com
|
151.101.194.137
|
||
|
cdnjs.cloudflare.com
|
104.17.24.14
|
||
|
challenges.cloudflare.com
|
104.18.94.41
|
||
|
maxcdn.bootstrapcdn.com
|
104.18.10.207
|
||
|
www.google.com
|
216.58.206.36
|
||
|
5298925908-1323985617.cos.eu-frankfurt.myqcloud.com
|
unknown
|
||
|
5298925908.my.id
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.18.100
|
passwordnotice.appinvoices.com
|
United States
|
|
|
|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
104.18.10.207
|
stackpath.bootstrapcdn.com
|
United States
|
||
|
104.18.94.41
|
challenges.cloudflare.com
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
104.18.95.41
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
216.58.206.36
|
www.google.com
|
United States
|
||
|
151.101.130.137
|
unknown
|
United States
|
||
|
104.18.11.207
|
unknown
|
United States
|
||
|
162.62.150.187
|
ger.file.myqcloud.com
|
Singapore
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
151.101.194.137
|
code.jquery.com
|
United States
|
||
|
192.185.13.169
|
dcrealestateclasses.com
|
United States
|
||
|
104.17.25.14
|
unknown
|
United States
|
There are 6 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
http://dcrealestateclasses.com/sirmy359ka/logfds65475mnvn/0Px7KgmP2ER6zsKKoRahD/ZGFuaWVscGxvdHRlbEBxdWFudGV4YS5jb20=
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|
||
|
https://passwordnotice.appinvoices.com/GtPwa/?e=danielplottel@quantexa.com
|