IOC Report
https://3whgjmwz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fapp.srnirks.com%2F404/1/0102018e856c8977-9058a561-39bf-4bb4-9afc-b17efa784e9e-000000/Np9Itoo_SUiSe2vb06UHBTA2BQ8=367

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 16:49:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 16:49:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 16:49:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 16:49:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 16:49:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 101
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 102
ASCII text, with very long lines (1222), with no line terminators
downloaded
Chrome Cache Entry: 103
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 104
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
downloaded
Chrome Cache Entry: 105
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 106
HTML document, Unicode text, UTF-8 text, with very long lines (3121), with no line terminators
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (596)
downloaded
Chrome Cache Entry: 108
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 109
ASCII text, with very long lines (56398), with no line terminators
downloaded
Chrome Cache Entry: 110
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 111
PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 112
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (17572)
downloaded
Chrome Cache Entry: 114
PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 115
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 116
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 117
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
downloaded
Chrome Cache Entry: 118
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
dropped
Chrome Cache Entry: 119
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 120
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 121
HTML document, ASCII text
dropped
Chrome Cache Entry: 122
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 123
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 124
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 125
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 83
gzip compressed data, from Unix, original size modulo 2^32 45573
downloaded
Chrome Cache Entry: 84
PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 85
PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 86
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 87
ASCII text, with very long lines (596)
downloaded
Chrome Cache Entry: 88
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 89
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 90
gzip compressed data, from Unix, original size modulo 2^32 37782
downloaded
Chrome Cache Entry: 91
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 92
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 93
ASCII text, with very long lines (17572)
downloaded
Chrome Cache Entry: 94
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (56398), with no line terminators
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (596)
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (1222), with no line terminators
downloaded
Chrome Cache Entry: 98
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 99
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
There are 40 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2236,i,12720243314954454947,397381942915017203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3whgjmwz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fapp.srnirks.com%2F404/1/0102018e856c8977-9058a561-39bf-4bb4-9afc-b17efa784e9e-000000/Np9Itoo_SUiSe2vb06UHBTA2BQ8=367"

URLs

Name
IP
Malicious
https://3whgjmwz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fapp.srnirks.com%2F404/1/0102018e856c8977-9058a561-39bf-4bb4-9afc-b17efa784e9e-000000/Np9Itoo_SUiSe2vb06UHBTA2BQ8=367
malicious
https://app.srnirks.com/404
malicious
https://www.google.com/recaptcha/api2/reload?k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
142.251.167.104
https://assets-global.website-files.com/65c5969540d7964fede2d833/css/recaptcha-d2a98f.webflow.314006
unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
142.251.111.106
https://support.google.com/recaptcha#6262736
unknown
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://www.recaptcha.net/favicon.ico
172.253.62.94
https://recaptcha.net
unknown
https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m
unknown
https://www.google.com/js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js
172.253.62.105
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA75-hMLkR7_PsvvjUkb7St2-v0OJbEk0mOs5k0J9UWnR-WHJfsHWrQpjBFWFv6onC4KgSwY-nEH94You4tb1m-uwUySDGCBvalywlX3X1bB3Li9gknKFPLp3l5-LZryjPU3Yn25_6jxgBRA4_DDQejXzEjrnbyz-Q4WElmqwq9ZdPADbn2x2H-XQB4QOMS6NJFRsuju&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
142.251.167.104
https://assets-global.website-files.com/img/webclip.png
unknown
https://www.google.com/images/errors/robot.png
142.251.111.106
https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
unknown
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65c5969540d7964fede2d833
108.138.61.162
about:blank
https://assets-global.website-files.com/65c5969540d7964fede2d833/js/webflow.d198cd1e8.js
108.138.85.13
https://assets-global.website-files.com/65c5969540d7964fede2d833/css/recaptcha-d2a98f.webflow.3140063b2.css
108.138.85.13
https://assets-global.website-files.com/65c5969540d7964fede2d833/65d602a2fd28dd47e654cccd_microsoft.
unknown
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://www.google.com/favicon.ico
142.251.167.104
https://cloud.google.com/contact
unknown
http://recaptcha.com/
172.253.62.106
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://3whgjmwz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fapp.srnirks.com%2F404/1/0102018e856c8977-9058a561-39bf-4bb4-9afc-b17efa784e9e-000000/Np9Itoo_SUiSe2vb06UHBTA2BQ8=367
54.77.34.3
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf
172.253.62.105
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LcNUacpAAAAAMdtTkaCw4kCBoIrVcNwCUV4_TxM
https://www.google.com/recaptcha/api.js
172.253.122.105
https://support.google.com/recaptcha/#6175971
unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=VOokcUoFC1Iq2-9w2rpdxnZxZ7l4ZQseVTgkM2JwMpuHpmKo9iuR74y1LG1G2Xrauqb0iqzZvGOsxjFCek5gO_xX8-Ab91gUcJQJYSBwkzXFvj0g7XgIq-6sA5KaQaJfTyRaY2X8peHLSvb6_H8mYbMZR57336nu0Q73whypRICgm0YptNFWGVVUlEx6jYq_zqg0v8VZBEavrlTAF_oE7rycdLpqHwR0rh6JYYHSrNkzMOiYkbTpDbE3T3CL2pYElY3LsHVJudp75PEF_cAV81GA3L8bfAE&cb=4e2qm8i2yxa4
https://assets-global.website-files.com/65c5969540d7964fede2d833/65d602a2fd28dd47e654cccd_microsoft.png
108.138.85.13
http://recaptcha.com
unknown
https://login.fareshome.org/RnODKGuQ
unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNUacpAAAAAMdtTkaCw4kCBoIrVcNwCUV4_TxM&co=aHR0cHM6Ly9hcHAuc3JuaXJrcy5jb206NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=32bzzmaf9kyt
https://www.google.com/recaptcha/api2/
unknown
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65c5969540d7964fede2d83
unknown
https://www.google.com/
142.251.167.104
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGOvblrAGIjDyEQixNjH86tPuXAj0ChmUyBaDxDz8jZHSNn50UcV9pyg0tv1gIozpehizk1Ub9E8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://support.google.com/recaptcha
unknown
https://www.recaptcha.net/
There are 34 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
proxy-ssl-geo.webflow.com
34.234.52.18
d3e54v103j8qbb.cloudfront.net
108.138.61.162
recaptcha.com
172.253.62.106
www.recaptcha.net
172.253.62.94
d3vmvmej3wjbxn.cloudfront.net
108.138.85.13
www.google.com
172.253.122.105
baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com
54.77.34.3
fp2e7a.wpc.phicdn.net
192.229.211.108
app.srnirks.com
unknown
assets-global.website-files.com
unknown
3whgjmwz.r.eu-west-1.awstrack.me
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.253.122.105
www.google.com
United States
54.77.34.3
baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com
United States
172.253.62.94
www.recaptcha.net
United States
142.251.16.103
unknown
United States
142.251.167.104
unknown
United States
192.168.2.5
unknown
unknown
142.251.111.106
unknown
United States
239.255.255.250
unknown
Reserved
34.234.52.18
proxy-ssl-geo.webflow.com
United States
172.253.62.105
unknown
United States
172.253.62.106
recaptcha.com
United States
108.138.85.13
d3vmvmej3wjbxn.cloudfront.net
United States
108.138.85.79
unknown
United States
108.138.61.162
d3e54v103j8qbb.cloudfront.net
United States
There are 4 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://app.srnirks.com/404
https://app.srnirks.com/404
about:blank
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNUacpAAAAAMdtTkaCw4kCBoIrVcNwCUV4_TxM&co=aHR0cHM6Ly9hcHAuc3JuaXJrcy5jb206NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=32bzzmaf9kyt
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LcNUacpAAAAAMdtTkaCw4kCBoIrVcNwCUV4_TxM
https://www.recaptcha.net/
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGOvblrAGIjDyEQixNjH86tPuXAj0ChmUyBaDxDz8jZHSNn50UcV9pyg0tv1gIozpehizk1Ub9E8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGOvblrAGIjDyEQixNjH86tPuXAj0ChmUyBaDxDz8jZHSNn50UcV9pyg0tv1gIozpehizk1Ub9E8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGOvblrAGIjDyEQixNjH86tPuXAj0ChmUyBaDxDz8jZHSNn50UcV9pyg0tv1gIozpehizk1Ub9E8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmpTArGOvblrAGIjDyEQixNjH86tPuXAj0ChmUyBaDxDz8jZHSNn50UcV9pyg0tv1gIozpehizk1Ub9E8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=VOokcUoFC1Iq2-9w2rpdxnZxZ7l4ZQseVTgkM2JwMpuHpmKo9iuR74y1LG1G2Xrauqb0iqzZvGOsxjFCek5gO_xX8-Ab91gUcJQJYSBwkzXFvj0g7XgIq-6sA5KaQaJfTyRaY2X8peHLSvb6_H8mYbMZR57336nu0Q73whypRICgm0YptNFWGVVUlEx6jYq_zqg0v8VZBEavrlTAF_oE7rycdLpqHwR0rh6JYYHSrNkzMOiYkbTpDbE3T3CL2pYElY3LsHVJudp75PEF_cAV81GA3L8bfAE&cb=4e2qm8i2yxa4
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=VOokcUoFC1Iq2-9w2rpdxnZxZ7l4ZQseVTgkM2JwMpuHpmKo9iuR74y1LG1G2Xrauqb0iqzZvGOsxjFCek5gO_xX8-Ab91gUcJQJYSBwkzXFvj0g7XgIq-6sA5KaQaJfTyRaY2X8peHLSvb6_H8mYbMZR57336nu0Q73whypRICgm0YptNFWGVVUlEx6jYq_zqg0v8VZBEavrlTAF_oE7rycdLpqHwR0rh6JYYHSrNkzMOiYkbTpDbE3T3CL2pYElY3LsHVJudp75PEF_cAV81GA3L8bfAE&cb=4e2qm8i2yxa4
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=VOokcUoFC1Iq2-9w2rpdxnZxZ7l4ZQseVTgkM2JwMpuHpmKo9iuR74y1LG1G2Xrauqb0iqzZvGOsxjFCek5gO_xX8-Ab91gUcJQJYSBwkzXFvj0g7XgIq-6sA5KaQaJfTyRaY2X8peHLSvb6_H8mYbMZR57336nu0Q73whypRICgm0YptNFWGVVUlEx6jYq_zqg0v8VZBEavrlTAF_oE7rycdLpqHwR0rh6JYYHSrNkzMOiYkbTpDbE3T3CL2pYElY3LsHVJudp75PEF_cAV81GA3L8bfAE&cb=4e2qm8i2yxa4
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
There are 4 hidden doms, click here to show them.