Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 17:34:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 17:34:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 17:34:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 17:34:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 17:34:27 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 73
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 74
|
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
HTML document, ASCII text, with very long lines (19029)
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
ASCII text, with very long lines (3809)
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 78
|
ASCII text, with very long lines (60437)
|
dropped
|
||
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (1932)
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
ASCII text, with very long lines (65465)
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text, with very long lines (65465)
|
dropped
|
||
|
Chrome Cache Entry: 83
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
Chrome Cache Entry: 84
|
ASCII text, with very long lines (1932)
|
dropped
|
||
|
Chrome Cache Entry: 85
|
HTML document, ASCII text, with very long lines (448), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 86
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 87
|
ASCII text, with very long lines (382), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 88
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (60437)
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
ASCII text, with very long lines (1932)
|
dropped
|
||
|
Chrome Cache Entry: 92
|
HTML document, ASCII text, with very long lines (619)
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (382), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
ASCII text, with very long lines (1932)
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
Chrome Cache Entry: 96
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 97
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 98
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
gzip compressed data, from Unix, original size modulo 2^32 989
|
downloaded
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=2468,i,5625884153296372710,5032941156712856694,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://consultant.com"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://consultant.com
|
|||
|
https://btloader.com/tag?o=5097926782615552&upapi=true
|
172.67.41.60
|
||
|
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
|
142.250.74.198
|
||
|
https://ad-delivery.net/px.gif?ch=2
|
104.26.2.70
|
||
|
https://api.aws.parking.godaddy.com/v1/parkingEvents?abp=1&gdabp=true
|
18.213.179.197
|
||
|
https://syndicatedsearch.goog/afs/gen_204?client=dp-namemedia08_3ph&output=uds_ads_only&zx=j837vgjm6vkn&aqid=vs0jZ8uQKreuiM0PgaSC-AU&psid=7621175430&pbt=bs&adbx=390&adby=20&adbh=735&adbw=500&adbah=143%2C143%2C143%2C143%2C143&adbn=master-1&eawp=partner-dp-namemedia08_3ph&errv=691096265&csala=7%7C0%7C1429%7C2308%7C42&lle=0&ifv=1&hpt=0
|
142.250.185.110
|
||
|
https://syndicatedsearch.goog
|
unknown
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
|||
|
https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0
|
142.250.185.142
|
||
|
https://img1.wsimg.com/parking-lander/static/js/main.a345b721.js
|
unknown
|
||
|
http://www6.consultant.com/?template
|
unknown
|
||
|
https://postback.trafficmotor.com/sn/
|
unknown
|
||
|
https://ad-delivery.net/px.gif?ch=1&e=0.789649862824358
|
104.26.2.70
|
||
|
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%230f1c21
|
142.250.185.225
|
||
|
https://syndicatedsearch.goog/afs/gen_204?client=dp-namemedia08_3ph&output=uds_ads_only&zx=6uffguq3sqmm&aqid=vs0jZ8uQKreuiM0PgaSC-AU&psid=7621175430&pbt=bv&adbx=390&adby=20&adbh=735&adbw=500&adbah=143%2C143%2C143%2C143%2C143&adbn=master-1&eawp=partner-dp-namemedia08_3ph&errv=691096265&csala=7%7C0%7C1429%7C2308%7C42&lle=0&ifv=1&hpt=0
|
142.250.185.110
|
||
|
https://godaddy.com/domain-parking/forsale/consultant.com
|
unknown
|
||
|
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%230f1c21
|
142.250.185.225
|
||
|
http://www6.consultant.com/?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
15.197.204.56
|
||
|
https://postback.trafficmotor.com/sn/?abp=1&gdabp=true
|
45.79.38.145
|
||
|
http://consultant.com/
|
|||
|
https://api.aws.parking.godaddy.com/v1/domains/domain?domain=www6.consultant.com&portfolioId=&abp=1&gdabp=true
|
18.213.179.197
|
||
|
https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
|
unknown
|
||
|
https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true
|
142.250.185.196
|
||
|
https://img1.wsimg.com/parking-lander/static/css/main.ef90a627.css
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gddomainparking.com
|
18.213.179.197
|
||
|
consultant.com
|
45.56.79.23
|
||
|
syndicatedsearch.goog
|
142.250.185.110
|
||
|
ad.doubleclick.net
|
142.250.74.198
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www10.smartname.com
|
15.197.204.56
|
||
|
postback.trafficmotor.com
|
45.79.38.145
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
ad-delivery.net
|
104.26.2.70
|
||
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
www.google.com
|
142.250.185.196
|
||
|
btloader.com
|
172.67.41.60
|
||
|
googlehosted.l.googleusercontent.com
|
142.250.185.225
|
||
|
img1.wsimg.com
|
unknown
|
||
|
afs.googleusercontent.com
|
unknown
|
||
|
api.aws.parking.godaddy.com
|
unknown
|
||
|
www6.consultant.com
|
unknown
|
There are 7 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.79.38.145
|
postback.trafficmotor.com
|
United States
|
||
|
45.56.79.23
|
consultant.com
|
United States
|
||
|
142.250.181.230
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
142.250.185.225
|
googlehosted.l.googleusercontent.com
|
United States
|
||
|
142.250.185.142
|
unknown
|
United States
|
||
|
142.250.184.228
|
unknown
|
United States
|
||
|
142.250.74.198
|
ad.doubleclick.net
|
United States
|
||
|
142.250.184.196
|
unknown
|
United States
|
||
|
104.26.2.70
|
ad-delivery.net
|
United States
|
||
|
172.67.69.19
|
unknown
|
United States
|
||
|
142.250.185.110
|
syndicatedsearch.goog
|
United States
|
||
|
18.213.179.197
|
gddomainparking.com
|
United States
|
||
|
15.197.204.56
|
www10.smartname.com
|
United States
|
||
|
172.67.41.60
|
btloader.com
|
United States
|
||
|
142.250.186.129
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.196
|
www.google.com
|
United States
|
||
|
142.250.186.142
|
unknown
|
United States
|
There are 10 hidden IPs, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
http://consultant.com/
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|
||
|
http://www6.consultant.com/lander?template=ARROW_3&tdfs=0&s_token=1730399668.0120310000&uuid=1730399668.0120310000&term=Online%20HR%20and%20Payroll%20System&term=Asset%20Management%20Consulting%20Services&term=Secure%20Email%20Hosting%20Services&term=Online%20Job%20Recruitment%20System&term=Help%20Desk%20Ticket%20Support%20System&searchbox=0&showDomain=0&backfill=0
|