IOC Report
https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1756,i,10925641725665325173,17014867566041337004,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1

URLs

Name
IP
Malicious
https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1
malicious
https://dashboard.svc.www.evernote.com/app/nv/vendors~main.09d176dfea5b9d297bca.js
35.190.3.250
https://www.evernote.com/shard/s601/client/snv?noteGuid=37d985c2-2862-575c-145e-8cd169549bc8&noteKey=518d16a0d112c168ac6c447977a15cc1&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs601%2Fsh%2F37d985c2-2862-575c-145e-8cd169549bc8%2F518d16a0d112c168ac6c447977a15cc1&title=County%2Bof%2BMarin
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-285778-5&cid=1730784748.1662015276&jid=977121300&gjid=22908043&_gid=1073886468.1662015276&_u=YGBAgEABAAAAAE~&z=652291387
142.250.145.156
https://dashboard.svc.www.evernote.com/app/nv/icons-1ec2b385e995168bc5bb4934b116d4a6/favicon.ico
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked@2x.c3c4ff13b71dfbc14ef9a45a561a92a2.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked.176215f068a388a063888b3512d0a1a4.png
35.190.3.250
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.203.109
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked.7590e8cd2c641835fc28e0b773603bba.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-450b2463e5.css
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked.8aea89f504987c4f067bc6a76ef46aee.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked@2x.87213c0ded0782f6022161f7d871234a.png
35.190.3.250
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
216.58.215.238
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.8df7565ed507240152c9.css
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/main.7df2ea8aefc64dfe7f5f.js
35.190.3.250
https://www.evernote.com/shard/s601/client/snv/ce
https://dashboard.svc.www.evernote.com/app/nv/en.9677374f5226e3503d72.js
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked.ed4d0e5dfd5dea7b3ca2d0009433c527.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-001e22adb7.js
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.3f5a792446497fedcefe.js
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked@2x.16dd62aafb400734f63f9359d38353b5.png
35.190.3.250
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked@2x.11f80f43dc76ab8d3830eb04f348a2d7.png
35.190.3.250
There are 11 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
accounts.google.com
142.250.203.109
stats.l.doubleclick.net
142.250.145.156
dashboard.svc.www.evernote.com
35.190.3.250
www.google.com
142.250.203.100
clients.l.google.com
216.58.215.238
clients2.google.com
unknown
www.evernote.com
unknown
stats.g.doubleclick.net
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
216.58.215.238
clients.l.google.com
United States
142.250.203.100
www.google.com
United States
142.250.145.156
stats.l.doubleclick.net
United States
239.255.255.250
unknown
Reserved
35.190.3.250
dashboard.svc.www.evernote.com
United States
127.0.0.1
unknown
unknown
142.250.203.109
accounts.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 39 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
D695D7B000
stack
page read and write
29CE2202000
heap
page read and write
1BC85B80000
trusted library allocation
page read and write
29CE19F0000
heap
page read and write
210567E000
stack
page read and write
29598632000
heap
page read and write
29598661000
heap
page read and write
2959863B000
heap
page read and write
216757A0000
trusted library allocation
page read and write
128117F000
stack
page read and write
ED35CFC000
stack
page read and write
29CE1ACF000
heap
page read and write
17AD67E000
stack
page read and write
29CE1A88000
heap
page read and write
1E6B9C29000
heap
page read and write
1BC86627000
heap
page read and write
1E6B9D02000
heap
page read and write
ED35DFB000
stack
page read and write
2959865A000
heap
page read and write
21675800000
heap
page read and write
226C3613000
heap
page read and write
ED3588B000
stack
page read and write
226C3713000
heap
page read and write
2734943C000
heap
page read and write
40BAFFB000
stack
page read and write
17AD77F000
stack
page read and write
1280B7F000
stack
page read and write
17AD14B000
stack
page read and write
21675902000
heap
page read and write
1E6B9C1F000
heap
page read and write
1BC85C00000
heap
page read and write
1BC85C70000
heap
page read and write
17AD1CF000
stack
page read and write
40BB0FB000
stack
page read and write
29CE1A69000
heap
page read and write
216756A0000
heap
page read and write
40BB2FF000
stack
page read and write
27349447000
heap
page read and write
29CE2339000
heap
page read and write
D695AFB000
stack
page read and write
21057FA000
stack
page read and write
D29711B000
stack
page read and write
D2975FE000
stack
page read and write
29598600000
heap
page read and write
1BC86543000
heap
page read and write
2105AFE000
stack
page read and write
226C3E02000
trusted library allocation
page read and write
21675869000
heap
page read and write
1D8F7380000
heap
page read and write
D6953BC000
stack
page read and write
1BC8656F000
heap
page read and write
1BC85C2A000
heap
page read and write
1BC86502000
heap
page read and write
F7DABAB000
stack
page read and write
2959865C000
heap
page read and write
226C3702000
heap
page read and write
226C368B000
heap
page read and write
ED3590E000
stack
page read and write
1280E7F000
stack
page read and write
2167583C000
heap
page read and write
27349400000
heap
page read and write
1E6B9C64000
heap
page read and write
1D8F7402000
heap
page read and write
1BC85DE5000
heap
page read and write
2167586C000
heap
page read and write
226C3679000
heap
page read and write
29598668000
heap
page read and write
2167587E000
heap
page read and write
1BC85DB9000
heap
page read and write
17AD8FF000
stack
page read and write
D69597F000
stack
page read and write
1D8F7502000
heap
page read and write
27349C02000
trusted library allocation
page read and write
1D8F7400000
heap
page read and write
226C3600000
heap
page read and write
29598664000
heap
page read and write
40BB1F7000
stack
page read and write
2105B7F000
stack
page read and write
D2978FF000
stack
page read and write
1BC85C8A000
heap
page read and write
29598662000
heap
page read and write
29CE2314000
heap
page read and write
1E6BA402000
trusted library allocation
page read and write
1E6B9BA0000
trusted library allocation
page read and write
1280F7F000
stack
page read and write
27349429000
heap
page read and write
29598626000
heap
page read and write
29598685000
heap
page read and write
1BC86554000
heap
page read and write
226C363C000
heap
page read and write
226C3540000
heap
page read and write
F7DB1F9000
stack
page read and write
D695E7E000
stack
page read and write
29598480000
heap
page read and write
226C3649000
heap
page read and write
40BAEFF000
stack
page read and write
29598642000
heap
page read and write
1E6B9C00000
heap
page read and write
128097D000
stack
page read and write
17AD9FD000
stack
page read and write
1BC85A20000
heap
page read and write
27349413000
heap
page read and write
1BC85C22000
heap
page read and write
21675640000
heap
page read and write
1E6B9A40000
heap
page read and write
1BC85C3C000
heap
page read and write
F7DB3FE000
stack
page read and write
21675913000
heap
page read and write
29CE2150000
trusted library allocation
page read and write
ED3607E000
stack
page read and write
1BC85C77000
heap
page read and write
ED35EF7000
stack
page read and write
226C35D0000
trusted library allocation
page read and write
1E6B9C13000
heap
page read and write
1BC86602000
heap
page read and write
226C3700000
heap
page read and write
295984E0000
heap
page read and write
29598670000
heap
page read and write
226C35A0000
heap
page read and write
17AD5FE000
stack
page read and write
27349402000
heap
page read and write
21675630000
heap
page read and write
1E6B9D13000
heap
page read and write
21675813000
heap
page read and write
D2977FE000
stack
page read and write
1BC85C43000
heap
page read and write
1D8F7429000
heap
page read and write
1BC85C5E000
heap
page read and write
226C3670000
heap
page read and write
226C3622000
heap
page read and write
273493A0000
trusted library allocation
page read and write
29598663000
heap
page read and write
27349452000
heap
page read and write
21675862000
heap
page read and write
128107F000
stack
page read and write
226C3652000
heap
page read and write
ED3617F000
stack
page read and write
2959866E000
heap
page read and write
29598702000
heap
page read and write
29598658000
heap
page read and write
128067B000
stack
page read and write
27349250000
heap
page read and write
21675926000
heap
page read and write
1BC85C13000
heap
page read and write
226C3684000
heap
page read and write
2167585C000
heap
page read and write
2167586B000
heap
page read and write
1BC86623000
heap
page read and write
29CE1A13000
heap
page read and write
21675888000
heap
page read and write
D69607E000
stack
page read and write
D695A7E000
stack
page read and write
1E6B9AA0000
heap
page read and write
1BC86630000
heap
page read and write
2959866C000
heap
page read and write
226C364E000
heap
page read and write
D6957FB000
stack
page read and write
1BC86500000
heap
page read and write
1E6B9C75000
heap
page read and write
29CE1980000
heap
page read and write
21675829000
heap
page read and write
1D8F7B80000
remote allocation
page read and write
40BAB8B000
stack
page read and write
1BC85C2C000
heap
page read and write
40BB3FE000
stack
page read and write
29598646000
heap
page read and write
1BC85C90000
heap
page read and write
2959863D000
heap
page read and write
1BC865C1000
heap
page read and write
F7DAFFE000
stack
page read and write
2959866A000
heap
page read and write
29CE1A29000
heap
page read and write
1E6B9A30000
heap
page read and write
27349449000
heap
page read and write
D2976FE000
stack
page read and write
226C3530000
heap
page read and write
1D8F7C02000
trusted library allocation
page read and write
1BC86600000
heap
page read and write
29598657000
heap
page read and write
1E6B9C5A000
heap
page read and write
226C3629000
heap
page read and write
21058FF000
stack
page read and write
29CE1990000
heap
page read and write
21675860000
heap
page read and write
1D8F73F0000
heap
page read and write
1D8F7B80000
remote allocation
page read and write
1280D7F000
stack
page read and write
1BC85C5C000
heap
page read and write
21675864000
heap
page read and write
27349240000
heap
page read and write
1BC85BA0000
trusted library allocation
page read and write
29598675000
heap
page read and write
29CE1A00000
heap
page read and write
29CE2300000
heap
page read and write
29598645000
heap
page read and write
1BC85C79000
heap
page read and write
2734942F000
heap
page read and write
29598640000
heap
page read and write
D695BFE000
stack
page read and write
226C3708000
heap
page read and write
1BC85A80000
heap
page read and write
2167585B000
heap
page read and write
D695F7C000
stack
page read and write
1D8F7B80000
remote allocation
page read and write
1E6B9C3C000
heap
page read and write
29598647000
heap
page read and write
2734943E000
heap
page read and write
29598676000
heap
page read and write
1D8F7413000
heap
page read and write
226C3650000
heap
page read and write
1BC85C86000
heap
page read and write
ED35F7F000
stack
page read and write
27349437000
heap
page read and write
21675859000
heap
page read and write
F7DB0FC000
stack
page read and write
226C3651000
heap
page read and write
128087A000
stack
page read and write
ED3598E000
stack
page read and write
1BC85D8E000
heap
page read and write
29CE1ABE000
heap
page read and write
1BC85C92000
heap
page read and write
226C364B000
heap
page read and write
21675908000
heap
page read and write
21059FA000
stack
page read and write
21676002000
trusted library allocation
page read and write
1BC86613000
heap
page read and write
2959865F000
heap
page read and write
1BC865B0000
heap
page read and write
1BC86522000
heap
page read and write
1BC85A10000
heap
page read and write
29598644000
heap
page read and write
1BC865CC000
heap
page read and write
2734944D000
heap
page read and write
29598E02000
trusted library allocation
page read and write
29CE1A3E000
heap
page read and write
226C364D000
heap
page read and write
1D8F7390000
heap
page read and write
1BC85D13000
heap
page read and write
210577C000
stack
page read and write
295985E0000
trusted library allocation
page read and write
40BAE7F000
stack
page read and write
D695C7B000
stack
page read and write
21675867000
heap
page read and write
29598613000
heap
page read and write
1BC865BC000
heap
page read and write
226C364A000
heap
page read and write
29598641000
heap
page read and write
29CE1B13000
heap
page read and write
1D8F7B50000
trusted library allocation
page read and write
2959867E000
heap
page read and write
F7DB2FE000
stack
page read and write
29598665000
heap
page read and write
29CE1A71000
heap
page read and write
29598659000
heap
page read and write
1E6B9C02000
heap
page read and write
273492A0000
heap
page read and write
2959867F000
heap
page read and write
1280A7E000
stack
page read and write
1D8F7440000
heap
page read and write
29CE1B02000
heap
page read and write
2105BFF000
stack
page read and write
2959864E000
heap
page read and write
210557A000
stack
page read and write
29598470000
heap
page read and write
40BB4FF000
stack
page read and write
D29719E000
stack
page read and write
1BC86590000
heap
page read and write
17ADAFD000
stack
page read and write
29CE1ACD000
heap
page read and write
27349454000
heap
page read and write
1BC86522000
heap
page read and write
1BC85C65000
heap
page read and write
21675900000
heap
page read and write
210516B000
stack
page read and write
27349502000
heap
page read and write
1BC86402000
heap
page read and write
1E6B9C70000
heap
page read and write
1BC85C69000
heap
page read and write
29CE1ADF000
heap
page read and write
1280C7D000
stack
page read and write
17AD87D000
stack
page read and write
29598660000
heap
page read and write
2959862A000
heap
page read and write
1D8F7458000
heap
page read and write
D29747E000
stack
page read and write
2959867C000
heap
page read and write
There are 276 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.evernote.com/shard/s601/client/snv?noteGuid=37d985c2-2862-575c-145e-8cd169549bc8&noteKey=518d16a0d112c168ac6c447977a15cc1&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs601%2Fsh%2F37d985c2-2862-575c-145e-8cd169549bc8%2F518d16a0d112c168ac6c447977a15cc1&title=County%2Bof%2BMarin
https://www.evernote.com/shard/s601/client/snv/ce