IOC Report
https://cgpsco.rahalat.net/conta

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:49:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:49:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:49:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:49:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 08:49:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 101
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1280x465, components 3
dropped
Chrome Cache Entry: 102
PNG image data, 140 x 58, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 103
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (12828), with no line terminators
downloaded
Chrome Cache Entry: 105
PNG image data, 854 x 918, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 106
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (65446), with CRLF line terminators
dropped
Chrome Cache Entry: 108
ASCII text, with very long lines (1543)
downloaded
Chrome Cache Entry: 109
PNG image data, 1280 x 465, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 110
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 111
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 112
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 113
PNG image data, 854 x 918, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 114
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 115
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 116
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 117
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 118
PNG image data, 1280 x 465, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 119
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 120
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 121
PNG image data, 72 x 78, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 122
GIF image data, version 89a, 100 x 100
downloaded
Chrome Cache Entry: 123
PNG image data, 21 x 13, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 124
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 125
PNG image data, 311 x 121, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 126
PNG image data, 269 x 97, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 127
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 128
PNG image data, 1280 x 465, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 129
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 130
PNG image data, 311 x 121, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 131
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 132
GIF image data, version 89a, 100 x 100
dropped
Chrome Cache Entry: 133
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 134
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1280x465, components 3
downloaded
Chrome Cache Entry: 135
PNG image data, 21 x 13, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 136
PNG image data, 140 x 58, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 137
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 138
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 139
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 75
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 76
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 77
ASCII text, with very long lines (65446), with CRLF line terminators
downloaded
Chrome Cache Entry: 78
PNG image data, 72 x 78, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 79
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 80
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 81
PNG image data, 311 x 121, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 82
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 83
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 84
PNG image data, 311 x 121, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 85
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 86
PNG image data, 311 x 121, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 87
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 88
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 89
PNG image data, 1280 x 465, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 90
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 91
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 92
PNG image data, 311 x 121, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 93
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 94
ASCII text
downloaded
Chrome Cache Entry: 95
PNG image data, 269 x 97, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 96
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 97
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 98
Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
downloaded
Chrome Cache Entry: 99
PNG image data, 311 x 161, 8-bit/color RGBA, non-interlaced
dropped
There are 62 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2032,i,6540123398587380340,2988315533709877902,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cgpsco.rahalat.net/conta"

URLs

Name
IP
Malicious
https://cgpsco.rahalat.net/conta
malicious
https://cgpsco.rahalat.net/conta/web/info.php
malicious
https://cgpsco.rahalat.net/conta/
108.179.211.49
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/1-autoestradas.png
212.82.233.130
https://bugs.webkit.org/show_bug.cgi?id=136851
unknown
https://www.viaverde.pt/Portals/0/Imagens/Destaques/WidgetVVC2021/AlterarMatricula.png
212.82.233.130
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/css/skin.css?cdv=4711
212.82.233.130
https://cgpsco.rahalat.net/conta/panel/classes/processor.php
108.179.211.49
https://jsperf.com/thor-indexof-vs-for/5
unknown
https://bugs.jquery.com/ticket/12359
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/css/libs.css?cdv=4711
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/5-ferries.png
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/Destaques/WidgetVVC2021/PagamentoPortagens.png
212.82.233.130
https://html.spec.whatwg.org/#strip-and-collapse-whitespace
unknown
https://cgpsco.rahalat.net/conta
108.179.211.49
https://promisesaplus.com/#point-75
unknown
https://www.viaverde.pt/Portals/0/Imagens/Destaques/WidgetVVC2021/DadosContracto.png
212.82.233.130
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/fonts/Prometo_W_Rg.ttf
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/7-farmadrive.png
212.82.233.130
https://drafts.csswg.org/cssom/#common-serializing-idioms
unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
unknown
https://www.viaverde.pt/Portals/0/Imagens/Destaques/WidgetVVC2021/aderir.png
212.82.233.130
https://bugs.webkit.org/show_bug.cgi?id=29084
unknown
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
unknown
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/app-estacionar-figure.png
212.82.233.130
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
unknown
https://cgpsco.rahalat.net/conta/web
108.179.211.49
https://github.com/jquery/jquery/pull/557)
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=378607
unknown
https://drafts.csswg.org/selectors/#forgiving-selector
unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
unknown
https://www.viaverde.pt/Portals/0/Imagens/Destaques/Adesao_ongoing/VV_1280x465.jpg?ver=2020-07-14-120733-000
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/3-abastecimento.png
212.82.233.130
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=470258
unknown
https://bugs.jquery.com/ticket/13378
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/images/nav-header-main-arrow.png
212.82.233.130
https://promisesaplus.com/#point-64
unknown
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/2-traveller.png
212.82.233.130
https://drafts.csswg.org/css-conditional-4/#dfn-support-selector
unknown
https://drafts.csswg.org/css-conditional-4/#typedef-supports-selector-fn
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/css/fonts.css?cdv=4711
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/Destaques/Parceria%20bp/ParceriaBP_Banner_1280x465_1.png?ver=2022-06-30-190019-003
212.82.233.130
https://promisesaplus.com/#point-61
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/fonts/Prometo_W_Md.woff
212.82.233.130
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/images/brand-logo_header-shrinked.svg
212.82.233.130
https://drafts.csswg.org/cssom/#resolved-values
unknown
https://www.viaverde.pt/Portals/0/favicon.ico?ver=2015-08-08-112712-767
212.82.233.130
https://bugs.chromium.org/p/chromium/issues/detail?id=589347
unknown
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/unnamed-2.png
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/Destaques/Estacionar/Novas_Localidades/BannerSite_1280x465_HP.png?ver=2022-06-27-185819-840
212.82.233.130
https://html.spec.whatwg.org/#nonce-attributes
unknown
https://www.viaverde.pt/DesktopModules/Admin/Authentication/module.css?cdv=4711
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/Brisa_VV_SiteVelholustracoes_JC_v27-44.png
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/Icons/livro_reclamacoes.png?1
212.82.233.130
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/images/brand-logo_footer.svg
212.82.233.130
https://promisesaplus.com/#point-59
unknown
https://jsperf.com/getall-vs-sizzle/2
unknown
https://promisesaplus.com/#point-57
unknown
https://cgpsco.rahalat.net/conta/web/
108.179.211.49
https://www.viaverde.pt/Portals/0/img-cms/banner-app-viaverde-01.png?w=0&h=0
212.82.233.130
https://cgpsco.rahalat.net/conta/web/jq.js
108.179.211.49
https://promisesaplus.com/#point-54
unknown
https://drafts.csswg.org/selectors/#relational
unknown
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/6-mcdrive.png
212.82.233.130
https://html.spec.whatwg.org/multipage/forms.html#category-listed
unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
unknown
https://www.viaverde.pt/Portals/0/Imagens/Destaques/WidgetVVC2021/MovimentosExtractos.png
212.82.233.130
https://developer.mozilla.org/en-US/docs/CSS/display
unknown
https://www.viaverde.pt/Portals/0/Imagens/Destaques/WidgetVVC2021/LuzAmarela.png
212.82.233.130
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/fonts/Prometo_W_Md.ttf
212.82.233.130
https://jquery.org/license
unknown
https://cgpsco.rahalat.net/conta/panel/res/jq.js
108.179.211.49
https://jquery.com/
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/fonts/Prometo_W_Bd.woff
212.82.233.130
https://bugs.webkit.org/show_bug.cgi?id=137337
unknown
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/images/load.gif
212.82.233.130
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/fonts/Prometo_W_Bd.ttf
212.82.233.130
https://promisesaplus.com/#point-48
unknown
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/4-estacionamento.png
212.82.233.130
https://www.viaverde.pt/Portals/0/Imagens/ServicosMobilidade/vvelectric.png
212.82.233.130
https://github.com/jquery/sizzle/pull/225
unknown
https://bugs.jquery.com/ticket/4833
unknown
https://github.com/whatwg/html/issues/2369
unknown
https://sizzlejs.com/
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=449857
unknown
https://js.foundation/
unknown
https://bugs.jquery.com/ticket/13393
unknown
https://www.viaverde.pt/Portals/_default/skins/viaverde2/assets/fonts/Prometo_W_Rg.woff
212.82.233.130
There are 80 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cgpsco.rahalat.net
108.179.211.49
 malicious
www.viaverde.pt.a.global.clara.net
212.82.233.130
www.google.com
142.250.181.100
eu4-cdn.inside-graph.com
unknown
www.viaverde.pt
unknown

IPs

IP
Domain
Country
Malicious
108.179.211.49
cgpsco.rahalat.net
United States
malicious
192.168.2.16
unknown
unknown
212.82.233.130
www.viaverde.pt.a.global.clara.net
Germany
192.168.2.5
unknown
unknown
142.250.181.100
www.google.com
United States
239.255.255.250
unknown
Reserved

DOM / HTML

URL
Malicious
https://cgpsco.rahalat.net/conta/web/info.php
 malicious