Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:30:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:30:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:30:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:30:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:30:41 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
gzip compressed data, original size modulo 2^32 1864
|
dropped
|
||
|
Chrome Cache Entry: 101
|
gzip compressed data, from Unix, original size modulo 2^32 190247
|
dropped
|
||
|
Chrome Cache Entry: 102
|
MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24
with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
gzip compressed data, from Unix, original size modulo 2^32 450747
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
gzip compressed data, from Unix, original size modulo 2^32 57510
|
dropped
|
||
|
Chrome Cache Entry: 76
|
gzip compressed data, from Unix, original size modulo 2^32 142353
|
dropped
|
||
|
Chrome Cache Entry: 77
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
gzip compressed data, from Unix, original size modulo 2^32 3556
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
gzip compressed data, from Unix, original size modulo 2^32 450747
|
dropped
|
||
|
Chrome Cache Entry: 80
|
gzip compressed data, from Unix, original size modulo 2^32 407071
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
gzip compressed data, from Unix, original size modulo 2^32 113424
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
gzip compressed data, from Unix, original size modulo 2^32 142353
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
gzip compressed data, original size modulo 2^32 3651
|
dropped
|
||
|
Chrome Cache Entry: 85
|
gzip compressed data, from Unix, original size modulo 2^32 407071
|
dropped
|
||
|
Chrome Cache Entry: 86
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 87
|
gzip compressed data, from Unix, original size modulo 2^32 26677
|
dropped
|
||
|
Chrome Cache Entry: 88
|
gzip compressed data, original size modulo 2^32 3651
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 90
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
gzip compressed data, from Unix, original size modulo 2^32 190247
|
downloaded
|
||
|
Chrome Cache Entry: 92
|
MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24
with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
gzip compressed data, original size modulo 2^32 1864
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
GIF image data, version 89a, 352 x 3
|
dropped
|
||
|
Chrome Cache Entry: 96
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
GIF image data, version 89a, 352 x 3
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
gzip compressed data, from Unix, original size modulo 2^32 57510
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
gzip compressed data, from Unix, original size modulo 2^32 26677
|
downloaded
|
There are 26 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1904,i,18366170521209709358,2107059869103542779,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.com.mx//url?ob=pkmcekw7bljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://google.com.mx//url?ob=pkmcekw7bljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t
|
 |
||
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
|
159.89.96.140
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com&sso_reload=true
|
|
||
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js
|
159.89.96.140
|
|
|
|
https://754c237a-e455dbd6.acmgs.com.au/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1734723120041&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true
|
159.89.96.140
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/favicon.ico
|
159.89.96.140
|
|
|
|
https://l1ve.acmgs.com.au/Me.htm?v=3
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
159.89.96.140
|
|
|
|
https://85089a4f-e455dbd6.acmgs.com.au/api/report?catId=GW+estsfd+SEC
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js
|
159.89.96.140
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/e455dbd6308045dea743f49e92cf3388/
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
|
159.89.96.140
|
|
|
|
https://dab02a46-e455dbd6.acmgs.com.au/Prefetch/Prefetch.aspx
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
|
159.89.96.140
|
|
|
|
https://881a0950-e455dbd6.acmgs.com.au/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
|
159.89.96.140
|
|
|
|
https://img.icons8.com/emoji/48/check-mark-emoji.png
|
169.150.255.183
|
||
|
https://braverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t
|
|||
|
https://braverygray.com/favicon.ico
|
162.241.114.35
|
||
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login
|
|||
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com
|
|||
|
https://www.google.com.mx/url?ob=pkmcekw7bljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t
|
142.250.181.131
|
||
|
https://google.com.mx//url?ob=pkmcekw7bljbM2dWBuuV7ic1KFgH&aw=f_rand_string_lowercase(8)n9QXkBk0w4OyBDvUpuk&sa=t&whi=f_rand_string_lowercase(8)zOPGXNRztppHiTbPIt5f&url=amp%2Fbraverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t
|
216.58.208.227
|
||
|
https://www.google.com.mx/amp/braverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t
|
142.250.181.131
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
l1ve.acmgs.com.au
|
159.89.96.140
|
|
|
|
754c237a-e455dbd6.acmgs.com.au
|
159.89.96.140
|
|
|
|
881a0950-e455dbd6.acmgs.com.au
|
159.89.96.140
|
|
|
|
85089a4f-e455dbd6.acmgs.com.au
|
159.89.96.140
|
|
|
|
0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au
|
159.89.96.140
|
|
|
|
2394395c-e455dbd6.acmgs.com.au
|
159.89.96.140
|
|
|
|
dab02a46-e455dbd6.acmgs.com.au
|
159.89.96.140
|
|
|
|
1004834818.rsc.cdn77.org
|
169.150.255.183
|
||
|
www.google.com.mx
|
142.250.181.131
|
||
|
www.google.com
|
142.250.181.132
|
||
|
google.com.mx
|
216.58.208.227
|
||
|
braverygray.com
|
162.241.114.35
|
||
|
img.icons8.com
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.8
|
unknown
|
unknown
|
|
|
|
159.89.96.140
|
l1ve.acmgs.com.au
|
United States
|
|
|
|
142.250.181.131
|
www.google.com.mx
|
United States
|
||
|
216.58.208.227
|
google.com.mx
|
United States
|
||
|
142.250.181.132
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
169.150.255.183
|
1004834818.rsc.cdn77.org
|
United States
|
||
|
162.241.114.35
|
braverygray.com
|
United States
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com&sso_reload=true
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com&sso_reload=true
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com&sso_reload=true
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com&sso_reload=true
|
|
|
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/common/login
|
|
|
|
https://braverygray.com/.dd/KcxwjqsanE-SUREDANN-bXdlYmJAd2luZHNvcmhvbWVzdHguY29t
|
||
|
https://0nlineactivations-0nlineactivations-0nlineactivations.acmgs.com.au/?777=mwebb%40windsorhomestx.com&sso_reload=true
|