Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 101
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 102
|
ASCII text, with very long lines (62896)
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 104
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 105
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 106
|
Web Open Font Format (Version 2), TrueType, length 227180, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
HTML document, ASCII text, with very long lines (2316), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 110
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
ASCII text, with very long lines (1574), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 112
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 114
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 115
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 116
|
ASCII text, with very long lines (715)
|
dropped
|
||
|
Chrome Cache Entry: 117
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 118
|
ASCII text, with very long lines (1497), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
ASCII text, with very long lines (527)
|
downloaded
|
||
|
Chrome Cache Entry: 120
|
MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 121
|
HTML document, ASCII text, with very long lines (2316), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 122
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 123
|
Unicode text, UTF-8 text, with very long lines (32054)
|
downloaded
|
||
|
Chrome Cache Entry: 124
|
ASCII text, with very long lines (1574), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 125
|
ASCII text, with very long lines (520)
|
dropped
|
||
|
Chrome Cache Entry: 126
|
ASCII text, with very long lines (32764)
|
dropped
|
||
|
Chrome Cache Entry: 127
|
Unicode text, UTF-8 text, with very long lines (51384), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 128
|
ASCII text, with very long lines (527)
|
dropped
|
||
|
Chrome Cache Entry: 129
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 130
|
ASCII text, with very long lines (715)
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
Unicode text, UTF-8 text, with very long lines (51384), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 132
|
ASCII text, with very long lines (520)
|
downloaded
|
||
|
Chrome Cache Entry: 133
|
ASCII text, with very long lines (32764)
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
ASCII text, with very long lines (20467), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 135
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 136
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 137
|
ASCII text, with very long lines (62896)
|
dropped
|
||
|
Chrome Cache Entry: 138
|
Web Open Font Format (Version 2), TrueType, length 227180, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 94
|
ASCII text, with very long lines (10139)
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 96
|
ASCII text, with very long lines (579)
|
dropped
|
||
|
Chrome Cache Entry: 97
|
ASCII text, with very long lines (579)
|
downloaded
|
||
|
Chrome Cache Entry: 98
|
Unicode text, UTF-8 text, with very long lines (32054)
|
dropped
|
||
|
Chrome Cache Entry: 99
|
ASCII text, with very long lines (1497), with no line terminators
|
dropped
|
There are 43 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://my.norton.com/extspa/llonboard/idv/form2"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://my.norton.com/extspa/llonboard/idv/form2
|
|||
|
https://my.norton.com/extspa/llonboard/idv/llVerify
|
|||
|
https://nexus.ensighten.com/symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2
|
65.9.66.72
|
||
|
https://assets.adobedtm.com/launch-EN1cc7556280444b10a3c687a73ed01baa.js
|
unknown
|
||
|
https://nexus.ensighten.com/symantec/cp1/Bootstrap.js
|
65.9.66.72
|
||
|
https://developers.google.com/recaptcha/docs/faq#localhost_support
|
unknown
|
||
|
https://support.google.com/recaptcha#6262736
|
unknown
|
||
|
https://cloud.google.com/recaptcha-enterprise/billing-information
|
unknown
|
||
|
https://nexus.ensighten.com/error/e.gif?msg=mboxFactoryDefault%20is%20not%20defined&lnn=-1&fn=&cid=21&client=symantec&publishPath=cp1&rid=300053&did=167100&errorName=ReferenceError
|
65.9.66.72
|
||
|
https://recaptcha.net
|
unknown
|
||
|
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179
|
52.214.221.135
|
||
|
https://static.nortoncdn.com/static/nmpcdn/static/nmp2024.3.20.989/dist/llonboard/norton/
|
unknown
|
||
|
https://oms.norton.com/b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1
|
63.140.62.222
|
||
|
https://support.google.com/recaptcha/?hl=en#6223828
|
unknown
|
||
|
https://cloud.google.com/contact
|
unknown
|
||
|
https://symantec.demdex.net/dest5.html?d_nsid=0
|
52.17.240.122
|
||
|
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
|
unknown
|
||
|
https://nexus.ensighten.com/symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js
|
65.9.66.72
|
||
|
https://getbootstrap.com)
|
unknown
|
||
|
https://my.norton.com/extspa/llonboard/idv/form2
|
|||
|
https://support.google.com/recaptcha/#6175971
|
unknown
|
||
|
https://www.gstatic.c..?/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__.
|
unknown
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://www.google.com/recaptcha/api2/
|
unknown
|
||
|
https://nexus.ensighten.com/symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130
|
65.9.66.72
|
||
|
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx
|
52.214.221.135
|
||
|
https://support.google.com/recaptcha
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
adobetarget.data.adobedc.net
|
66.235.152.225
|
||
|
d2pz9khpjpljz2.cloudfront.net
|
65.9.66.72
|
||
|
ax-0001.ax-dc-msedge.net
|
150.171.29.10
|
||
|
norton.com.ssl.sc.omtrdc.net
|
63.140.62.222
|
||
|
www.google.com
|
142.250.185.132
|
||
|
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
|
52.214.221.135
|
||
|
ax-0001.ax-msedge.net
|
150.171.28.10
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
symantec.tt.omtrdc.net
|
unknown
|
||
|
oms.norton.com
|
unknown
|
||
|
assets.adobedtm.com
|
unknown
|
||
|
www.nortonlifelock.com
|
unknown
|
||
|
my.norton.com
|
unknown
|
||
|
webapps.norton.com
|
unknown
|
||
|
dpm.demdex.net
|
unknown
|
||
|
cm.everesttech.net
|
unknown
|
||
|
nexus.ensighten.com
|
unknown
|
||
|
symantec.demdex.net
|
unknown
|
||
|
static.nortoncdn.com
|
unknown
|
There are 9 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.8
|
unknown
|
unknown
|
||
|
52.17.240.122
|
unknown
|
United States
|
||
|
52.208.241.210
|
unknown
|
United States
|
||
|
66.235.152.225
|
adobetarget.data.adobedc.net
|
United States
|
||
|
63.140.62.222
|
norton.com.ssl.sc.omtrdc.net
|
United States
|
||
|
65.9.66.72
|
d2pz9khpjpljz2.cloudfront.net
|
United States
|
||
|
150.171.28.10
|
ax-0001.ax-msedge.net
|
United States
|
||
|
65.9.66.103
|
unknown
|
United States
|
||
|
142.250.186.36
|
unknown
|
United States
|
||
|
142.250.185.132
|
www.google.com
|
United States
|
||
|
63.140.62.17
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
150.171.29.10
|
ax-0001.ax-dc-msedge.net
|
United States
|
||
|
142.250.186.164
|
unknown
|
United States
|
||
|
52.214.221.135
|
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
|
United States
|
There are 5 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://my.norton.com/extspa/llonboard/idv/form2
|
||
|
https://my.norton.com/extspa/llonboard/idv/form2
|
||
|
https://my.norton.com/extspa/llonboard/idv/form2
|
||
|
https://my.norton.com/extspa/llonboard/idv/form2
|
||
|
https://my.norton.com/extspa/llonboard/idv/form2
|
||
|
https://my.norton.com/extspa/llonboard/idv/llVerify
|
||
|
https://my.norton.com/extspa/llonboard/idv/llVerify
|