Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 20:17:21 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 20:17:21 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 20:17:21 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 20:17:21 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 20:17:20 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 65
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 66
|
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 67
|
HTML document, ASCII text, with very long lines (8578)
|
downloaded
|
||
|
Chrome Cache Entry: 68
|
ASCII text, with very long lines (47261)
|
dropped
|
||
|
Chrome Cache Entry: 69
|
PNG image data, 60 x 63, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 70
|
PNG image data, 60 x 63, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 71
|
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 72
|
ASCII text, with very long lines (47261)
|
downloaded
|
||
|
Chrome Cache Entry: 73
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 74
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2544,i,9128656549111781945,6480963500418823260,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ=="
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==
|
 |
||
|
https://wegahealthcare.co.ke/.frent/#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==
|
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8cf0eb2f58dd43b3/1728335855864/QyU2agcjA5oPWxv
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cf0eb2f58dd43b3&lang=auto
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js
|
104.18.94.41
|
||
|
https://wegahealthcare.co.ke/.frent
|
46.4.98.169
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1174501645:1728332664:7Yo42_yRs934qCCEYZXWzgC5JNUIgvp3G9EAFnseZFg/8cf0eb2f58dd43b3/d5e0831c287c69c
|
104.18.94.41
|
||
|
https://apmz.montecitoclubs1918.com/nTcMhStx
|
188.114.96.3
|
||
|
https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA
|
108.138.7.53
|
||
|
https://wegahealthcare.co.ke/.frent/
|
46.4.98.169
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8cf0eb2f58dd43b3/1728335855867/8d46ad56715f3160a0c36a84e8bbb19f1e6f41815f988948c85688dfd828991e/zcNrOdgV-yZ-Hyu
|
104.18.94.41
|
||
|
https://www.google.co.uk/amp/s/wegahealthcare.co.ke/.frent
|
142.250.185.163
|
||
|
https://apmz.montecitoclubs1918.com/nTcMhStx#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==
|
|||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ynhxy/0x4AAAAAAAidCr0XmIEMKKxn/auto/fbE/normal/auto/
|
104.18.94.41
|
||
|
https://apmz.montecitoclubs1918.com/owa/favicon.ico
|
188.114.96.3
|
||
|
https://www.google.co.uk/url?q=amp%2Fs%2Fwegahealthcare.co.ke%2F.frent&safe=active
|
142.250.185.163
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
|
104.18.94.41
|
||
|
https://wegahealthcare.co.ke/favicon.ico
|
46.4.98.169
|
||
|
https://apmz.montecitoclubs1918.com/favicon.ico
|
188.114.96.3
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apmz.montecitoclubs1918.com
|
188.114.96.3
|
||
|
wegahealthcare.co.ke
|
46.4.98.169
|
||
|
www.google.co.uk
|
142.250.185.163
|
||
|
challenges.cloudflare.com
|
104.18.94.41
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
d3bl0rsvnw97mw.cloudfront.net
|
108.138.7.53
|
||
|
www.google.com
|
142.250.181.228
|
||
|
s-part-0039.t-0009.t-msedge.net
|
13.107.246.67
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
url.avanan.click
|
unknown
|
||
|
www.tiktok.com
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.4.98.169
|
wegahealthcare.co.ke
|
Germany
|
||
|
108.138.7.53
|
d3bl0rsvnw97mw.cloudfront.net
|
United States
|
||
|
104.18.94.41
|
challenges.cloudflare.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.163
|
www.google.co.uk
|
United States
|
||
|
142.250.181.228
|
www.google.com
|
United States
|
||
|
188.114.96.3
|
apmz.montecitoclubs1918.com
|
European Union
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://wegahealthcare.co.ke/.frent/#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==
|
||
|
https://apmz.montecitoclubs1918.com/nTcMhStx#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==
|
||
|
https://apmz.montecitoclubs1918.com/nTcMhStx#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==
|