IOC Report
https://ra.zqwilqbp.ru/SqYNKaI/

loading gifFilesProcessesURLsDomainsIPsDOM4321020102Label

Files

File Path
Type
Category
Malicious
Download
Chrome Cache Entry: 100
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 101
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 102
very short file (no magic)
downloaded
Chrome Cache Entry: 103
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
downloaded
Chrome Cache Entry: 104
Web Open Font Format, TrueType, length 36696, version 1.0
downloaded
Chrome Cache Entry: 105
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 106
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 107
Unicode text, UTF-8 text, with very long lines (21720), with CRLF line terminators
downloaded
Chrome Cache Entry: 108
HTML document, ASCII text, with very long lines (23653), with CRLF line terminators
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (3792)
downloaded
Chrome Cache Entry: 110
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 111
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
downloaded
Chrome Cache Entry: 112
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 113
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 114
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 115
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 116
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 117
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 71
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 72
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 73
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
downloaded
Chrome Cache Entry: 74
ASCII text, with very long lines (26765), with no line terminators
downloaded
Chrome Cache Entry: 75
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 76
ASCII text, with very long lines (10017)
downloaded
Chrome Cache Entry: 77
ASCII text, with very long lines (51734)
downloaded
Chrome Cache Entry: 78
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (48316), with no line terminators
downloaded
Chrome Cache Entry: 80
ASCII text, with very long lines (10450)
downloaded
Chrome Cache Entry: 81
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 82
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 83
very short file (no magic)
dropped
Chrome Cache Entry: 84
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 85
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 86
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
downloaded
Chrome Cache Entry: 87
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 88
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 89
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 90
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 91
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 92
HTML document, ASCII text, with very long lines (52007), with CRLF line terminators
downloaded
Chrome Cache Entry: 93
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 94
Web Open Font Format, TrueType, length 35970, version 1.0
downloaded
Chrome Cache Entry: 95
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 96
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 97
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 98
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 99
RIFF (little-endian) data, Web/P image
downloaded
There are 38 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,14763413832846575448,17879309936734406558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2444 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ra.zqwilqbp.ru/SqYNKaI/"

URLs

Name
IP
Malicious
https://ra.zqwilqbp.ru/SqYNKaI/
malicious
https://ra.zqwilqbp.ru/yoyvtwxajomgibnefhnqcqlwjyb6qhourjo8384yl0pm8xlgw1e5mm?VMVTAHZGQXCSRQYWM
malicious
https://ra.zqwilqbp.ru/SqYNKaI/
malicious
https://ra.zqwilqbp.ru/ijitHCOqVc67Vrj8UjsfjryzZd7wyaxoDZExX78164
104.21.80.15
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
18.164.124.91
https://ra.zqwilqbp.ru/optBqz3kenYt37jgl5S5kf1gTJmHdGhghaFUMRz80Vp9996yNoqt67140
104.21.80.15
https://code.jquery.com/jquery-3.6.0.min.js
151.101.130.137
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.24.14
https://ra.zqwilqbp.ru/GDSherpa-regular.woff
104.21.80.15
https://ra.zqwilqbp.ru/GDSherpa-bold.woff
104.21.80.15
https://sr99r.kdyukk.ru/gando$3vpe601
104.21.84.180
https://www.alibaba.com
unknown
https://ra.zqwilqbp.ru/GDSherpa-regular.woff2
104.21.80.15
https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
18.164.124.91
https://ra.zqwilqbp.ru/GDSherpa-vf.woff2
104.21.80.15
http://c.pki.goog/r/r4.crl
142.251.32.99
https://ra.zqwilqbp.ru/favicon.ico
104.21.80.15
https://a.nel.cloudflare.com/report/v4?s=MQDmv8o1C9%2Fztv%2Fd8Iob4dy8DerNdrxsVzckr2qsLDKVKYJFEIEoTbznIP8QqJFsbqqDWWCHPaiIzumHwsZRGEji0cggwS0FD1qlMkjkVzui%2BgsicQh6mzk6sXjl
35.190.80.1
https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
18.164.124.91
https://ra.zqwilqbp.ru/GDSherpa-bold.woff2
104.21.80.15
https://github.com/fent)
unknown
https://ra.zqwilqbp.ru/xgegVlYDIc9GeHhFR6MAdRnFwVGfmkEonMUS5a3eCjs7o
104.21.80.15
https://a.nel.cloudflare.com/report/v4?s=tGZdnrDuQrqcQM%2Fc9eu2RkA9wAodZiPDLadSNTv7Oayof%2FM1FIO2Q0G18FPEWYfj9DzGCEKRw7OZj8AVk0WICX1WdpUOFjWtz22wNoIjGEBwC1NQOGamawITkuqI
35.190.80.1
https://ra.zqwilqbp.ru/mnopNAeX0pQTQLaqENJeaklIjvUfEgvUlhEecuDK90148
104.21.80.15
https://ra.zqwilqbp.ru/opR3o9Isj2OkcgFbv3gVkyNAJ96l3c7WroCSzuv1rTgk3D1F7RXKamC3OWWo1cd193
104.21.80.15
https://a.nel.cloudflare.com/report/v4?s=bh%2FLzOuWOE987KR8q%2BthmEQcmZyfKZ5LF8GDMRtd1XJjSOx7xQ40w04BLpi%2Fikx%2FY0HiXSH41wC4k9zwQSGRZHtRYu3FXUogs6VQq0QKgeX5tFR0p4sqsB%2FQ4Aoo
35.190.80.1
https://ra.zqwilqbp.ru/xyrOmP637duKHEzCRDxyulPij5uzgvo1d4Sfw
104.21.80.15
https://ra.zqwilqbp.ru/hdBKh67F6wljja4BkWDh77ZGakM10xKeJsu4slrRfjqjlqwTnUTPCZVetb
104.21.80.15
https://ra.zqwilqbp.ru/56ts3vQkF6me832n2I0kklyFST9MVlOeyQ67110
104.21.80.15
https://ra.zqwilqbp.ru/klFNMjE0RjZystVxQIEvycVFpijZ2RdEsfBHEpNotSUKurWN5Quv216
104.21.80.15
https://ra.zqwilqbp.ru/opfWflCwQeU4LB4Fpm8Zyp4TvstLKV52F00KBxOxgL2FivF8caef240
104.21.80.15
https://ra.zqwilqbp.ru/uvT4kcVgQFGLyFd8kTyDV1Sbiwav67m78EIPixC3bUDU4ElH8MYoLksgh254
104.21.80.15
http://c.pki.goog/r/gsr1.crl
142.251.32.99
https://ra.zqwilqbp.ru/kl8mXfXgo6nFv4ug9rir0Y8sky71ZG1qr6YpDVyGcVxYzWXZLtx1ksbab224
104.21.80.15
https://ra.zqwilqbp.ru/abTIXcV3SZGwpqubmHef30
104.21.80.15
https://ra.zqwilqbp.ru/34r6aqtNfNxyRtygTV8911
104.21.80.15
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
142.250.81.228
https://ra.zqwilqbp.ru/ijcCyCRgW0S8ZKaJVU4AecLCEA9383P9Q7vDQOYdmnhuOgfSxIIYz19n3nFponr12202
104.21.80.15
https://ra.zqwilqbp.ru/wxFGAHJwZKoKWwGkc4MO6LNrscyurvhym1oYG38y5bab176
104.21.80.15
https://ra.zqwilqbp.ru/GDSherpa-vf2.woff2
104.21.80.15
There are 29 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ra.zqwilqbp.ru
104.21.80.15
 malicious
a.nel.cloudflare.com
35.190.80.1
code.jquery.com
151.101.130.137
cdnjs.cloudflare.com
104.17.24.14
github.com
140.82.112.3
sr99r.kdyukk.ru
104.21.84.180
www.google.com
142.250.81.228
d19d360lklgih4.cloudfront.net
18.164.124.91
objects.githubusercontent.com
185.199.109.133
ok4static.oktacdn.com
unknown

IPs

IP
Domain
Country
Malicious
104.21.80.15
ra.zqwilqbp.ru
United States
malicious
104.17.24.14
cdnjs.cloudflare.com
United States
18.164.124.91
d19d360lklgih4.cloudfront.net
United States
140.82.112.3
github.com
United States
18.164.124.96
unknown
United States
192.168.2.4
unknown
unknown
104.21.84.180
sr99r.kdyukk.ru
United States
142.250.81.228
www.google.com
United States
151.101.130.137
code.jquery.com
United States
192.168.2.13
unknown
unknown
185.199.109.133
objects.githubusercontent.com
Netherlands
35.190.80.1
a.nel.cloudflare.com
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://ra.zqwilqbp.ru/SqYNKaI/
 malicious
https://ra.zqwilqbp.ru/yoyvtwxajomgibnefhnqcqlwjyb6qhourjo8384yl0pm8xlgw1e5mm?VMVTAHZGQXCSRQYWM
 malicious
https://ra.zqwilqbp.ru/yoyvtwxajomgibnefhnqcqlwjyb6qhourjo8384yl0pm8xlgw1e5mm?VMVTAHZGQXCSRQYWM
 malicious
https://ra.zqwilqbp.ru/yoyvtwxajomgibnefhnqcqlwjyb6qhourjo8384yl0pm8xlgw1e5mm?VMVTAHZGQXCSRQYWM
 malicious
https://ra.zqwilqbp.ru/SqYNKaI/