IOC Report
https://momshi.gq/secure/MailUpdateFresh

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\4a599cc1-953b-4a36-ac02-943d11ed66b9.tmp
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\8e446481-1d29-4d86-aa4c-e060d4206052.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\26ae99c0-286c-4659-9e39-ad53e5547473.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\2844603e-1a2e-48b5-b0bd-ac93faddd724.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
zlib compressed data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\ca2e76b2-f365-47c4-ab59-ec5a361ff8c6.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d06c6795-bff5-4def-a070-df6cccdf5158.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d15fca5d-08b6-4733-958e-936bb0e66765.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\d4c91a90-595d-4694-9ca3-e3917ed623f9.tmp
very short file (no magic)
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\daa6b740-7dbd-4c49-b1ae-91bf6291846a.tmp
MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
modified
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\ef939728-6214-4ae2-b16a-6af67c15b51d.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\4a26d9d8-492c-499b-a158-bb369318870c.tmp
Google Chrome extension, version 3
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\bg\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ca\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\cs\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\da\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\de\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\el\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\en\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\es\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\es_419\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\et\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fi\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\fr\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hi\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hr\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\hu\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\id\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\it\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ja\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\ko\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\lt\messages.json
ASCII text, with very long lines
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\alfredo\AppData\Local\Temp\scoped_dir3084_1801237550\CRX_INSTALL\manifest.json
ASCII text
dropped
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Little-endian UTF-16 Unicode text, with no line terminators
dropped
There are 45 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://momshi.gq/secure/MailUpdateFresh
malicious
https://momshi.gq/secure/MailUpdateFresh/?err=S58O5UVNPFJAHMCEGTQ&dispatch=C08&id=AC3ba2a62B47C134a9BA25C10B239b
malicious

Domains

Name
IP
Malicious
accounts.google.com
142.250.185.141
cdnjs.cloudflare.com
104.17.24.14
clients.l.google.com
142.250.186.174
momshi.gq
91.209.70.20
clients2.google.com
unknown
cdn.jsdelivr.net
unknown

IPs

IP
Domain
Country
Malicious
142.250.185.99
unknown
United States
104.17.24.14
cdnjs.cloudflare.com
United States
142.250.74.202
unknown
United States
142.250.185.67
unknown
United States
192.168.2.1
unknown
unknown
216.58.212.142
unknown
United States
142.250.186.174
clients.l.google.com
United States
104.16.89.20
unknown
United States
74.125.111.134
unknown
United States
239.255.255.250
unknown
Reserved
142.250.185.141
accounts.google.com
United States
91.209.70.20
momshi.gq
Russian Federation
142.251.36.99
unknown
United States
127.0.0.1
unknown
unknown
There are 4 hidden IPs, click here to show them.