IOC Report
https://amigodepatasbh.com.br/ff

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1732,i,8218220987001890426,18157507330322035723,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://amigodepatasbh.com.br/ff

URLs

Name
IP
Malicious
https://amigodepatasbh.com.br/ff
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.203.110
https://amigodepatasbh.com.br/ff
https://amigodepatasbh.com.br/ff
108.179.193.164
https://amigodepatasbh.com.br/cgi-sys/js/jquery-1.11.2.min.js
108.179.193.164
https://amigodepatasbh.com.br/cgi-sys/images/logo-403-page.png
108.179.193.164
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.203.109
https://amigodepatasbh.com.br/cgi-sys/images/favicon.png
108.179.193.164

Domains

Name
IP
Malicious
accounts.google.com
142.250.203.109
amigodepatasbh.com.br
108.179.193.164
www.google.com
142.250.203.100
clients.l.google.com
142.250.203.110
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.203.100
www.google.com
United States
108.179.193.164
amigodepatasbh.com.br
United States
142.250.203.110
clients.l.google.com
United States
127.0.0.1
unknown
unknown
142.250.203.109
accounts.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 44 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1B31E463000
heap
page read and write
1B31E442000
heap
page read and write
1B389E02000
trusted library allocation
page read and write
558657E000
stack
page read and write
557978E000
stack
page read and write
1B31E47C000
heap
page read and write
23B8A102000
heap
page read and write
502E97A000
stack
page read and write
1C451A00000
heap
page read and write
2B0F00A0000
heap
page read and write
23B8A0BB000
heap
page read and write
1FFB5C02000
heap
page read and write
502E879000
stack
page read and write
1B31E429000
heap
page read and write
1FFB6402000
trusted library allocation
page read and write
23B8A0CC000
heap
page read and write
502E77F000
stack
page read and write
CB0597F000
stack
page read and write
2B0F0B00000
heap
page read and write
2B0F0E23000
heap
page read and write
18BA4BF0000
remote allocation
page read and write
22B68A76000
heap
page read and write
558647C000
stack
page read and write
2B0F0283000
heap
page read and write
55866FF000
stack
page read and write
7B2A7FF000
stack
page read and write
1B389664000
heap
page read and write
229D51C000
stack
page read and write
1FFB5A10000
heap
page read and write
1B31E290000
heap
page read and write
1FFB5A70000
heap
page read and write
F1EBAFB000
stack
page read and write
2B0F0B43000
heap
page read and write
2B0F0110000
heap
page read and write
1C451D02000
heap
page read and write
229DEFC000
stack
page read and write
1FFB5B70000
trusted library allocation
page read and write
18BA4C4B000
heap
page read and write
2B0F028A000
heap
page read and write
2B0F0E13000
heap
page read and write
1FFB5BA0000
remote allocation
page read and write
2B0F023C000
heap
page read and write
557968C000
stack
page read and write
1C4519F0000
heap
page read and write
5586AFD000
stack
page read and write
1C451C02000
heap
page read and write
1B389677000
heap
page read and write
22B68990000
trusted library allocation
page read and write
1B31E475000
heap
page read and write
1B31E47E000
heap
page read and write
2B0F0B54000
heap
page read and write
55864FE000
stack
page read and write
5579C7E000
stack
page read and write
1B389600000
heap
page read and write
2B0F00B0000
heap
page read and write
18BA4C8E000
heap
page read and write
1B31E440000
heap
page read and write
CB052FA000
stack
page read and write
CB058FE000
stack
page read and write
F1EC77E000
stack
page read and write
1B31E44F000
heap
page read and write
1B31E44B000
heap
page read and write
1B31E432000
heap
page read and write
23B89FD0000
trusted library allocation
page read and write
1B31E42D000
heap
page read and write
2B0F0BC8000
heap
page read and write
50F957D000
stack
page read and write
229D97C000
stack
page read and write
1B31E502000
heap
page read and write
1B389602000
heap
page read and write
1B31E43D000
heap
page read and write
22B69202000
trusted library allocation
page read and write
1B31E456000
heap
page read and write
23B8A013000
heap
page read and write
CB059FF000
stack
page read and write
22B68A29000
heap
page read and write
229DFFF000
stack
page read and write
1B31E448000
heap
page read and write
18BA4BF0000
remote allocation
page read and write
18BA4C8F000
heap
page read and write
18BA4C00000
heap
page read and write
23B8A06E000
heap
page read and write
23B8A900000
heap
page read and write
229DBFE000
stack
page read and write
1B31E462000
heap
page read and write
18BA4C9F000
heap
page read and write
2B0F0243000
heap
page read and write
229DAFF000
stack
page read and write
5579D7F000
stack
page read and write
18BA4D02000
heap
page read and write
F1EC1FC000
stack
page read and write
50F967E000
stack
page read and write
1B31E439000
heap
page read and write
18BA4C3D000
heap
page read and write
1B31E46A000
heap
page read and write
2B0F0E30000
heap
page read and write
1C451C29000
heap
page read and write
1B31E450000
heap
page read and write
2B0F0B8F000
heap
page read and write
23B89E70000
heap
page read and write
22B68890000
heap
page read and write
18BA4B40000
trusted library allocation
page read and write
1B31E445000
heap
page read and write
2B0F03E5000
heap
page read and write
CB04F8E000
stack
page read and write
7B2A8FB000
stack
page read and write
1B31E413000
heap
page read and write
5586BFF000
stack
page read and write
558687F000
stack
page read and write
50F997F000
stack
page read and write
22B68820000
heap
page read and write
1C451C3D000
heap
page read and write
23B8A087000
heap
page read and write
CB0587F000
stack
page read and write
CB0567E000
stack
page read and write
1B31E42E000
heap
page read and write
18BA4C5D000
heap
page read and write
1B31E3F0000
trusted library allocation
page read and write
50F8D3B000
stack
page read and write
1B389654000
heap
page read and write
18BA4B20000
trusted library allocation
page read and write
7B2A1FC000
stack
page read and write
CB04E8B000
stack
page read and write
50F917B000
stack
page read and write
1B389560000
trusted library allocation
page read and write
2B0F0291000
heap
page read and write
50F937C000
stack
page read and write
CB04F0E000
stack
page read and write
558677E000
stack
page read and write
2B0F09D0000
trusted library allocation
page read and write
2B0F0200000
heap
page read and write
1B31E44E000
heap
page read and write
1B31E449000
heap
page read and write
5586C7F000
stack
page read and write
2B0F028E000
heap
page read and write
23B8A023000
heap
page read and write
18BA4D18000
heap
page read and write
23B89E60000
heap
page read and write
1FFB5A00000
heap
page read and write
18BA4D00000
heap
page read and write
1B389460000
heap
page read and write
1B31E43A000
heap
page read and write
18BA4BF0000
remote allocation
page read and write
2B0F0E02000
heap
page read and write
1B31E280000
heap
page read and write
2B0F0275000
heap
page read and write
23B8A802000
heap
page read and write
1B389679000
heap
page read and write
22B68B13000
heap
page read and write
F1EC07E000
stack
page read and write
1B31E430000
heap
page read and write
2B0F0BB0000
heap
page read and write
1B31E447000
heap
page read and write
1B31E465000
heap
page read and write
502E35C000
stack
page read and write
18BA4A20000
heap
page read and write
1B389400000
heap
page read and write
1B31E444000
heap
page read and write
2B0F0313000
heap
page read and write
18BA4C5B000
heap
page read and write
2B0F0E00000
heap
page read and write
2B0F0A02000
heap
page read and write
18BA4B70000
trusted library allocation
page read and write
1B389700000
heap
page read and write
2B0F03B9000
heap
page read and write
229DCFF000
stack
page read and write
CB053FF000
stack
page read and write
CB0577A000
stack
page read and write
18BA49B0000
heap
page read and write
1C451B50000
trusted library allocation
page read and write
18BA6602000
trusted library allocation
page read and write
1B31E400000
heap
page read and write
22B68B02000
heap
page read and write
18BA4C4D000
heap
page read and write
7B2A6FB000
stack
page read and write
22B68A41000
heap
page read and write
18BA4D13000
heap
page read and write
23B89ED0000
heap
page read and write
1B31E46E000
heap
page read and write
2B0F0B22000
heap
page read and write
1B31E464000
heap
page read and write
1B31EC02000
trusted library allocation
page read and write
1C451C53000
heap
page read and write
50F9A7F000
stack
page read and write
23B8A0E1000
heap
page read and write
F1EC57E000
stack
page read and write
1B38963C000
heap
page read and write
2B0F09B0000
trusted library allocation
page read and write
1FFB5C29000
heap
page read and write
1C451C30000
heap
page read and write
F1EC2FC000
stack
page read and write
18BA4C68000
heap
page read and write
1B31E485000
heap
page read and write
50F927F000
stack
page read and write
1C451C13000
heap
page read and write
1B31E470000
heap
page read and write
2B0F038E000
heap
page read and write
1FFB5C5E000
heap
page read and write
229DDFC000
stack
page read and write
18BA49C0000
heap
page read and write
F1EC47D000
stack
page read and write
22B68830000
heap
page read and write
1B31E441000
heap
page read and write
23B8A044000
heap
page read and write
22B68A02000
heap
page read and write
F1EC37B000
stack
page read and write
50F947F000
stack
page read and write
2B0F0229000
heap
page read and write
23B8A000000
heap
page read and write
1B31E432000
heap
page read and write
1B389628000
heap
page read and write
2B0F0B6D000
heap
page read and write
2B0F0BBC000
heap
page read and write
1B31E476000
heap
page read and write
1B389613000
heap
page read and write
1C451A50000
heap
page read and write
1FFB5C00000
heap
page read and write
18BA4BB0000
trusted library allocation
page read and write
23B8A0C2000
heap
page read and write
18BA4C2A000
heap
page read and write
1FFB5C40000
heap
page read and write
55869FF000
stack
page read and write
50F977F000
stack
page read and write
557970E000
stack
page read and write
1B31E439000
heap
page read and write
2B0F0243000
heap
page read and write
1B389713000
heap
page read and write
50F987E000
stack
page read and write
1B31E47F000
heap
page read and write
23B8A113000
heap
page read and write
1C451C00000
heap
page read and write
1FFB5D02000
heap
page read and write
2B0F0254000
heap
page read and write
1B31E460000
heap
page read and write
558697D000
stack
page read and write
22B68A5B000
heap
page read and write
1C452402000
trusted library allocation
page read and write
2B0F0257000
heap
page read and write
18BA4C13000
heap
page read and write
2B0F0268000
heap
page read and write
23B8A932000
heap
page read and write
1FFB5BA0000
remote allocation
page read and write
2B0F0213000
heap
page read and write
5579E7E000
stack
page read and write
CB05579000
stack
page read and write
7B2A9FF000
stack
page read and write
1FFB5BA0000
remote allocation
page read and write
22B68A00000
heap
page read and write
1FFB5C13000
heap
page read and write
2B0F0B02000
heap
page read and write
2B0F0E27000
heap
page read and write
CB054FB000
stack
page read and write
1B3893F0000
heap
page read and write
2B0F0B22000
heap
page read and write
22B68A13000
heap
page read and write
F1EBEFC000
stack
page read and write
1B31E446000
heap
page read and write
1B31E468000
heap
page read and write
502EA7E000
stack
page read and write
23B8A029000
heap
page read and write
5579B7E000
stack
page read and write
1B389702000
heap
page read and write
F1EC17F000
stack
page read and write
F1EC67C000
stack
page read and write
1B31E46C000
heap
page read and write
1B31E461000
heap
page read and write
2B0F0273000
heap
page read and write
1B31E2F0000
heap
page read and write
1C451C3B000
heap
page read and write
There are 259 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://amigodepatasbh.com.br/ff