IOC Report
http://nero-massage.shop

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1812,i,3518441739163221011,6637184233728530685,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nero-massage.shop

URLs

Name
IP
Malicious
http://nero-massage.shop
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.203.110
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
172.217.168.45
http://nero-massage.shop/favicon.ico
212.192.218.253
http://nero-massage.shop/
212.192.218.253

Domains

Name
IP
Malicious
accounts.google.com
172.217.168.45
nero-massage.shop
212.192.218.253
www.google.com
172.217.168.36
clients.l.google.com
142.250.203.110
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
172.217.168.68
unknown
United States
172.217.168.45
accounts.google.com
United States
192.168.2.1
unknown
unknown
172.217.168.36
www.google.com
United States
239.255.255.250
unknown
Reserved
142.250.203.110
clients.l.google.com
United States
212.192.218.253
nero-massage.shop
Russian Federation
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 44 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
66AF7FE000
stack
page read and write
CFAA57A000
stack
page read and write
1F6634C6000
heap
page read and write
210251AF000
heap
page read and write
16EB5270000
heap
page read and write
3104FF000
stack
page read and write
21025430000
heap
page read and write
1EDE4813000
heap
page read and write
72BC97E000
stack
page read and write
1EDE4889000
heap
page read and write
1F6634E2000
heap
page read and write
1961CE02000
heap
page read and write
21024A67000
heap
page read and write
226E1E29000
heap
page read and write
4E145FB000
stack
page read and write
BFA0ECB000
stack
page read and write
21024A58000
heap
page read and write
21FBDA5E000
heap
page read and write
BF992FF000
stack
page read and write
295587E000
stack
page read and write
4E149FD000
stack
page read and write
21FBDA60000
heap
page read and write
4E141CB000
stack
page read and write
18DC5E00000
heap
page read and write
31047E000
stack
page read and write
31077D000
stack
page read and write
21024FC0000
trusted library allocation
page read and write
295512E000
stack
page read and write
16EB5286000
heap
page read and write
18DC5D50000
heap
page read and write
1F66346E000
heap
page read and write
1961D602000
trusted library allocation
page read and write
CFAA8FE000
stack
page read and write
1EDE4690000
heap
page read and write
21FBD940000
heap
page read and write
31027C000
stack
page read and write
16EB5213000
heap
page read and write
1F663D00000
heap
page read and write
21FBDA5E000
heap
page read and write
BF997FE000
stack
page read and write
4E14BFF000
stack
page read and write
1EDE4847000
heap
page read and write
4E14AFE000
stack
page read and write
1EDE4848000
heap
page read and write
16EB5A02000
trusted library allocation
page read and write
226E1E13000
heap
page read and write
1F66348A000
heap
page read and write
3109FF000
stack
page read and write
226E1DF0000
trusted library allocation
page read and write
21FBDA39000
heap
page read and write
18DC6602000
trusted library allocation
page read and write
BFA0FCE000
stack
page read and write
18DC5F02000
heap
page read and write
16EB5140000
heap
page read and write
1EDE6400000
trusted library allocation
page read and write
1EDE4858000
heap
page read and write
18DC5E13000
heap
page read and write
226E1E00000
heap
page read and write
1F6632B0000
heap
page read and write
21024A52000
heap
page read and write
CFA9DBB000
stack
page read and write
1EDE4864000
heap
page read and write
BFA0F4F000
stack
page read and write
21025100000
heap
page read and write
1EDE482A000
heap
page read and write
1EDE4858000
heap
page read and write
18DC5DF0000
trusted library allocation
page read and write
1EDE4840000
heap
page read and write
1EDE47E0000
remote allocation
page read and write
18DC5E3D000
heap
page read and write
29550AB000
stack
page read and write
BF995FB000
stack
page read and write
BFA15FF000
stack
page read and write
295557E000
stack
page read and write
1961CE68000
heap
page read and write
21024A74000
heap
page read and write
21024A77000
heap
page read and write
16EB51A0000
heap
page read and write
16EB5241000
heap
page read and write
1F663413000
heap
page read and write
226E1DC0000
heap
page read and write
21024A8A000
heap
page read and write
21025400000
heap
page read and write
21024A90000
heap
page read and write
21025423000
heap
page read and write
18DC5D60000
heap
page read and write
1EDE47B0000
trusted library allocation
page read and write
21FBDB02000
heap
page read and write
72BC47F000
stack
page read and write
21FBDA63000
heap
page read and write
4E146FE000
stack
page read and write
21FBDA13000
heap
page read and write
21FBDA7C000
heap
page read and write
CFAA77E000
stack
page read and write
3108FD000
stack
page read and write
21FBDA2E000
heap
page read and write
4E14DFF000
stack
page read and write
1961CE58000
heap
page read and write
1EDE61A0000
trusted library allocation
page read and write
21025108000
heap
page read and write
66AF0AB000
stack
page read and write
BFA13FA000
stack
page read and write
210247E0000
heap
page read and write
21FBDA47000
heap
page read and write
21FBE202000
trusted library allocation
page read and write
21FBDA78000
heap
page read and write
3107FF000
stack
page read and write
1EDE4902000
heap
page read and write
31037E000
stack
page read and write
16EB5266000
heap
page read and write
CFAA2FF000
stack
page read and write
4E148FF000
stack
page read and write
21025402000
heap
page read and write
295577F000
stack
page read and write
21025102000
heap
page read and write
21024A83000
heap
page read and write
21024B8E000
heap
page read and write
1EDE47E0000
remote allocation
page read and write
21FBDA29000
heap
page read and write
1EDE4800000
heap
page read and write
18DC5E29000
heap
page read and write
1961CF00000
heap
page read and write
1F663465000
heap
page read and write
21FBDA6A000
heap
page read and write
21FBDA85000
heap
page read and write
210251BB000
heap
page read and write
72BC67F000
stack
page read and write
21024B13000
heap
page read and write
21FBD9B0000
heap
page read and write
1F663C02000
heap
page read and write
21FBDA4B000
heap
page read and write
21FBDA7F000
heap
page read and write
16EB5313000
heap
page read and write
21024A43000
heap
page read and write
21024A2C000
heap
page read and write
16EB5130000
heap
page read and write
1961CE28000
heap
page read and write
21FBDA46000
heap
page read and write
BF9947C000
stack
page read and write
1EDE4620000
heap
page read and write
BF9907E000
stack
page read and write
295567E000
stack
page read and write
16EB5202000
heap
page read and write
21FBDA65000
heap
page read and write
18DC5E57000
heap
page read and write
226E1E3C000
heap
page read and write
1EDE4848000
heap
page read and write
1F6634CE000
heap
page read and write
21FBDA32000
heap
page read and write
21FBDA50000
heap
page read and write
210247D0000
heap
page read and write
1961CE64000
heap
page read and write
18DC5E02000
heap
page read and write
1EDE6202000
trusted library allocation
page read and write
226E1D60000
heap
page read and write
72BC77C000
stack
page read and write
21025143000
heap
page read and write
21FBDA4E000
heap
page read and write
16EB525B000
heap
page read and write
1EDE4929000
heap
page read and write
72BC2FD000
stack
page read and write
16EB5302000
heap
page read and write
BF9927B000
stack
page read and write
CFAA87A000
stack
page read and write
CFAA479000
stack
page read and write
21024A29000
heap
page read and write
1961CE40000
heap
page read and write
4E14CFF000
stack
page read and write
16EB51D0000
trusted library allocation
page read and write
BFA16FE000
stack
page read and write
1F6634BD000
heap
page read and write
21FBDA32000
heap
page read and write
21025122000
heap
page read and write
1EDE4802000
heap
page read and write
21FBDA62000
heap
page read and write
1961CDA0000
trusted library allocation
page read and write
1F663429000
heap
page read and write
BFA12FF000
stack
page read and write
72BC87C000
stack
page read and write
21FBDA97000
heap
page read and write
1961CC30000
heap
page read and write
21FBDA5E000
heap
page read and write
CFAA3FC000
stack
page read and write
1961CE79000
heap
page read and write
16EB5260000
heap
page read and write
1F6633B0000
trusted library allocation
page read and write
226E1E47000
heap
page read and write
21FBDA49000
heap
page read and write
BF9957E000
stack
page read and write
16EB5229000
heap
page read and write
BFA14FC000
stack
page read and write
226E1E4A000
heap
page read and write
16EB5200000
heap
page read and write
1961CF13000
heap
page read and write
21FBDA67000
heap
page read and write
226E2602000
trusted library allocation
page read and write
21024A3C000
heap
page read and write
21024A90000
heap
page read and write
1EDE487B000
heap
page read and write
21025413000
heap
page read and write
21024BE5000
heap
page read and write
226E1F02000
heap
page read and write
226E1D70000
heap
page read and write
1F663502000
heap
page read and write
1EDE47E0000
remote allocation
page read and write
21FBDA30000
heap
page read and write
BF98E7C000
stack
page read and write
21024BB9000
heap
page read and write
1F663250000
heap
page read and write
2102518E000
heap
page read and write
CFAA67E000
stack
page read and write
21024A13000
heap
page read and write
18DC6550000
remote allocation
page read and write
226E1E54000
heap
page read and write
1EDE4900000
heap
page read and write
21FBDA6C000
heap
page read and write
1EDE4857000
heap
page read and write
226E1E02000
heap
page read and write
1F663400000
heap
page read and write
72BC57E000
stack
page read and write
31067F000
stack
page read and write
72BBEBB000
stack
page read and write
21FBD9E0000
trusted library allocation
page read and write
21024840000
heap
page read and write
21024A43000
heap
page read and write
4E147FB000
stack
page read and write
31057E000
stack
page read and write
1F663240000
heap
page read and write
1EDE4913000
heap
page read and write
72BCA7C000
stack
page read and write
BF993FE000
stack
page read and write
18DC6550000
remote allocation
page read and write
21FBDA3D000
heap
page read and write
1961CC40000
heap
page read and write
21025154000
heap
page read and write
29551AE000
stack
page read and write
21025122000
heap
page read and write
1961CF02000
heap
page read and write
21FBDA59000
heap
page read and write
21FBD950000
heap
page read and write
21FBDA6E000
heap
page read and write
21FBDA45000
heap
page read and write
BF996FC000
stack
page read and write
21FBDA00000
heap
page read and write
21FBDA4F000
heap
page read and write
BF998FD000
stack
page read and write
21FBDA42000
heap
page read and write
1F663513000
heap
page read and write
21FBDA40000
heap
page read and write
CFAA17F000
stack
page read and write
18DC5E50000
heap
page read and write
21FBDA2D000
heap
page read and write
21FBDA7B000
heap
page read and write
18DC6550000
remote allocation
page read and write
1F663467000
heap
page read and write
3102FE000
stack
page read and write
2102516D000
heap
page read and write
226E1E2E000
heap
page read and write
21024FA0000
trusted library allocation
page read and write
1EDE4790000
trusted library allocation
page read and write
18DC5DC0000
heap
page read and write
66AF6FF000
stack
page read and write
1961CCA0000
heap
page read and write
1F663443000
heap
page read and write
4E14EFF000
stack
page read and write
1EDE4630000
heap
page read and write
21024A00000
heap
page read and write
21FBDA3A000
heap
page read and write
1961CE00000
heap
page read and write
21025427000
heap
page read and write
66AF5FB000
stack
page read and write
1961CE13000
heap
page read and write
66AF8FE000
stack
page read and write
21025002000
heap
page read and write
There are 264 hidden memdumps, click here to show them.