Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
|
|||
|
http://www.g1iar8f.livelovesouthatlanta.com/
|
192.185.72.57
|
||
|
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
|
|||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
172.217.18.14
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.186.173
|
||
|
http://www.g1iar8f.livelovesouthatlanta.com/favicon.ico
|
192.185.72.57
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
142.250.186.173
|
||
|
www.g1iar8f.livelovesouthatlanta.com
|
192.185.72.57
|
||
|
clients.l.google.com
|
172.217.18.14
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
192.185.72.57
|
www.g1iar8f.livelovesouthatlanta.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.186.173
|
accounts.google.com
|
United States
|
||
|
172.217.18.14
|
clients.l.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-2660496737-530772487-1027249058-1002
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B35CD02000
|
heap
|
page read and write
|
||
|
1F128493000
|
heap
|
page read and write
|
||
|
48D897D000
|
stack
|
page read and write
|
||
|
21BD5B50000
|
heap
|
page read and write
|
||
|
2B35CCF5000
|
heap
|
page read and write
|
||
|
270A6FF000
|
stack
|
page read and write
|
||
|
21C54220000
|
heap
|
page read and write
|
||
|
2B35CC00000
|
heap
|
page read and write
|
||
|
270A18E000
|
stack
|
page read and write
|
||
|
7ADFDFE000
|
stack
|
page read and write
|
||
|
48D82FE000
|
stack
|
page read and write
|
||
|
270A8FD000
|
stack
|
page read and write
|
||
|
270A10B000
|
stack
|
page read and write
|
||
|
2B35D349000
|
heap
|
page read and write
|
||
|
21C54502000
|
heap
|
page read and write
|
||
|
1F128413000
|
heap
|
page read and write
|
||
|
1F128445000
|
heap
|
page read and write
|
||
|
48D7F8C000
|
stack
|
page read and write
|
||
|
1F6D5523000
|
heap
|
page read and write
|
||
|
21BD5B60000
|
heap
|
page read and write
|
||
|
E56F0FB000
|
stack
|
page read and write
|
||
|
F302CFE000
|
stack
|
page read and write
|
||
|
1F12848E000
|
heap
|
page read and write
|
||
|
7ADFAFE000
|
stack
|
page read and write
|
||
|
1F12845E000
|
heap
|
page read and write
|
||
|
48D857F000
|
stack
|
page read and write
|
||
|
1F6D5040000
|
heap
|
page read and write
|
||
|
1F128462000
|
heap
|
page read and write
|
||
|
F3031FE000
|
stack
|
page read and write
|
||
|
21BD5BB0000
|
heap
|
page read and write
|
||
|
1F128441000
|
heap
|
page read and write
|
||
|
234AC202000
|
trusted library allocation
|
page read and write
|
||
|
234ABA13000
|
heap
|
page read and write
|
||
|
270A47E000
|
stack
|
page read and write
|
||
|
2B35C9D0000
|
heap
|
page read and write
|
||
|
F30327F000
|
stack
|
page read and write
|
||
|
2B35CC51000
|
heap
|
page read and write
|
||
|
7ADFEFE000
|
stack
|
page read and write
|
||
|
1F12844A000
|
heap
|
page read and write
|
||
|
748DEFF000
|
stack
|
page read and write
|
||
|
2B35CC25000
|
heap
|
page read and write
|
||
|
21C54400000
|
heap
|
page read and write
|
||
|
1F128442000
|
heap
|
page read and write
|
||
|
21BD5D02000
|
heap
|
page read and write
|
||
|
1F128447000
|
heap
|
page read and write
|
||
|
1CA887A0000
|
heap
|
page read and write
|
||
|
F3030FE000
|
stack
|
page read and write
|
||
|
1F128471000
|
heap
|
page read and write
|
||
|
A64E7FD000
|
stack
|
page read and write
|
||
|
1F6D4E29000
|
heap
|
page read and write
|
||
|
270AA7B000
|
stack
|
page read and write
|
||
|
A64EAFE000
|
stack
|
page read and write
|
||
|
21C54513000
|
heap
|
page read and write
|
||
|
1F6D4E04000
|
heap
|
page read and write
|
||
|
1F128400000
|
heap
|
page read and write
|
||
|
234AB810000
|
heap
|
page read and write
|
||
|
21C54A02000
|
trusted library allocation
|
page read and write
|
||
|
2B35CC4D000
|
heap
|
page read and write
|
||