IOC Report
http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:09:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:09:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:09:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:09:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:09:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 70
ASCII text, with very long lines (809)
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (10208)
downloaded
Chrome Cache Entry: 72
HTML document, ASCII text, with very long lines (8006), with CRLF line terminators
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (1222), with no line terminators
downloaded
Chrome Cache Entry: 74
ASCII text, with very long lines (631)
downloaded
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,8407640223723030326,17852212348468872010,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://249208506065339175713065343682620339232232032338309340364496680261609853560675097851030655341200131817362917853377759200390001605154889513680026748787630195/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1996,i,5348041525371635847,14340950988015630701,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!"

URLs

Name
IP
Malicious
http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!
malicious
https://nabbeton.com/!/
malicious
http://www.ensp.fiocruz.br/portal-ensp/entrevista/counter.php?content=http://owens-minor.com&contentid=32190&link=https://nabbeton.com/!
157.86.160.90
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://www.google.com/recaptcha/api.js?render=6LeHuMMpAAAAABiEPEEmflNkcOSMpz3Up0FkOmgt
142.250.217.164
https://nabbeton.com/resources/favicon.ico
217.144.104.57
https://www.jsdelivr.com/using-sri-with-dynamic-files
unknown
https://support.google.com/recaptcha#6262736
unknown
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://recaptcha.net
unknown
https://www.apache.org/licenses/
unknown
https://www.google.com/async/newtab_promos
142.251.35.228
https://cdn.jsdelivr.net/npm/js-md5@0.8.3/src/md5.min.js
151.101.193.229
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://cloud.google.com/contact
unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGO-yrrEGIjA3Di4n3jLhf7YYe14eUY5-POAkzsl9dp29LpX0CansmO7MyI_rKsyHGyBKQ-52JUUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.251.35.228
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.251.35.228
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGO-yrrEGIjB0usfR5Df6b3J8P-rVLSoVvnY06M_y4O82xJv3_oF7fIYO2jhpCowgSZeUajpdrWcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.251.35.228
https://support.google.com/recaptcha/#6175971
unknown
https://kt-met-it.com/b11cc541-9bfb-4e51-a5aa-12444985cd29/c9YMDpstwYbAHlgdSi
unknown
https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
unknown
https://cdn.jsdelivr.net/npm/js-md5
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.251.35.228
https://www.google.com/recaptcha/api2/
unknown
https://nabbeton.com/!
217.144.104.57
https://github.com/emn178/js-md5
unknown
https://support.google.com/recaptcha
unknown
There are 19 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
nabbeton.com
217.144.104.57
jsdelivr.map.fastly.net
151.101.193.229
bg.microsoft.map.fastly.net
199.232.210.172
www.ensp.fiocruz.br
157.86.160.90
www.google.com
142.251.35.228
fp2e7a.wpc.phicdn.net
192.229.211.108
cdn.jsdelivr.net
unknown

IPs

IP
Domain
Country
Malicious
151.101.193.229
jsdelivr.map.fastly.net
United States
192.168.2.5
unknown
unknown
142.250.217.164
unknown
United States
239.255.255.250
unknown
Reserved
142.251.35.228
www.google.com
United States
157.86.160.90
www.ensp.fiocruz.br
Brazil
217.144.104.57
nabbeton.com
Iran (ISLAMIC Republic Of)

DOM / HTML

URL
Malicious
https://nabbeton.com/!/
https://nabbeton.com/!/
https://nabbeton.com/!/