IOC Report
https://0mn2u.mjt.lu/lnk/AVIAAFZb0uwAAAAAAAAAAARnErIAAAAACHIAAAAAABuCqwBifrg5FooXJAnqQU2r-rr5qfRwQwAaZds/2/iOFHmmb3IVHtVUac8Ph3mg/aHR0cHM6Ly9iYWZ5YmVpZzM3d3dydnRzdmx0Y3FjZ2xtam51cGxwYmxqeTdrcWJ1NnpkdGp1eGU3cjQ3b21kbWwzaS5pcGZzLm5mdHN0b3JhZ2UubGluay8jbG1vbnRhbm9AcGVhcmxob2xkaW5nLmNvbQ#lmontano@pearlh

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\078ab4d3-e447-4688-b40d-7785fe836a84.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\0a28e5be-0853-41eb-9a76-7e215a9893af.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\161e7bf9-9b14-4664-afe2-245ca89d4b0f.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\53f5e855-4c5a-4422-a626-f1a5cf2a90bb.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\659ed5ee-c781-42bc-9cb4-63a1c0f40779.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\125ab7c0-c7e5-4a8c-b020-7c446d500507.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a10749b4-5795-4721-8c64-118799c49321.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a664051d-8bdb-445d-96de-72008789c5a0.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b5b67b44-dc43-4271-929b-ba64e5caca56.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d4f8dd2a-bd02-48a4-ae2c-1ed0ab677f2a.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\e3d602d4-0903-49b1-a560-951037453491.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\d65dab61-3947-4533-a8df-ccf60e4de12e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\f1ae4634-e615-4e34-a119-7059f5e6b120.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\sr\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\sv\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\th\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\tr\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\uk\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\vi\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\zh_CN\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_locales\zh_TW\messages.json
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6068_629872504\f1ae4634-e615-4e34-a119-7059f5e6b120.tmp
Google Chrome extension, version 3
dropped
There are 76 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://0mn2u.mjt.lu/lnk/AVIAAFZb0uwAAAAAAAAAAARnErIAAAAACHIAAAAAABuCqwBifrg5FooXJAnqQU2r-rr5qfRwQwAaZds/2/iOFHmmb3IVHtVUac8Ph3mg/aHR0cHM6Ly9iYWZ5YmVpZzM3d3dydnRzdmx0Y3FjZ2xtam51cGxwYmxqeTdrcWJ1NnpkdGp1eGU3cjQ3b21kbWwzaS5pcGZzLm5mdHN0b3JhZ2UubGluay8jbG1vbnRhbm9AcGVhcmxob2xkaW5nLmNvbQ#lmontano@pearlholding.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,10650677681214137694,5715659604974136229,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8

URLs

Name
IP
Malicious
https://0mn2u.mjt.lu/lnk/AVIAAFZb0uwAAAAAAAAAAARnErIAAAAACHIAAAAAABuCqwBifrg5FooXJAnqQU2r-rr5qfRwQwAaZds/2/iOFHmmb3IVHtVUac8Ph3mg/aHR0cHM6Ly9iYWZ5YmVpZzM3d3dydnRzdmx0Y3FjZ2xtam51cGxwYmxqeTdrcWJ1NnpkdGp1eGU3cjQ3b21kbWwzaS5pcGZzLm5mdHN0b3JhZ2UubGluay8jbG1vbnRhbm9AcGVhcmxob2xkaW5nLmNvbQ#lmontano@pearlholding.com
malicious
https://bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link/favicon.ico
104.18.6.107
 malicious
https://bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link/#lmontano
unknown
 malicious
https://bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link/#lmontano@pearlholding.com
malicious
https://bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link/
104.18.6.107
 malicious
https://dns.google
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://ogs.google.com
unknown
https://www.google.com/images/cleardot.gif
unknown
https://play.google.com
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.185.238
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
172.217.168.45
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://0mn2u.mjt.lu/lnk/AVIAAFZb0uwAAAAAAAAAAARnErIAAAAACHIAAAAAABuCqwBifrg5FooXJAnqQU2r-rr5qfRwQwA
unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
104.18.11.207
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://www.google.com/images/x2.gif
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
104.18.10.207
https://accounts.google.com/MergeSession
unknown
https://www.google.com
unknown
https://www.google.com/images/dot2.gif
unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.24.14
https://accounts.google.com
unknown
https://clients2.googleusercontent.com
unknown
https://apis.google.com
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.10.207
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://0mn2u.mjt.lu/lnk/AVIAAFZb0uwAAAAAAAAAAARnErIAAAAACHIAAAAAABuCqwBifrg5FooXJAnqQU2r-rr5qfRwQwAaZds/2/iOFHmmb3IVHtVUac8Ph3mg/aHR0cHM6Ly9iYWZ5YmVpZzM3d3dydnRzdmx0Y3FjZ2xtam51cGxwYmxqeTdrcWJ1NnpkdGp1eGU3cjQ3b21kbWwzaS5pcGZzLm5mdHN0b3JhZ2UubGluay8jbG1vbnRhbm9AcGVhcmxob2xkaW5nLmNvbQ
35.241.186.140
https://www.google.com/
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://clients2.google.com/service/update2/crx
unknown
There are 22 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
stackpath.bootstrapcdn.com
104.18.11.207
gstaticadssl.l.google.com
142.250.74.195
accounts.google.com
172.217.168.45
0mn2u.mjt.lu
35.241.186.140
bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link
104.18.6.107
cdnjs.cloudflare.com
104.17.24.14
maxcdn.bootstrapcdn.com
104.18.10.207
clients.l.google.com
142.250.185.238
clients2.google.com
unknown
ka-f.fontawesome.com
unknown
code.jquery.com
unknown
kit.fontawesome.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
192.168.2.1
unknown
unknown
104.18.10.207
maxcdn.bootstrapcdn.com
United States
35.241.186.140
0mn2u.mjt.lu
United States
142.250.185.238
clients.l.google.com
United States
104.18.6.107
bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link
United States
104.18.11.207
stackpath.bootstrapcdn.com
United States
172.217.168.45
accounts.google.com
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
142.250.74.195
gstaticadssl.l.google.com
United States
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
There are 32 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
16E5DAD0000
remote allocation
page read and write
51E78FF000
stack
page read and write
25077602000
trusted library allocation
page read and write
2C5F0000000
heap
page read and write
16E5DC3B000
heap
page read and write
16E5D970000
trusted library allocation
page read and write
C8DCF7E000
stack
page read and write
5E7DB7B000
stack
page read and write
16E58502000
heap
page read and write
3EED5FE000
stack
page read and write
51E75FD000
stack
page read and write
76346FF000
stack
page read and write
16E597C3000
trusted library allocation
page read and write
B56F1FC000
stack
page read and write
5E7DBFE000
stack
page read and write
5E7E27E000
stack
page read and write
16E5848A000
heap
page read and write
16E5847A000
heap
page read and write
16E5849F000
heap
page read and write
16E5D978000
trusted library allocation
page read and write
16E58C00000
heap
page read and write
3EED6FE000
stack
page read and write
25076DA0000
remote allocation
page read and write
7633FDE000
stack
page read and write
16E58413000
heap
page read and write
3EED8FE000
stack
page read and write
25C31400000
heap
page read and write
2C677E42000
heap
page read and write
25C31280000
heap
page read and write
B56FA7E000
stack
page read and write
16E58400000
heap
page read and write
16E5D9A0000
trusted library allocation
page read and write
256DE908000
heap
page read and write
25C314E2000
heap
page read and write
16E5DC00000
heap
page read and write
C8DCBDE000
stack
page read and write
25076F02000
heap
page read and write
23802865000
heap
page read and write
B56F17F000
stack
page read and write
256DE85A000
heap
page read and write
25C31442000
heap
page read and write
16E5DCC8000
heap
page read and write
256DF002000
trusted library allocation
page read and write
3EED67F000
stack
page read and write
2C677E7A000
heap
page read and write
25076E40000
heap
page read and write
5E7E37B000
stack
page read and write
16E5DCCA000
heap
page read and write
CDB1EFB000
stack
page read and write
1E524920000
heap
page read and write
2C677E58000
heap
page read and write
16E5D97E000
trusted library allocation
page read and write
2C5F0270000
heap
page read and write
51E76FF000
stack
page read and write
2C5F01D0000
trusted library allocation
page read and write
256DE829000
heap
page read and write
2C5F0202000
heap
page read and write
CDB19BB000
stack
page read and write
2C677E75000
heap
page read and write
16E5848F000
heap
page read and write
25C31413000
heap
page read and write
16E59420000
trusted library section
page readonly
3EED07E000
stack
page read and write
C8DD17F000
stack
page read and write
3EED9FF000
stack
page read and write
25C31470000
heap
page read and write
23802876000
heap
page read and write
1E525080000
trusted library allocation
page read and write
16E5DC8A000
heap
page read and write
16E58525000
heap
page read and write
2C677E5E000
heap
page read and write
F8F11FE000
stack
page read and write
1E525202000
trusted library allocation
page read and write
16E5DAD0000
remote allocation
page read and write
16E5DCFA000
heap
page read and write
2C5F0802000
trusted library allocation
page read and write
51E73FF000
stack
page read and write
25076E13000
heap
page read and write
2C677E66000
heap
page read and write
16E5DA40000
trusted library allocation
page read and write
F8F090B000
stack
page read and write
5E7DE7E000
stack
page read and write
51E71FF000
stack
page read and write
23802913000
heap
page read and write
25076D40000
heap
page read and write
16E5DCF6000
heap
page read and write
256DE852000
heap
page read and write
2C677E7E000
heap
page read and write
2C677F02000
heap
page read and write
CDB1F7E000
stack
page read and write
16E5DD02000
heap
page read and write
3EEDAFF000
stack
page read and write
2380283D000
heap
page read and write
256DE790000
heap
page read and write
16E5D860000
trusted library allocation
page read and write
CDB1C7E000
stack
page read and write
16E5D9A0000
trusted library allocation
page read and write
1E524A28000
heap
page read and write
2C5EFF90000
heap
page read and write
16E58C02000
heap
page read and write
2C677E63000
heap
page read and write
16E59440000
trusted library section
page readonly
C8DCB5E000
stack
page read and write
25C314C3000
heap
page read and write
16E5DCA5000
heap
page read and write
256DE88B000
heap
page read and write
CDB227F000
stack
page read and write
2C677E61000
heap
page read and write
25C314BB000
heap
page read and write
25076DA0000
remote allocation
page read and write
2C677D80000
heap
page read and write
2C677E77000
heap
page read and write
1E5248C0000
heap
page read and write
16E58D00000
heap
page read and write
2C677E64000
heap
page read and write
2C5F0313000
heap
page read and write
25C31D00000
heap
page read and write
16E5DAD0000
remote allocation
page read and write
25C31D32000
heap
page read and write
256DE902000
heap
page read and write
256DE813000
heap
page read and write
2C5F0302000
heap
page read and write
256DE881000
heap
page read and write
16E5DAC0000
trusted library allocation
page read and write
256DE861000
heap
page read and write
256DE847000
heap
page read and write
3EECD9E000
stack
page read and write
C8DD07E000
stack
page read and write
25C31429000
heap
page read and write
25076D70000
trusted library allocation
page read and write
16E58B80000
trusted library section
page read and write
2C677E7B000
heap
page read and write
2380286F000
heap
page read and write
763467D000
stack
page read and write
B56F4FE000
stack
page read and write
256DE800000
heap
page read and write
2C677D70000
heap
page read and write
1E524A13000
heap
page read and write
5E7E17E000
stack
page read and write
16E5DC48000
heap
page read and write
16E59450000
trusted library section
page readonly
16E5DCA2000
heap
page read and write
2C677E2C000
heap
page read and write
16E58D02000
heap
page read and write
2C677DE0000
heap
page read and write
25C314CA000
heap
page read and write
256DE875000
heap
page read and write
3EED177000
stack
page read and write
256DE864000
heap
page read and write
1E524A68000
heap
page read and write
16E58310000
heap
page read and write
1E524A30000
heap
page read and write
25076E29000
heap
page read and write
25C31220000
heap
page read and write
25C31380000
trusted library allocation
page read and write
3EEDBFB000
stack
page read and write
2C677E3C000
heap
page read and write
256DE7C0000
trusted library allocation
page read and write
C8DCADC000
stack
page read and write
51E7AFF000
stack
page read and write
1E524B00000
heap
page read and write
23802829000
heap
page read and write
16E5848D000
heap
page read and write
25076DA0000
remote allocation
page read and write
16E582B0000
heap
page read and write
16E597D0000
trusted library allocation
page read and write
CDB2077000
stack
page read and write
B56F3FC000
stack
page read and write
1E524A80000
heap
page read and write
25C31C02000
heap
page read and write
16E58429000
heap
page read and write
2C677E29000
heap
page read and write
16E58513000
heap
page read and write
2C677E59000
heap
page read and write
763427E000
stack
page read and write
16E5DC52000
heap
page read and write
2C677E67000
heap
page read and write
F8F098E000
stack
page read and write
16E5D991000
trusted library allocation
page read and write
16E5D990000
trusted library allocation
page read and write
16E584AD000
heap
page read and write
16E58D59000
heap
page read and write
3EECD1B000
stack
page read and write
2C677E49000
heap
page read and write
F8F0C7E000
stack
page read and write
76347FD000
stack
page read and write
2C677E13000
heap
page read and write
16E5DAA0000
trusted library allocation
page read and write
2C677E56000
heap
page read and write
2C677E40000
heap
page read and write
51E72FD000
stack
page read and write
16E58471000
heap
page read and write
2C677E60000
heap
page read and write
16E584A5000
heap
page read and write
51E77FF000
stack
page read and write
F8F0E7B000
stack
page read and write
16E59340000
trusted library allocation
page read and write
23802F50000
trusted library allocation
page read and write
763457F000
stack
page read and write
23802813000
heap
page read and write
B56F5FC000
stack
page read and write
1E524B02000
heap
page read and write
51E74FF000
stack
page read and write
CDB1DFC000
stack
page read and write
256DE85E000
heap
page read and write
256DE926000
heap
page read and write
3EED97E000
stack
page read and write
16E59470000
trusted library section
page readonly
1E524B13000
heap
page read and write
16E5DAD0000
trusted library allocation
page read and write
2C677E00000
heap
page read and write
2C677E5A000
heap
page read and write
16E58C15000
heap
page read and write
16E5DC2B000
heap
page read and write
7633F5B000
stack
page read and write
3EED27A000
stack
page read and write
1E524A79000
heap
page read and write
16E5D9B4000
trusted library allocation
page read and write
3EEDDFE000
stack
page read and write
16E5DD02000
heap
page read and write
3EEDCFC000
stack
page read and write
256DE730000
heap
page read and write
2C678540000
trusted library allocation
page read and write
1E524A02000
heap
page read and write
F8F0EFE000
stack
page read and write
51E6D6E000
stack
page read and write
2C5F028E000
heap
page read and write
16E5DA80000
trusted library allocation
page read and write
16E58477000
heap
page read and write
1E524A56000
heap
page read and write
1E524A6D000
heap
page read and write
25076CD0000
heap
page read and write
2C677E41000
heap
page read and write
2380288A000
heap
page read and write
16E5DA90000
trusted library allocation
page read and write
16E5DD07000
heap
page read and write
B56F77D000
stack
page read and write
16E5DC1D000
heap
page read and write
16E58D59000
heap
page read and write
763447F000
stack
page read and write
238027F0000
heap
page read and write
16E58D13000
heap
page read and write
25076E00000
heap
page read and write
23802856000
heap
page read and write
16E5D7E0000
trusted library allocation
page read and write
3EED77F000
stack
page read and write
1E524A40000
heap
page read and write
256DE913000
heap
page read and write
256DE720000
heap
page read and write
25C31502000
heap
page read and write
2380285B000
heap
page read and write
B56F67B000
stack
page read and write
2C5F023C000
heap
page read and write
3EED47F000
stack
page read and write
3EED57B000
stack
page read and write
23802790000
heap
page read and write
256DE85D000
heap
page read and write
2C677E83000
heap
page read and write
16E58BE1000
trusted library allocation
page read and write
2C5EFFA0000
heap
page read and write
16E5D7D0000
trusted library allocation
page read and write
16E5DAB0000
trusted library allocation
page read and write
25076E02000
heap
page read and write
76342FE000
stack
page read and write
76348FF000
stack
page read and write
2C677E5F000
heap
page read and write
2C677E39000
heap
page read and write
16E5843F000
heap
page read and write
16E5D970000
trusted library allocation
page read and write
25C314CC000
heap
page read and write
16E5D850000
trusted library allocation
page read and write
16E5845A000
heap
page read and write
25C31513000
heap
page read and write
2C677E74000
heap
page read and write
16E59460000
trusted library section
page readonly
16E59430000
trusted library section
page readonly
76343FE000
stack
page read and write
16E5DD07000
heap
page read and write
B56F0FD000
stack
page read and write
51E79FF000
stack
page read and write
C8DD27F000
stack
page read and write
2C677E55000
heap
page read and write
16E5DCFF000
heap
page read and write
16E582A0000
heap
page read and write
2C5F0200000
heap
page read and write
F8F0FF7000
stack
page read and write
25C31210000
heap
page read and write
25076CE0000
heap
page read and write
23802800000
heap
page read and write
16E58494000
heap
page read and write
2C677E79000
heap
page read and write
16E58D18000
heap
page read and write
16E58D18000
heap
page read and write
16E5844B000
heap
page read and write
2C5F0288000
heap
page read and write
51E70FA000
stack
page read and write
2C677E32000
heap
page read and write
2C5F0229000
heap
page read and write
16E5DCFC000
heap
page read and write
3EED37A000
stack
page read and write
B56F87F000
stack
page read and write
23802802000
heap
page read and write
23802902000
heap
page read and write
2C677E5C000
heap
page read and write
25076E51000
heap
page read and write
1E524A00000
heap
page read and write
16E5DC5F000
heap
page read and write
5E7E07B000
stack
page read and write
1E5248B0000
heap
page read and write
51E6DED000
stack
page read and write
2C677E57000
heap
page read and write
2C5F0213000
heap
page read and write
16E58A70000
trusted library allocation
page read and write
CDB1CFE000
stack
page read and write
B56F97C000
stack
page read and write
CDB217F000
stack
page read and write
51E6CEB000
stack
page read and write
256DE900000
heap
page read and write
B56F07E000
stack
page read and write
16E5DD08000
heap
page read and write
16E584FC000
heap
page read and write
23802780000
heap
page read and write
16E5DC12000
heap
page read and write
16E5DD00000
heap
page read and write
2C678602000
trusted library allocation
page read and write
3EED7FE000
stack
page read and write
B56EDBC000
stack
page read and write
2C677E51000
heap
page read and write
16E5D9B0000
trusted library allocation
page read and write
2C677E69000
heap
page read and write
256DE83C000
heap
page read and write
2C677E62000
heap
page read and write
16E597C0000
trusted library allocation
page read and write
16E5DCE5000
heap
page read and write
F8F10FE000
stack
page read and write
16E5D994000
trusted library allocation
page read and write
23803002000
trusted library allocation
page read and write
There are 327 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://bafybeig37wwrvtsvltcqcglmjnuplpbljy7kqbu6zdtjuxe7r47omdml3i.ipfs.nftstorage.link/#lmontano@pearlholding.com
 malicious