IOC Report
https://www.google.se/url?q=%25CHAR5fgdrehsuabfolb&rct=%25CHAR4ndgsTYhfgyrv452jbsda&sa=t&esrc=Rgxldhffsbxhds&source=&cd=ZyB0byB5b3Ugbm=BAowunbc&ved=NmsnjdowpteqndyCBtY=&url=amp/reformasvaesma.es/pujrtqdguyr?eyCBtYgRFnRgxLmVnPv

loading gif

Files

File Path
Type
Category
Malicious
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7088_1062252005\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7088_1062252005\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7088_1062252005\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7088_1062252005\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7088_1062252005\sets.json
JSON data
dropped
Chrome Cache Entry: 128
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 129
ASCII text, with very long lines (1434), with no line terminators
downloaded
Chrome Cache Entry: 130
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (18298)
dropped
Chrome Cache Entry: 132
ASCII text, with very long lines (701)
downloaded
Chrome Cache Entry: 133
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 134
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
dropped
Chrome Cache Entry: 136
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (18298)
downloaded
Chrome Cache Entry: 138
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 139
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (701)
dropped
Chrome Cache Entry: 141
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 142
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 143
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
downloaded
Chrome Cache Entry: 144
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3
dropped
Chrome Cache Entry: 145
ASCII text, with very long lines (1434), with no line terminators
dropped
Chrome Cache Entry: 146
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 147
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 148
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
downloaded
Chrome Cache Entry: 149
HTML document, ASCII text
downloaded
Chrome Cache Entry: 150
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 151
HTML document, ASCII text, with very long lines (7342), with no line terminators
dropped
Chrome Cache Entry: 152
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
downloaded
Chrome Cache Entry: 153
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 154
HTML document, ASCII text, with very long lines (7342), with no line terminators
downloaded
Chrome Cache Entry: 155
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 156
ASCII text, with very long lines (701)
downloaded
Chrome Cache Entry: 157
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 158
PNG image data, 98 x 90, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 159
ASCII text, with no line terminators
downloaded
There are 27 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1956,i,1753706109022606747,5693181119946682572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.se/url?q=%25CHAR5fgdrehsuabfolb&rct=%25CHAR4ndgsTYhfgyrv452jbsda&sa=t&esrc=Rgxldhffsbxhds&source=&cd=ZyB0byB5b3Ugbm=BAowunbc&ved=NmsnjdowpteqndyCBtY=&url=amp/reformasvaesma.es/pujrtqdguyr?eyCBtYgRFnRgxLmVnPv"

URLs

Name
IP
Malicious
https://www.google.se/url?q=%25CHAR5fgdrehsuabfolb&rct=%25CHAR4ndgsTYhfgyrv452jbsda&sa=t&esrc=Rgxldhffsbxhds&source=&cd=ZyB0byB5b3Ugbm=BAowunbc&ved=NmsnjdowpteqndyCBtY=&url=amp/reformasvaesma.es/pujrtqdguyr?eyCBtYgRFnRgxLmVnPv
malicious
http://reformasvaesma.es/pujrtqdguyr
malicious
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://wieistmeineip.de
unknown
https://mercadoshops.com.co
unknown
https://gliadomain.com
unknown
https://poalim.xyz
unknown
https://mercadolivre.com
unknown
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA7hiMsHGeMd6O9bcOmn185d4nPl4ztAAunpK46_52zemMxf6ErjWFozziancL2eOHx4Wp9bBaKDDn9NfBIxl_4FBCTMGcLMEsns7uoV1EeoCIysPbuGPWkC7JIjHo8PRmssY4dcwJhiJd_T51bsf739jgEdVE3pdylPGOYM4lxhT12tP0rSouCPGdMtaRbI6FdF-6ygbZU2z7VJtcCsYpBIFDVKfA&k=6LdyG28qAAAAAF7vEAH0wui0z4HsxFon14IoXEYT&id=2
172.217.18.100
https://reshim.org
unknown
https://nourishingpursuits.com
unknown
https://medonet.pl
unknown
https://unotv.com
unknown
https://mercadoshops.com.br
unknown
https://joyreactor.cc
unknown
https://zdrowietvn.pl
unknown
https://johndeere.com
unknown
https://songstats.com
unknown
https://baomoi.com
unknown
https://supereva.it
unknown
https://elfinancierocr.com
unknown
https://bolasport.com
unknown
https://rws1nvtvt.com
unknown
https://desimartini.com
unknown
https://hearty.app
unknown
https://support.google.com/recaptcha/#6175971
unknown
https://hearty.gift
unknown
https://mercadoshops.com
unknown
https://heartymail.com
unknown
https://nlc.hu
unknown
https://p106.net
unknown
https://radio2.be
unknown
https://finn.no
unknown
https://hc1.com
unknown
https://kompas.tv
unknown
https://mystudentdashboard.com
unknown
https://songshare.com
unknown
https://smaker.pl
unknown
https://support.google.com/recaptcha
unknown
https://mercadopago.com.mx
unknown
https://p24.hu
unknown
https://talkdeskqaid.com
unknown
https://24.hu
unknown
https://mercadopago.com.pe
unknown
https://www.google.com/recaptcha/api2/replaceimage?k=6LdyG28qAAAAAF7vEAH0wui0z4HsxFon14IoXEYT
172.217.18.100
https://cardsayings.net
unknown
https://www.gstatic.c..?/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__.
unknown
https://text.com
unknown
https://www.google.com/js/bg/p-7RyvuJU9m0QQmVDJx8SL9t4pWXVpOJSp0296ydJmo.js
142.250.185.100
http://reformasvaesma.es/favicon.ico
82.223.67.146
https://mightytext.net
unknown
https://pudelek.pl
unknown
https://hazipatika.com
unknown
https://joyreactor.com
unknown
https://cookreactor.com
unknown
https://wildixin.com
unknown
https://eworkbookcloud.com
unknown
https://cognitiveai.ru
unknown
https://nacion.com
unknown
https://chennien.com
unknown
https://drimer.travel
unknown
https://deccoria.pl
unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://mercadopago.cl
unknown
https://talkdeskstgid.com
unknown
https://naukri.com
unknown
https://interia.pl
unknown
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA7hiMsHGeMd6O9bcOmn185d4nPl4ztAAunpK46_52zemMxf6ErjWFozziancL2eOHx4Wp9bBaKDDn9NfBIxl_4FBCTMGcLMEsns7uoV1EeoCIysPbuGPWkC7JIjHo8PRmssY4dcwJhiJd_T51bsf739jgEdVE3pdylPGOYM4lxhT12tP0rSouCPGdMtaRbI6FdF-6ygbZU2z7VJtcCsYpBIFDVKfA&k=6LdyG28qAAAAAF7vEAH0wui0z4HsxFon14IoXEYT
142.250.185.100
https://bonvivir.com
unknown
https://carcostadvisor.be
unknown
https://salemovetravel.com
unknown
https://sapo.io
unknown
https://wpext.pl
unknown
https://welt.de
unknown
https://poalim.site
unknown
https://drimer.io
unknown
https://infoedgeindia.com
unknown
https://blackrockadvisorelite.it
unknown
https://cognitive-ai.ru
unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&k=6LdyG28qAAAAAF7vEAH0wui0z4HsxFon14IoXEYT
142.250.185.100
https://cafemedia.com
unknown
https://graziadaily.co.uk
unknown
https://thirdspace.org.au
unknown
https://mercadoshops.com.ar
unknown
https://smpn106jkt.sch.id
unknown
https://elpais.uy
unknown
https://landyrev.com
unknown
https://the42.ie
unknown
https://commentcamarche.com
unknown
https://tucarro.com.ve
unknown
https://rws3nvtvt.com
unknown
https://eleconomista.net
unknown
https://helpdesk.com
unknown
https://mercadolivre.com.br
unknown
https://clmbtech.com
unknown
https://standardsandpraiserepurpose.com
unknown
https://07c225f3.online
unknown
https://salemovefinancial.com
unknown
https://mercadopago.com.br
unknown
https://commentcamarche.net
unknown
https://cloud.google.com/contact
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
reformasvaesma.es
82.223.67.146
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
172.217.18.4
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.40
www.google.se
172.217.23.99
53.210.109.20.in-addr.arpa
unknown
15.164.165.52.in-addr.arpa
unknown

IPs

IP
Domain
Country
Malicious
172.217.18.4
www.google.com
United States
192.168.2.7
unknown
unknown
142.250.185.100
unknown
United States
82.223.67.146
reformasvaesma.es
Spain
239.255.255.250
unknown
Reserved
172.217.23.99
www.google.se
United States
192.168.2.13
unknown
unknown
192.168.2.23
unknown
unknown
142.250.186.164
unknown
United States
142.250.186.132
unknown
United States
172.217.18.100
unknown
United States
There are 1 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr
http://reformasvaesma.es/pujrtqdguyr