IOC Report
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
http://www.g1iar8f.livelovesouthatlanta.com/
192.185.72.57
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
172.217.18.14
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.186.173
http://www.g1iar8f.livelovesouthatlanta.com/favicon.ico
192.185.72.57

Domains

Name
IP
Malicious
accounts.google.com
142.250.186.173
www.g1iar8f.livelovesouthatlanta.com
192.185.72.57
clients.l.google.com
172.217.18.14
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
192.185.72.57
www.g1iar8f.livelovesouthatlanta.com
United States
239.255.255.250
unknown
Reserved
142.250.186.173
accounts.google.com
United States
172.217.18.14
clients.l.google.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-2660496737-530772487-1027249058-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-2660496737-530772487-1027249058-1002
There are 33 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2B35CD02000
heap
page read and write
1F128493000
heap
page read and write
48D897D000
stack
page read and write
21BD5B50000
heap
page read and write
2B35CCF5000
heap
page read and write
270A6FF000
stack
page read and write
21C54220000
heap
page read and write
2B35CC00000
heap
page read and write
270A18E000
stack
page read and write
7ADFDFE000
stack
page read and write
48D82FE000
stack
page read and write
270A8FD000
stack
page read and write
270A10B000
stack
page read and write
2B35D349000
heap
page read and write
21C54502000
heap
page read and write
1F128413000
heap
page read and write
1F128445000
heap
page read and write
48D7F8C000
stack
page read and write
1F6D5523000
heap
page read and write
21BD5B60000
heap
page read and write
E56F0FB000
stack
page read and write
F302CFE000
stack
page read and write
1F12848E000
heap
page read and write
7ADFAFE000
stack
page read and write
1F12845E000
heap
page read and write
48D857F000
stack
page read and write
1F6D5040000
heap
page read and write
1F128462000
heap
page read and write
F3031FE000
stack
page read and write
21BD5BB0000
heap
page read and write
1F128441000
heap
page read and write
234AC202000
trusted library allocation
page read and write
234ABA13000
heap
page read and write
270A47E000
stack
page read and write
2B35C9D0000
heap
page read and write
F30327F000
stack
page read and write
2B35CC51000
heap
page read and write
7ADFEFE000
stack
page read and write
1F12844A000
heap
page read and write
748DEFF000
stack
page read and write
2B35CC25000
heap
page read and write
21C54400000
heap
page read and write
1F128442000
heap
page read and write
21BD5D02000
heap
page read and write
1F128447000
heap
page read and write
1CA887A0000
heap
page read and write
F3030FE000
stack
page read and write
1F128471000
heap
page read and write
A64E7FD000
stack
page read and write
1F6D4E29000
heap
page read and write
270AA7B000
stack
page read and write
A64EAFE000
stack
page read and write
21C54513000
heap
page read and write
1F6D4E04000
heap
page read and write
1F128400000
heap
page read and write
234AB810000
heap
page read and write
21C54A02000
trusted library allocation
page read and write
2B35CC4D000
heap
page read and write
F302EF9000
stack
page read and write
21BD5C00000
heap
page read and write
21BD5C02000
heap
page read and write
E56F2FD000
stack
page read and write
1F6D5508000
heap
page read and write
1F128491000
heap
page read and write
1F6D4D59000
heap
page read and write
2B35D300000
heap
page read and write
21C543F0000
trusted library allocation
page read and write
48D877C000
stack
page read and write
21BD5C43000
heap
page read and write
1CA88844000
heap
page read and write
F302E79000
stack
page read and write
1CA88840000
heap
page read and write
21BD5C6D000
heap
page read and write
1F6D5432000
heap
page read and write
1CA88F50000
trusted library allocation
page read and write
1F6D5045000
heap
page read and write
21C541B0000
heap
page read and write
F302F7F000
stack
page read and write
A64E38D000
stack
page read and write
2B35CA40000
heap
page read and write
1F6D5527000
heap
page read and write
748DF7E000
stack
page read and write
1F6D552B000
heap
page read and write
48D847E000
stack
page read and write
1F6D5429000
heap
page read and write
1F6D5500000
heap
page read and write
270AC7B000
stack
page read and write
1F1282F0000
heap
page read and write
1F6D4D7C000
heap
page read and write
48D8A7F000
stack
page read and write
1CA88813000
heap
page read and write
2B35D202000
heap
page read and write
1F12846D000
heap
page read and write
1F6D54E1000
heap
page read and write
E56F57C000
stack
page read and write
1F12843F000
heap
page read and write
F3029CD000
stack
page read and write
21C54445000
heap
page read and write
F302D7E000
stack
page read and write
234AB820000
heap
page read and write
748E07F000
stack
page read and write
A64EC7E000
stack
page read and write
48D867C000
stack
page read and write
234ABA70000
heap
page read and write
A64EE7E000
stack
page read and write
E56EB1D000
stack
page read and write
7ADFB7E000
stack
page read and write
2B35D343000
heap
page read and write
21C54402000
heap
page read and write
21BD5C4F000
heap
page read and write
F302C7E000
stack
page read and write
234ABA00000
heap
page read and write
21C54440000
heap
page read and write
21BD5C5C000
heap
page read and write
1F128436000
heap
page read and write
A64EBFD000
stack
page read and write
234ABA5B000
heap
page read and write
7ADFCFE000
stack
page read and write
21C54459000
heap
page read and write
E56EB9D000
stack
page read and write
1CA88851000
heap
page read and write
1F6D53E0000
heap
page read and write
21BD5BE0000
trusted library allocation
page read and write
1F6D542E000
heap
page read and write
1F6D4DF3000
heap
page read and write
E56F77F000
stack
page read and write
21BD5C13000
heap
page read and write
1F128455000
heap
page read and write
1CA88790000
heap
page read and write
1F12846F000
heap
page read and write
E56F1FF000
stack
page read and write
234ABB13000
heap
page read and write
2B35CC13000
heap
page read and write
2B35CC2B000
heap
page read and write
F30307E000
stack
page read and write
1F6D5534000
heap
page read and write
2B35CC3F000
heap
page read and write
1F6D54E0000
heap
page read and write
E56F3FD000
stack
page read and write
1F128469000
heap
page read and write
1CA8883A000
heap
page read and write
48D83FB000
stack
page read and write
1F6D4DDF000
heap
page read and write
2B35CC8A000
heap
page read and write
234ABA66000
heap
page read and write
2B35CC97000
heap
page read and write
F302FFE000
stack
page read and write
748E37A000
stack
page read and write
1F12845F000
heap
page read and write
1F6D4DBD000
heap
page read and write
1F128380000
trusted library allocation
page read and write
1F6D4D70000
heap
page read and write
2B35D312000
heap
page read and write
1F6D5424000
heap
page read and write
2B35CCDA000
heap
page read and write
1CA88802000
heap
page read and write
1F12848B000
heap
page read and write
2B35D1A0000
trusted library allocation
page read and write
1F6D541D000
heap
page read and write
1F6D5434000
heap
page read and write
2B35D332000
heap
page read and write
270AB7F000
stack
page read and write
270A87E000
stack
page read and write
1F128451000
heap
page read and write
1F6D4C10000
heap
page read and write
A64E30E000
stack
page read and write
E56F67D000
stack
page read and write
1CA88902000
heap
page read and write
234AB970000
trusted library allocation
page read and write
1F128461000
heap
page read and write
A64E8FE000
stack
page read and write
1F128502000
heap
page read and write
F302DFE000
stack
page read and write
1CA88800000
heap
page read and write
270A5FF000
stack
page read and write
1F128487000
heap
page read and write
1F128459000
heap
page read and write
234ABA42000
heap
page read and write
1F128497000
heap
page read and write
270A978000
stack
page read and write
E56F07F000
stack
page read and write
270A7F7000
stack
page read and write
F303179000
stack
page read and write
1F6D4DB7000
heap
page read and write
1F128464000
heap
page read and write
1F6D54AA000
heap
page read and write
270A57F000
stack
page read and write
21C54413000
heap
page read and write
2B35CCC9000
heap
page read and write
2B35CD13000
heap
page read and write
7ADFA7B000
stack
page read and write
1F6D4C70000
heap
page read and write
1F128458000
heap
page read and write
7ADFFFE000
stack
page read and write
A64EEFE000
stack
page read and write
1F6D54E1000
heap
page read and write
A64E28B000
stack
page read and write
1F12846B000
heap
page read and write
1CA8882B000
heap
page read and write
21C5446C000
heap
page read and write
1F128446000
heap
page read and write
E56EEFB000
stack
page read and write
1CA887F0000
heap
page read and write
A64E9FB000
stack
page read and write
1F6D4CB0000
trusted library allocation
page read and write
1F12847A000
heap
page read and write
1CA89002000
trusted library allocation
page read and write
21C5442B000
heap
page read and write
1F12845C000
heap
page read and write
1F6D4C90000
heap
page read and write
21BD5C2B000
heap
page read and write
1F6D5525000
heap
page read and write
234ABA71000
heap
page read and write
E56EA9B000
stack
page read and write
1F6D4D38000
heap
page read and write
1F12842B000
heap
page read and write
234ABA6C000
heap
page read and write
48D887F000
stack
page read and write
1F6D4DD1000
heap
page read and write
A64E97E000
stack
page read and write
2B35C9E0000
heap
page read and write
234ABA2B000
heap
page read and write
E56F4FE000
stack
page read and write
234ABB02000
heap
page read and write
1CA8883E000
heap
page read and write
1F6D5504000
heap
page read and write
1F6D5515000
heap
page read and write
234ABA02000
heap
page read and write
1F12845A000
heap
page read and write
1F128350000
heap
page read and write
1F128C02000
trusted library allocation
page read and write
748E27F000
stack
page read and write
1F128444000
heap
page read and write
1F128485000
heap
page read and write
1CA88831000
heap
page read and write
1F6D5441000
heap
page read and write
234AB870000
heap
page read and write
1F6D5420000
heap
page read and write
1F1282E0000
heap
page read and write
21C54990000
trusted library allocation
page read and write
21BD6402000
trusted library allocation
page read and write
1F128473000
heap
page read and write
1F6D4DD8000
heap
page read and write
1F6D4D30000
heap
page read and write
2B35CCD3000
heap
page read and write
1F6D542C000
heap
page read and write
1F12848D000
heap
page read and write
21C541C0000
heap
page read and write
234ABA76000
heap
page read and write
1F12849B000
heap
page read and write
1F12847D000
heap
page read and write
748DE7B000
stack
page read and write
1F6D5534000
heap
page read and write
48D827D000
stack
page read and write
A64ED7E000
stack
page read and write
1F128463000
heap
page read and write
748E17F000
stack
page read and write
There are 247 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga