IOC Report
https://t.ly/2jKWO

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc
Unicode text, UTF-16, little-endian text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --start-maximized "about:blank"
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-sandbox --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2040 --field-trial-handle=1916,i,15873395395108119043,16497853362593564971,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Users\user\AppData\Local\Chromium\Application\chrome.exe
"C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" "https://t.ly/2jKWO"

URLs

Name
IP
Malicious
https://t.ly/2jKWO
malicious
https://new.alex-gps.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9ZEhCRFlWZz0mdWlkPVVTRVIwODEwMjAyNFUzNDEwMDg0MA==N0123N
malicious
https://clients2.googleusercontent.com/crx/blobs/AYA8Vyx2J_yUZTKcv47OjJ_lQNlaCYqeh8SOiGiawnXT0TvFvxRmwfkcv63jai6G-68PkdQz0qjWRURdD69KjIEk_1WMoGqX2-nmHyARS_kIQQQ8jggfB8g6y3OxQgNbZ3cAxlKa5c6rbuh5modTsW2qcgj5aN-TT3fn/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_10_2_0.crx
142.250.186.161
https://new.alex-gps.com/m/jsv.js
201.102.105.236
https://new.alex-gps.com/favicon.ico
201.102.105.236
https://chrome.google.com/webstore/inlineinstall/detail/efaidnbmnnnibpcajpcglclefindmkaj
142.250.113.139
https://cdn.socket.io/4.7.5/socket.io.min.js
13.226.184.73
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg
152.195.19.97
https://www.w3schools.com/w3css/4/w3.css
192.229.173.207

Domains

Name
IP
Malicious
new.alex-gps.com
201.102.105.236
 malicious
chrome.cloudflare-dns.com
172.64.41.3
t.ly
104.20.6.133
www.google.com
142.250.185.228
googlehosted.l.googleusercontent.com
142.250.186.161
clients2.googleusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
201.102.105.236
new.alex-gps.com
Mexico
malicious
142.250.185.228
www.google.com
United States
142.250.114.94
unknown
United States
152.195.19.97
unknown
United States
192.168.2.17
unknown
unknown
192.168.2.7
unknown
unknown
142.250.114.95
unknown
United States
104.20.6.133
t.ly
United States
192.168.2.6
unknown
unknown
142.250.113.139
unknown
United States
104.21.71.111
unknown
United States
192.229.173.207
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
142.250.186.161
googlehosted.l.googleusercontent.com
United States
13.107.246.57
unknown
United States
13.226.184.117
unknown
United States
142.250.115.95
unknown
United States
142.250.113.94
unknown
United States
13.226.184.73
unknown
United States
239.255.255.250
unknown
Reserved
142.250.113.105
unknown
United States
104.17.25.14
unknown
United States
There are 12 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://new.alex-gps.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9ZEhCRFlWZz0mdWlkPVVTRVIwODEwMjAyNFUzNDEwMDg0MA==N0123N
 malicious
https://new.alex-gps.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9ZEhCRFlWZz0mdWlkPVVTRVIwODEwMjAyNFUzNDEwMDg0MA==N0123N
 malicious
https://new.alex-gps.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9ZEhCRFlWZz0mdWlkPVVTRVIwODEwMjAyNFUzNDEwMDg0MA==N0123N
 malicious