Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:47:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:47:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:47:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:47:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:47:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 67
|
ASCII text, with very long lines (47459)
|
dropped
|
||
|
Chrome Cache Entry: 68
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=15, manufacturer=Canon, model=Canon EOS 5DS R, xresolution=216, yresolution=224, resolutionunit=3,
software=paint.net 4.0.9, datetime=2016:05:12 16:44:37, copyright=LOA-STUDIO.COM], baseline, precision 8, 1420x1080, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 69
|
PNG image data, 77 x 84, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 70
|
HTML document, ASCII text, with very long lines (1899)
|
dropped
|
||
|
Chrome Cache Entry: 71
|
Unicode text, UTF-8 text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 72
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 73
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=15, manufacturer=Canon, model=Canon EOS 5DS R, xresolution=216, yresolution=224, resolutionunit=3,
software=paint.net 4.0.9, datetime=2016:05:12 16:44:37, copyright=LOA-STUDIO.COM], baseline, precision 8, 1420x1080, components
3
|
dropped
|
||
|
Chrome Cache Entry: 74
|
PNG image data, 320 x 43, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 75
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
HTML document, ASCII text, with very long lines (1899)
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
HTML document, ASCII text, with very long lines (1899)
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
PNG image data, 320 x 43, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
ASCII text, with very long lines (47459)
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
PNG image data, 77 x 84, 8-bit/color RGB, non-interlaced
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2028,i,9200276458746161600,4858316280165192558,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickproxy.retailrocket.net/?url=https://veritasbd.net//cgibin/bin/philipp.ettle/cGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbQ=="
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://clickproxy.retailrocket.net/?url=https://veritasbd.net//cgibin/bin/philipp.ettle/cGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbQ==
|
 |
||
|
https://clickproxy.retailrocket.net/?url=https://veritasbd.net//cgibin/bin/philipp.ettle/cGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbQ==
|
95.181.182.182
|
|
|
|
http://www.eci.org/eci/en/eciRGB.phpdesc
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d07108428d21774/1728568071544/0a10460638da5d43c4105a3e36c6fa5d55ce65e2154323fc55f73e975cb05b56/3ZtYVDkux_oLUl9
|
104.18.94.41
|
||
|
https://miltsui.com/adfs/portal/logo/logo.png?id=64B716981F140A8501EB7FC0781570D625C0E257456D5C0FE11DF8061D9E9D52
|
89.185.80.22
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/evopk/0x4AAAAAAAw47MIGn-lD_V3J/auto/fbE/normal/auto/
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d07108428d21774&lang=auto
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1428430652:1728566201:geylGqARClVyfBDY9Nl4uDgWufMZON3iL8NmbcWrqbg/8d07108428d21774/02b37f5ea9e76d6
|
104.18.94.41
|
||
|
https://miltsui.com/adfs/portal/illustration/illustration.jpg?id=CC8502323532BFDA7C027E2375262ABEA22D250F41EB4C794BB68AF482377093
|
89.185.80.22
|
||
|
https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js
|
104.18.95.41
|
||
|
https://veritasbd.net//cgibin/bin/philipp.ettle/cGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbQ==?rr_mailid_proxy=test_tracking_id
|
192.185.189.109
|
||
|
https://fa5afbbb.d0c76b129a7dab22487d0ad6.workers.dev/favicon.ico
|
188.114.96.3
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
|
104.18.95.41
|
||
|
https://miltsui.com/?qrc=philipp.ettle%40bwt-pharma.com
|
89.185.80.22
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d07108428d21774/1728568071544/QxfFQDkDRZppQi3
|
104.18.94.41
|
||
|
https://operatl.com.mx/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL29wZXJhdGwuY29tLm14LyIsImRvbWFpbiI6Im9wZXJhdGwuY29tLm14Iiwia2V5Ijoiam1jdjh3TlA0ZWh4IiwicXJjIjoicGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbSIsImlhdCI6MTcyODU2ODA4NiwiZXhwIjoxNzI4NTY4MjA2fQ.gspddVVZo0VWI9exmLR94IxozZE94s5Dm2QHxo9KlP4
|
89.185.80.22
|
||
|
http://www.eci.org/eci/en/eciRGB.php
|
unknown
|
||
|
https://farmingljsr.farm/?aahrfwyd&qrc=philipp.ettle@bwt-pharma.com
|
89.185.80.22
|
||
|
https://miltsui.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21pbHRzdWkuY2
|
unknown
|
||
|
https://fa5afbbb.d0c76b129a7dab22487d0ad6.workers.dev/?email=philipp.ettle%40bwt-pharma.com
|
|||
|
https://miltsui.com/adfs/portal/css/style.css?id=0A13280A86E7DFA6949BD016EA848912FCAFC05E88CBEDF538AC325B27041205
|
89.185.80.22
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.18.94.41
|
||
|
https://farmingljsr.farm/?aahrfwyd&qrc=philipp.ettle
|
unknown
|
||
|
https://miltsui.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL21pbHRzdWkuY29tLyIsImRvbWFpbiI6Im1pbHRzdWkuY29tIiwia2V5IjoiOTMwV09OejhsYXZ6IiwicXJjIjoicGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbSIsImlhdCI6MTcyODU2ODA4NCwiZXhwIjoxNzI4NTY4MjA0fQ.XCtcp7qEB5Tuin-pIKI0PavkxQkFvjtQ68A13-vVR9g
|
89.185.80.22
|
||
|
https://farmingljsr.farm/?aahrfwyd
|
unknown
|
||
|
https://miltsui.com/owa/?login_hint=philipp.ettle%40bwt-pharma.com
|
89.185.80.22
|
||
|
https://operatl.com.mx/owa/?login_hint=philipp.ettle%40bwt-pharma.com
|
89.185.80.22
|
||
|
https://miltsui.com/favicon.ico
|
89.185.80.22
|
||
|
https://operatl.com.mx/?qrc=philipp.ettle%40bwt-pharma.com
|
89.185.80.22
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
miltsui.com
|
89.185.80.22
|
|
|
|
cl-ca3c00b0.edgecdn.world
|
95.181.182.182
|
||
|
veritasbd.net
|
192.185.189.109
|
||
|
operatl.com.mx
|
89.185.80.22
|
||
|
challenges.cloudflare.com
|
104.18.95.41
|
||
|
www.google.com
|
172.217.18.4
|
||
|
s-part-0039.t-0009.t-msedge.net
|
13.107.246.67
|
||
|
fa5afbbb.d0c76b129a7dab22487d0ad6.workers.dev
|
188.114.96.3
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
farmingljsr.farm
|
89.185.80.22
|
||
|
clickproxy.retailrocket.net
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
89.185.80.22
|
operatl.com.mx
|
Russian Federation
|
|
|
|
172.217.18.4
|
www.google.com
|
United States
|
||
|
104.18.94.41
|
unknown
|
United States
|
||
|
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
192.185.189.109
|
veritasbd.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
188.114.96.3
|
fa5afbbb.d0c76b129a7dab22487d0ad6.workers.dev
|
European Union
|
||
|
95.181.182.182
|
cl-ca3c00b0.edgecdn.world
|
Russian Federation
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://miltsui.com/?vtvxqatt8=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1waGlsaXBwLmV0dGxlJTQwYnd0LXBoYXJtYS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZTc4MWEyZjAtMjdlNC02ZTYzLTc3MDktMDM2MGZiOWQ3NWJmJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY0MTY0ODg3NTU5NTUyMC40NWI4MjE4Ny05NGRmLTQ3NTUtYTRiMC0wOGY4YTI3ODFlYTUmc3RhdGU9RFl2TERzSWdFQUJCdjhValQzZGhlekItaWxtVVdoSmFpQ0hwNzh0aDVqREpTQ0hFZFhLWlNEc2xZcmhUQUJlQUtDSXVpTjVxd0VUZVVWUUxmRllGc3l1R1pKV2xsZGhIY3BsUnp0ZVlkcko1MXZZdHgyc3J4M2owcmRUU3U4NWoxSHdEbTg2aC1zYV9uZlc3N1g4
|
|
|
|
https://miltsui.com/?vtvxqatt8=aHR0cHM6Ly9zc28uYnd0YXF1YS5jb20vYWRmcy9scy8/bG9naW5faGludD1waGlsaXBwLmV0dGxlJTQwYnd0LXBoYXJtYS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZTc4MWEyZjAtMjdlNC02ZTYzLTc3MDktMDM2MGZiOWQ3NWJmJnVzZXJuYW1lPXBoaWxpcHAuZXR0bGUlNDBid3QtcGhhcm1hLmNvbSZ3YT13c2lnbmluMS4wJnd0cmVhbG09dXJuJTNhZmVkZXJhdGlvbiUzYU1pY3Jvc29mdE9ubGluZSZ3Y3R4PWVzdHNyZWRpcmVjdCUzZDIlMjZlc3RzcmVxdWVzdCUzZHJRUUlBUkFBalZFX2FCTmhITDB2bDE2YldqVjBjbENVUXhBS2wtU3VkN212QWRIOGE5TnI4VS1UbUtZaThYTDNuZmVsZDduTDNYZEpUZWtnT0hTc2RiTGcwc0doazRpRGRORkZrRTRabkRwMUtMUjBrQ0tDQlJjVFhOejBEWV9IangtUHgzc1ROQl9qVTljVGZ5QndBLVlTaHNGekdocW92LUNOajBaUHQ1OGRIZDdRbXAwSV9malg2LURqRHJocUV1TDZxWGpjQ1lqbE9Nc3h4ekN3aG1LYVk4ZWRqaHJfQUVBUGdHTUFOa09YWFJOYjJIVmppQkFMM2E1M0NPZWFxbWVyZy1lZGtKeWNoRW1SVDRvUXlwSTBKVWxDSWlaS2RTandVT2FtUk4zZ3hQNmRVOFY2UHhjMG9DcklrRWVxdEItNmVEY2RFRk1Za09QaEx2b2VpaGlPWjlkY3h5ZGI5QmJJVmR2ek9YXzJTVDZkeWJSaHVWR2ExRTNVelhEWXNzc1ZVMUZ4dHVES2tKaFNJNmNVczRXOHZqaTNWTXo1VnRVelMta01TczlsWndOOFIycDE4aVZVZm5CXzNwaXVUdnRQZzVrbHBXSlp1bG5RWEd1aFMxQlY5eFNKYjFmS
|
|
|
|
https://fa5afbbb.d0c76b129a7dab22487d0ad6.workers.dev/?email=philipp.ettle%40bwt-pharma.com
|
||
|
https://fa5afbbb.d0c76b129a7dab22487d0ad6.workers.dev/?email=philipp.ettle%40bwt-pharma.com
|
||
|
https://miltsui.com/?vtvxqatt8=aHR0cHM6Ly9zc28uYnd0YXF1YS5jb20vYWRmcy9scy8/bG9naW5faGludD1waGlsaXBwLmV0dGxlJTQwYnd0LXBoYXJtYS5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZTc4MWEyZjAtMjdlNC02ZTYzLTc3MDktMDM2MGZiOWQ3NWJmJnVzZXJuYW1lPXBoaWxpcHAuZXR0bGUlNDBid3QtcGhhcm1hLmNvbSZ3YT13c2lnbmluMS4wJnd0cmVhbG09dXJuJTNhZmVkZXJhdGlvbiUzYU1pY3Jvc29mdE9ubGluZSZ3Y3R4PWVzdHNyZWRpcmVjdCUzZDIlMjZlc3RzcmVxdWVzdCUzZHJRUUlBUkFBalZFX2FCTmhITDB2bDE2YldqVjBjbENVUXhBS2wtU3VkN212QWRIOGE5TnI4VS1UbUtZaThYTDNuZmVsZDduTDNYZEpUZWtnT0hTc2RiTGcwc0doazRpRGRORkZrRTRabkRwMUtMUjBrQ0tDQlJjVFhOejBEWV9IangtUHgzc1ROQl9qVTljVGZ5QndBLVlTaHNGekdocW92LUNOajBaUHQ1OGRIZDdRbXAwSV9malg2LURqRHJocUV1TDZxWGpjQ1lqbE9Nc3h4ekN3aG1LYVk4ZWRqaHJfQUVBUGdHTUFOa09YWFJOYjJIVmppQkFMM2E1M0NPZWFxbWVyZy1lZGtKeWNoRW1SVDRvUXlwSTBKVWxDSWlaS2RTandVT2FtUk4zZ3hQNmRVOFY2UHhjMG9DcklrRWVxdEItNmVEY2RFRk1Za09QaEx2b2VpaGlPWjlkY3h5ZGI5QmJJVmR2ek9YXzJTVDZkeWJSaHVWR2ExRTNVelhEWXNzc1ZVMUZ4dHVES2tKaFNJNmNVczRXOHZqaTNWTXo1VnRVelMta01TczlsWndOOFIycDE4aVZVZm5CXzNwaXVUdnRQZzVrbHBXSlp1bG5RWEd1aFMxQlY5eFNKYjFmS
|