IOC Report
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\1376a610-eb79-4288-a37f-9a0ef8114425.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\30cca6b5-d4a3-4dff-bb50-6f64e731fe53.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\4779d722-47ff-4cac-84f3-b70b408a52ab.tmp
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\0cc94e7a-de06-4234-884b-2a82d8de767c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\4211a6e2-b66c-47cf-ac26-337c04e54cd3.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\5408dd04-4dbd-4df3-bc58-35c35ab41195.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\5593a912-6ca8-4130-a0d9-665bb3897600.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\64f747cf-adb3-4802-8299-08dd540e42b5.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\9e1ad480-47ee-4981-a32f-fd3f17437585.tmp
very short file (no magic)
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\21aa054b-8738-44c1-8590-64fef0b597b5.tmp
ASCII text, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\ada08d48-c51a-4a2a-b730-ed268f2148bb.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\c2e482cc-4d9a-47a8-9020-70249b71de23.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\e6c22bc6-bbd0-4263-b773-4659c280863b.tmp
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
modified
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\alfredo\AppData\Local\Temp\025fff9c-c297-4571-bcca-e6d9246a2e28.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
dropped
C:\Users\alfredo\AppData\Local\Temp\1282e184-3a87-4aeb-8e3d-b4db6e66228b.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
dropped
C:\Users\alfredo\AppData\Local\Temp\85cd035a-be3f-4977-b1bb-77ebe810d65f.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
dropped
C:\Users\alfredo\AppData\Local\Temp\9e13677c-be93-4c97-93d6-7fb8f39c84d6.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
dropped
C:\Users\alfredo\AppData\Local\Temp\b9b1b15d-bc49-4060-b484-e7ebfd19d88b.tmp
Google Chrome extension, version 3
dropped
C:\Users\alfredo\AppData\Local\Temp\c7a406f7-7b53-4664-9889-b4891eda9a6a.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
dropped
C:\Users\alfredo\AppData\Local\Temp\da35b806-cd0a-4d60-b750-7dfcb192a0bc.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\bg\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\ca\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\cs\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\da\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\de\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\el\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\en\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\es\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\es_419\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\et\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\fi\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\fr\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\hi\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\hr\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\hu\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\id\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\it\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\ja\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\ko\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\lt\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\lv\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\nb\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\pl\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\pt_BR\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\pt_PT\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\ro\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\ru\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\sk\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\sl\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\sr\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\sv\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\th\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\tr\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\uk\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\vi\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\zh_CN\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\_locales\zh_TW\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir6056_300474134\CRX_INSTALL\manifest.json
ASCII text
dropped
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Little-endian UTF-16 Unicode text, with no line terminators
dropped
There are 72 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://w2globaldata.cabildodeagayu.com/1/?e=bGVzLmZyZWVsYW5kQHcyZ2xvYmFsZGF0YS5jb20=
malicious
https://w2globaldata.cabildodeagayu.com/1/main/
malicious
https://w2globaldata.cabildodeagayu.com/1/main/main.php
malicious
https://www.google.com/recaptcha/api2/bframe?hl=en&v=0aeEuuJmrVqDrEL39Fsg5-UJ&k=6LcJNLsfAAAAAFLIycbaJnhsCkE1TOU4w9VVo21f
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcJNLsfAAAAAFLIycbaJnhsCkE1TOU4w9VVo21f&co=aHR0cHM6Ly93Mmdsb2JhbGRhdGEuY2FiaWxkb2RlYWdheXUuY29tOjQ0Mw..&hl=en&v=0aeEuuJmrVqDrEL39Fsg5-UJ&size=normal&cb=v5xgy7uvez7y

Domains

Name
IP
Malicious
stackpath.bootstrapcdn.com
104.18.10.207
gstaticadssl.l.google.com
216.58.215.227
d26p066pn2w0s0.cloudfront.net
108.157.4.80
accounts.google.com
142.250.203.109
cdnjs.cloudflare.com
104.17.24.14
maxcdn.bootstrapcdn.com
104.18.11.207
www.google.com
142.250.181.228
clients.l.google.com
216.58.215.238
w2globaldata.cabildodeagayu.com
190.8.176.18
clients2.google.com
unknown
logo.clearbit.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.186.35
unknown
United States
142.250.203.106
unknown
United States
104.17.24.14
cdnjs.cloudflare.com
United States
142.250.186.67
unknown
United States
192.168.2.1
unknown
unknown
104.18.10.207
stackpath.bootstrapcdn.com
United States
216.58.215.238
clients.l.google.com
United States
216.58.215.227
gstaticadssl.l.google.com
United States
142.250.203.110
unknown
United States
104.18.11.207
maxcdn.bootstrapcdn.com
United States
239.255.255.250
unknown
Reserved
142.250.181.228
www.google.com
United States
190.8.176.18
w2globaldata.cabildodeagayu.com
Colombia
216.58.212.163
unknown
United States
142.250.203.99
unknown
United States
127.0.0.1
unknown
unknown
74.125.162.166
unknown
United States
142.250.203.109
accounts.google.com
United States
108.157.4.80
d26p066pn2w0s0.cloudfront.net
United States
There are 9 hidden IPs, click here to show them.