Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:45:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:45:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:45:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:45:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 19:45:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\3fda0eb4-5c1b-4ebc-847c-d5dbb5ca3163.tmp
|
HTML document, ASCII text, with very long lines (376), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\downloaded.htm (copy)
|
HTML document, ASCII text, with very long lines (376), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\downloaded.htm.crdownload (copy)
|
HTML document, ASCII text, with very long lines (376), with CRLF, LF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 100
|
ASCII text, with very long lines (20719), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 102
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
ASCII text, with very long lines (32011)
|
dropped
|
||
|
Chrome Cache Entry: 104
|
ASCII text, with very long lines (65447)
|
dropped
|
||
|
Chrome Cache Entry: 105
|
HTML document, ASCII text, with very long lines (376), with CRLF, LF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 106
|
ASCII text, with very long lines (65369)
|
downloaded
|
||
|
Chrome Cache Entry: 107
|
Algol 68 source, Unicode text, UTF-8 text, with very long lines (739), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 108
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
downloaded
|
||
|
Chrome Cache Entry: 109
|
ASCII text, with very long lines (39553), with CRLF, LF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 110
|
ASCII text, with very long lines (39553), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 112
|
ASCII text, with very long lines (61324)
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 114
|
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 115
|
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 116
|
ASCII text, with very long lines (32780), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 117
|
ASCII text, with very long lines (32011)
|
downloaded
|
||
|
Chrome Cache Entry: 118
|
Unicode text, UTF-8 text, with very long lines (799), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
ASCII text, with very long lines (521), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 120
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
GIF image data, version 89a, 56 x 20
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (376), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
Unicode text, UTF-8 text, with very long lines (24463), with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
PDF document, version 1.4, 2 pages
|
downloaded
|
||
|
Chrome Cache Entry: 92
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (32780), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 94
|
Algol 68 source, Unicode text, UTF-8 text, with very long lines (739), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 95
|
GIF image data, version 89a, 56 x 20
|
dropped
|
||
|
Chrome Cache Entry: 96
|
ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
Unicode text, UTF-8 text, with very long lines (24463), with CRLF, LF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 98
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
Unicode text, UTF-8 text, with very long lines (799), with CRLF line terminators
|
dropped
|
There are 33 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1936,i,10593669525886243470,14782374400954985264,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\downloaded.htm
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1984,i,572909283732964070,11348627644156835322,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb
|
|||
|
https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1
|
 |
||
|
https://ohs39.esophaccess.com/bundles/bootstrap?v=UFzCRZZKzf6Rz11TRh1pt2Tg9eMDz3OMlojM4P99Vfc1
|
107.154.80.142
|
||
|
http://fontawesome.io
|
unknown
|
||
|
http://jqueryui.com/themeroller/
|
unknown
|
||
|
http://darlesson.com/contact/
|
unknown
|
||
|
https://ohs39.esophaccess.com/bundles/jquery?v=UdeEEOXxYcVzRs5ceu3Y17hDfbjPxi8_UU6lUV15LVo1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/bundles/modernizr?v=2twPtszsTL39hTiKwvPlVlNga_BJ8EIzShIX0ej7LAo1
|
107.154.80.142
|
||
|
http://docs.jquery.com/UI/Theming/API
|
unknown
|
||
|
https://ohs39.esophaccess.com/References/DisplayAgreement/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1?agreementId=-1&id=0.6545967574477802
|
107.154.80.142
|
||
|
http://jqueryui.com
|
unknown
|
||
|
https://ohs39.esophaccess.com/Content/GetLogo/1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/_Incapsula_Resource?SWKMTFSR=1&e=0.26895587052974435
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/styles/esoph?v=526TV1rimbNJiX1IMWG0GbOicnaGbIUqApIuNMhH2t41
|
107.154.80.142
|
||
|
http://docs.jquery.com/UI/Autocomplete#theming
|
unknown
|
||
|
http://docs.jquery.com/UI/Datepicker#theming
|
unknown
|
||
|
http://docs.jquery.com/UI/Selectable#theming
|
unknown
|
||
|
http://www.telerik.com/purchase/license-agreement/kendo-ui-complete
|
unknown
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://ohs39.esophaccess.com/bundles/esoph-ui?v=48FW-CDdYFCo1w5LyuRf25ubHUQUKzUDUf3B7t4qHT01
|
107.154.80.142
|
||
|
http://docs.jquery.com/UI/Progressbar#theming
|
unknown
|
||
|
http://docs.jquery.com/UI/Tabs#theming
|
unknown
|
||
|
https://github.com/kriskowal/es5-shim/blob/master/es5-shim.js
|
unknown
|
||
|
http://www.darlesson.com/
|
unknown
|
||
|
http://docs.jquery.com/UI/Dialog#theming
|
unknown
|
||
|
https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/bundles/validation?v=PSc04pNH8q-tCxMJajaaRbnt7E2oMXn46b4bz7UAibw1
|
107.154.80.142
|
||
|
http://docs.jquery.com/UI/Button#theming
|
unknown
|
||
|
https://ohs39.esophaccess.com/styles/fonts?v=DUWOACtUUuPvOE2WI8GBuvpFx_4dhKeQhd38wtV3A8I1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/Content/kendo/2021.1.330/styles/Bootstrap/loading-image.gif
|
107.154.80.142
|
||
|
https://www.google.com/maps/search/
|
unknown
|
||
|
https://ohs39.esophaccess.com/styles/jqueryui?v=D-YWWoSj__5oFkStCpQ60Y36Bf4tIZOXuK8bGvBaZnk1
|
107.154.80.142
|
||
|
http://docs.jquery.com/UI/Slider#theming
|
unknown
|
||
|
https://jqueryvalidation.org/
|
unknown
|
||
|
http://darlesson.com/donate/
|
unknown
|
||
|
https://www.webdavsystem.com/ajax/
|
unknown
|
||
|
https://ohs39.esophaccess.com/site.webmanifest
|
107.154.80.142
|
||
|
file:///C:/Users/user/Downloads/downloaded.htm
|
|||
|
https://github.com/mattyork/fuzzy
|
unknown
|
||
|
https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb)
|
unknown
|
||
|
https://getbootstrap.com/)
|
unknown
|
||
|
http://docs.jquery.com/UI/Resizable#theming
|
unknown
|
||
|
http://darlesson.com/jquery/
|
unknown
|
||
|
http://fontawesome.io/license
|
unknown
|
||
|
https://ohs39.esophaccess.com/bundles/kendo?v=8uGZxrOV1d9aGgqDZk-vF5KTLX_2HtHQifJ9nfnVLrk1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/bundles/references?v=7RX8YxIyGrIbHud5lYbhJPRu0ELUH78ONxcSjmo0y8M1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/favicon-32x32.png
|
107.154.80.142
|
||
|
http://docs.jquery.com/UI/Menu#theming
|
unknown
|
||
|
https://ohs39.esophaccess.com/Content/bootstrap?v=s8SxFDMr-eBJl8GY2Ji-1R70AkavwlKU1nTl9CWPJvk1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1322174135
|
107.154.80.142
|
||
|
https://stackoverflow.com/questions/29850407/how-do-i-replace-unicode-character-u00a0-with-a-space-i
|
unknown
|
||
|
http://jqueryui.com/about)
|
unknown
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
http://docs.jquery.com/UI/Accordion#theming
|
unknown
|
||
|
http://www.gnu.org/licenses/gpl.html
|
unknown
|
||
|
http://mths.be/placeholder
|
unknown
|
||
|
http://www.telerik.com/kendo-ui)
|
unknown
|
||
|
https://ohs39.esophaccess.com/styles/tribute?v=GuBw4Pc-waI_9EJF1V_Cc3ywEsyvUPTNBzwzolV66OI1
|
107.154.80.142
|
||
|
https://ohs39.esophaccess.com/Assets/Sounds/Notification%20chime%20fast%20trill.wav
|
107.154.80.142
|
There are 48 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vvrzupu.x.incapdns.net
|
107.154.80.142
|
||
|
www.google.com
|
172.217.16.196
|
||
|
ohs39.esophaccess.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
216.58.212.132
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
107.154.80.142
|
vvrzupu.x.incapdns.net
|
United States
|
||
|
172.217.16.196
|
www.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
20C571A0000
|
heap
|
page read and write
|
||
|
20C571D8000
|
heap
|
page read and write
|
||
|
F36C34C000
|
stack
|
page read and write
|
||
|
F36C67E000
|
stack
|
page read and write
|
||
|
20C57170000
|
heap
|
page read and write
|
||
|
20C58BE0000
|
heap
|
page read and write
|
||
|
20C571D0000
|
heap
|
page read and write
|
||
|
20C57555000
|
heap
|
page read and write
|
||
|
20C57550000
|
heap
|
page read and write
|
||
|
F36C3CE000
|
stack
|
page read and write
|
||
|
20C57180000
|
heap
|
page read and write
|
||
|
F36C6FE000
|
stack
|
page read and write
|
There are 2 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1
|
|
|
|
https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1
|
|
|
|
https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1
|
|
|
|
file:///C:/Users/user/Downloads/downloaded.htm
|