Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1756,i,10925641725665325173,17014867566041337004,131072
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.evernote.com/shard/s601/sh/37d985c2-2862-575c-145e-8cd169549bc8/518d16a0d112c168ac6c447977a15cc1
|
 |
||
|
https://dashboard.svc.www.evernote.com/app/nv/vendors~main.09d176dfea5b9d297bca.js
|
35.190.3.250
|
||
|
https://www.evernote.com/shard/s601/client/snv?noteGuid=37d985c2-2862-575c-145e-8cd169549bc8¬eKey=518d16a0d112c168ac6c447977a15cc1&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs601%2Fsh%2F37d985c2-2862-575c-145e-8cd169549bc8%2F518d16a0d112c168ac6c447977a15cc1&title=County%2Bof%2BMarin
|
|||
|
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-285778-5&cid=1730784748.1662015276&jid=977121300&gjid=22908043&_gid=1073886468.1662015276&_u=YGBAgEABAAAAAE~&z=652291387
|
142.250.145.156
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/icons-1ec2b385e995168bc5bb4934b116d4a6/favicon.ico
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked@2x.c3c4ff13b71dfbc14ef9a45a561a92a2.png
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked.176215f068a388a063888b3512d0a1a4.png
|
35.190.3.250
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.203.109
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked.7590e8cd2c641835fc28e0b773603bba.png
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-450b2463e5.css
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked.8aea89f504987c4f067bc6a76ef46aee.png
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked@2x.87213c0ded0782f6022161f7d871234a.png
|
35.190.3.250
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
216.58.215.238
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.8df7565ed507240152c9.css
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/main.7df2ea8aefc64dfe7f5f.js
|
35.190.3.250
|
||
|
https://www.evernote.com/shard/s601/client/snv/ce
|
|||
|
https://dashboard.svc.www.evernote.com/app/nv/en.9677374f5226e3503d72.js
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked.ed4d0e5dfd5dea7b3ca2d0009433c527.png
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-001e22adb7.js
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.3f5a792446497fedcefe.js
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked@2x.16dd62aafb400734f63f9359d38353b5.png
|
35.190.3.250
|
||
|
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked@2x.11f80f43dc76ab8d3830eb04f348a2d7.png
|
35.190.3.250
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
142.250.203.109
|
||
|
stats.l.doubleclick.net
|
142.250.145.156
|
||
|
dashboard.svc.www.evernote.com
|
35.190.3.250
|
||
|
www.google.com
|
142.250.203.100
|
||
|
clients.l.google.com
|
216.58.215.238
|
||
|
clients2.google.com
|
unknown
|
||
|
www.evernote.com
|
unknown
|
||
|
stats.g.doubleclick.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
216.58.215.238
|
clients.l.google.com
|
United States
|
||
|
142.250.203.100
|
www.google.com
|
United States
|
||
|
142.250.145.156
|
stats.l.doubleclick.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
35.190.3.250
|
dashboard.svc.www.evernote.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
142.250.203.109
|
accounts.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
There are 39 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D695D7B000
|
stack
|
page read and write
|
||
|
29CE2202000
|
heap
|
page read and write
|
||
|
1BC85B80000
|
trusted library allocation
|
page read and write
|
||
|
29CE19F0000
|
heap
|
page read and write
|
||
|
210567E000
|
stack
|
page read and write
|
||
|
29598632000
|
heap
|
page read and write
|
||
|
29598661000
|
heap
|
page read and write
|
||
|
2959863B000
|
heap
|
page read and write
|
||
|
216757A0000
|
trusted library allocation
|
page read and write
|
||
|
128117F000
|
stack
|
page read and write
|
||
|
ED35CFC000
|
stack
|
page read and write
|
||
|
29CE1ACF000
|
heap
|
page read and write
|
||
|
17AD67E000
|
stack
|
page read and write
|
||
|
29CE1A88000
|
heap
|
page read and write
|
||
|
1E6B9C29000
|
heap
|
page read and write
|
||
|
1BC86627000
|
heap
|
page read and write
|
||
|
1E6B9D02000
|
heap
|
page read and write
|
||
|
ED35DFB000
|
stack
|
page read and write
|
||
|
2959865A000
|
heap
|
page read and write
|
||
|
21675800000
|
heap
|
page read and write
|
||
|
226C3613000
|
heap
|
page read and write
|
||
|
ED3588B000
|
stack
|
page read and write
|
||
|
226C3713000
|
heap
|
page read and write
|
||
|
2734943C000
|
heap
|
page read and write
|
||
|
40BAFFB000
|
stack
|
page read and write
|