IOC Report
https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\11cb7930-bbe1-4640-886e-fa22ba519cfc.tmp
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\Downloads\message.html (copy)
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\Downloads\message.html.crdownload
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1792,i,12639697223929511104,9217918321184502464,131072 /prefetch:8

URLs

Name
IP
Malicious
https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1
malicious
file:///C:/Users/user/Downloads/message.html
malicious
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
172.217.16.205
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked.7590e8cd2c641835fc28e0b773603bba.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-450b2463e5.css
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.8df7565ed507240152c9.css
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/main.7df2ea8aefc64dfe7f5f.js
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-001e22adb7.js
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked@2x.16dd62aafb400734f63f9359d38353b5.png
35.190.3.250
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-285778-5&cid=945071781.1661982799&jid=1442971979&gjid=383102579&_gid=83092774.1661982799&_u=YGBAgEABAAAAAE~&z=84565900
74.125.140.154
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked@2x.11f80f43dc76ab8d3830eb04f348a2d7.png
35.190.3.250
https://www.google.com/chrome/
unknown
https://dashboard.svc.www.evernote.com/app/nv/vendors~main.09d176dfea5b9d297bca.js
35.190.3.250
https://www.evernote.com/shard/s601/client/snv?noteGuid=37d985c2-2862-575c-145e-8cd169549bc8&noteKey=518d16a0d112c168ac6c447977a15cc1&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs601%2Fsh%2F37d985c2-2862-575c-145e-8cd169549bc8%2F518d16a0d112c168ac6c447977a15cc1&title=County%2Bof%2BMarin
https://dashboard.svc.www.evernote.com/app/nv/icons-1ec2b385e995168bc5bb4934b116d4a6/favicon.ico
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked@2x.c3c4ff13b71dfbc14ef9a45a561a92a2.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked.176215f068a388a063888b3512d0a1a4.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked.8aea89f504987c4f067bc6a76ef46aee.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked@2x.87213c0ded0782f6022161f7d871234a.png
35.190.3.250
https://www.evernote.com/shard/s601/client/snv/ce
https://wtrt62.glitch.me/styles.23802016.css
35.168.242.161
https://dashboard.svc.www.evernote.com/app/nv/en.9677374f5226e3503d72.js
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked.ed4d0e5dfd5dea7b3ca2d0009433c527.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.3f5a792446497fedcefe.js
35.190.3.250
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.186.78
https://wnntrucking.net/wp-includes/js/css/89hhdis.php
68.65.122.75
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
wtrt62.glitch.me
35.168.242.161
wnntrucking.net
68.65.122.75
accounts.google.com
172.217.16.205
stats.l.doubleclick.net
74.125.140.154
dashboard.svc.www.evernote.com
35.190.3.250
www.google.com
172.217.16.132
auth-cloudfront.prod.ims.adobejanus.com
18.66.248.14
clients.l.google.com
142.250.186.78
use.typekit.net
unknown
clients2.google.com
unknown
content.evernote.com
unknown
www.evernote.com
unknown
stats.g.doubleclick.net
unknown
cdn.glitch.global
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.186.78
clients.l.google.com
United States
142.250.185.68
unknown
United States
192.168.2.1
unknown
unknown
172.217.16.205
accounts.google.com
United States
68.65.122.75
wnntrucking.net
United States
35.168.242.161
wtrt62.glitch.me
United States
74.125.140.154
stats.l.doubleclick.net
United States
18.66.248.14
auth-cloudfront.prod.ims.adobejanus.com
United States
239.255.255.250
unknown
Reserved
35.190.3.250
dashboard.svc.www.evernote.com
United States
127.0.0.1
unknown
unknown
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-2660496737-530772487-1027249058-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-2660496737-530772487-1027249058-1002
There are 35 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1FA95240000
heap
page read and write
1D4A7379000
heap
page read and write
1D83EA5D000
heap
page read and write
1D4A7408000
heap
page read and write
1D4A742D000
heap
page read and write
1D4A7C76000
heap
page read and write
21481002000
trusted library allocation
page read and write
1D83EA5B000
heap
page read and write
1ECC6281000
heap
page read and write
16350677000
heap
page read and write
15F5F4F0000
trusted library allocation
page read and write