Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	5112
Target ID:	0
Parent PID:	3696
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:43:20
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1772,i,13714808044369432181,11901859910510463980,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	4136
Target ID:	1
Parent PID:	5112
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1772,i,13714808044369432181,11901859910510463980,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:43:21
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "https://listfoo.org/zmg5f

Details

Is windows:	true
Is dropped:	false
PID:	6288
Target ID:	2
Parent PID:	3696
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://listfoo.org/zmg5f
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	09:43:22
Date:	25/01/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://listfoo.org/zmg5f

https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=ruvQY6uHDeSP9u8PlpqO-Ak&zx=1674636206145

142.250.203.100

https://www.google.com/

https://www.google.com/manifest?pwa=webhp

142.250.203.100

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

142.250.203.109

https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=ruvQY6uHDeSP9u8PlpqO-Ak&rt=wsrt.486,aft.423,afti.423,prt.322&wh=913&imn=3&ima=3&imad=0&imac=0&aftp=913&bl=m-wt

142.250.203.100

https://www.google.com/client_204?cs=1

142.250.203.100

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

142.250.203.100

https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=ruvQY6uHDeSP9u8PlpqO-Ak&zx=1674636232161

142.250.203.100

https://listfoo.org/zmg5f

185.180.199.229

https://www.google.com/gen_204?atyp=csi&ei=ruvQY6uHDeSP9u8PlpqO-Ak&s=webhp&t=all&bl=m-wt&wh=913&imn=3&ima=3&imad=0&imac=0&aftp=913&adh=&ime=3&imex=3&imeh=0&imea=0&imeb=0&imel=0&scp=0&net=dl.1300,ect.4g,rtt.100&mem=ujhs.10,tjhs.11,jhsl.2173,dm.8&sys=hc.4&rt=aft.423,afti.423,prt.322,dcl.327,aftqf.424,ol.904,xjsls.26226,xjses.26870,xjsee.26920,xjs.26921,lcp.356,fcp.193,wsrt.486,cst.75,dnst.32,rqst.232,rspt.116,sslt.75,rqstt.370,unt.257,cstt.295,dit.813&zx=1674636232860

142.250.203.100

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.WEPncdil2Uw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-eOecLLtOXEl3I3kIuMsKXRkDMmA/cb=gapi.loaded_0

172.217.168.78

https://www.google.com/gen_204?atyp=i&ei=ruvQY6uHDeSP9u8PlpqO-Ak&dt19=2&zx=1674636233492

142.250.203.100

https://www.google.com/xjs/_/js/k=xjs.s.en_GB.zobC7UqdsqU.O/ck=xjs.s.F0fY5Pm-eS0.L.W.O/am=AAEqCFcAOAAAQAAAAAAkIAAAAAAAAgAwBkDwlA0I2BAOEIMBsCwBIAAgiNEPEQAABgADGBYABAAAAED-AAQ8AQCDCQsAAAAAAAAAELAEweAGCQoCQAAAAAAAAACU0uTFASAIAgAAAQ/d=1/exm=cdos,csi,d,dpf,hsm,jsa/ed=1/dg=2/br=1/rs=ACT90oHWjJk68F8W9qa5QTlNuGD_7xu0jA/ee=Pjplud:PoEs9b;QGR0gd:Mlhmy;uY49fb:COQbmf;EVNhjf:pw70Gc;sTsDMc:kHVSUb;g8nkx:U4MzKc;wQlYve:aLUfP;kbAm9d:MkHyGd;F9mqte:UoRcbe;oUlnpc:RagDlc;YV5bee:IvPZ6d;dtl0hd:lLQWFe;yGxLoc:FmAr0c;dIoSBb:ZgGg9b;pXdRYb:JKoKVe;wR5FRb:TtcOte;KpRAue:Tia57b;aZ61od:arTwJ;JXS8fb:Qj0suc;rQSrae:C6D5Fc;qavrXe:zQzcXe;UDrY1c:eps46d;w3bZCb:ZPGaIb;VGRfx:VFqbr;imqimf:jKGL2e;Np8Qkd:Dpx6qc;BjwMce:cXX2Wb;oGtAuc:sOXFj;NPKaK:PVlQOd;EmZ2Bf:zr1jrb;daB6be:lMxGPd;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;R4IIIb:QWfeKf;BMxAGc:E5bFse;WDGyFe:jcVOxd;wV5Pjc:L8KGxe;xbe2wc:wbTLEd;DpcR3d:zL72xf;tosKvd:ZCqP3;ESrPQc:mNTJvc;NSEoX:lazG7b;G6wU6e:hezEbd;kCQyJ:ueyPK;okUaUd:wItadb;GleZL:J1A7Od;Xeq57c:wZTUNc;eJZqRc:wUwbse;RiX1h:uiAbXc;oSUNyd:fTfGO;SJsSc:H1GVub;SMDL4c:fTfGO;JsbNhc:Xd8iUd;zOsCQe:Ko78Df;KcokUb:KiuZBf;WCEKNd:I46Hvd;LBgRLc:XVMNvd;LsNahb:ucGLNb;UyG7Kb:wQd0G;TxfV6d:YORN0b;qaS3gd:yiLg6e;aAJE9c:WHW6Ef;BgS6mb:fidj5d;UVmjEd:EesRsb;z97YGf:oug9te;CxXAWb:YyRLvc;VN6jIc:ddQyuf;SLtqO:Kh1xYe;VxQ32b:k0XsBb;DULqB:RKfG5c;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;hjRo6e:F62sG;whEZac:F4AmNb;qddgKe:x4FYXe;eBAeSb:Ck63tb;vfVwPd:OXTqFb;w9w86d:dt4g2b;lkq0A:Z0MWEf;KQzWid:mB4wNe;pNsl2d:j9Yuyc;eHDfl:ofjVkb;Nyt6ic:jn2sGd;SNUn3:x8cHvb;LEikZe:byfTOb,lsjVmc;io8t5d:sgY6Zb;Oj465e:KG2eXe;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;nAFL3:s39S4;iFQyKf:QIhFr/m=DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,epYOx,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1

142.250.203.100

https://www.google.com/xjs/_/js/k=xjs.s.en_GB.zobC7UqdsqU.O/ck=xjs.s.F0fY5Pm-eS0.L.W.O/am=AAEqCFcAOAAAQAAAAAAkIAAAAAAAAgAwBkDwlA0I2BAOEIMBsCwBIAAgiNEPEQAABgADGBYABAAAAED-AAQ8AQCDCQsAAAAAAAAAELAEweAGCQoCQAAAAAAAAACU0uTFASAIAgAAAQ/d=1/exm=CnSW2d,DPreE,DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,WlNQGd,aa,abd,async,cdos,csi,d,dpf,epYOx,fXO0xe,hsm,jsa,kQvlef,nabPbb,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch/ed=1/dg=2/br=1/rs=ACT90oHWjJk68F8W9qa5QTlNuGD_7xu0jA/ee=Pjplud:PoEs9b;QGR0gd:Mlhmy;uY49fb:COQbmf;EVNhjf:pw70Gc;sTsDMc:kHVSUb;g8nkx:U4MzKc;wQlYve:aLUfP;kbAm9d:MkHyGd;F9mqte:UoRcbe;oUlnpc:RagDlc;YV5bee:IvPZ6d;dtl0hd:lLQWFe;yGxLoc:FmAr0c;dIoSBb:ZgGg9b;pXdRYb:JKoKVe;wR5FRb:TtcOte;KpRAue:Tia57b;aZ61od:arTwJ;JXS8fb:Qj0suc;rQSrae:C6D5Fc;qavrXe:zQzcXe;UDrY1c:eps46d;w3bZCb:ZPGaIb;VGRfx:VFqbr;imqimf:jKGL2e;Np8Qkd:Dpx6qc;BjwMce:cXX2Wb;oGtAuc:sOXFj;NPKaK:PVlQOd;EmZ2Bf:zr1jrb;daB6be:lMxGPd;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;R4IIIb:QWfeKf;BMxAGc:E5bFse;WDGyFe:jcVOxd;wV5Pjc:L8KGxe;xbe2wc:wbTLEd;DpcR3d:zL72xf;tosKvd:ZCqP3;ESrPQc:mNTJvc;NSEoX:lazG7b;G6wU6e:hezEbd;kCQyJ:ueyPK;okUaUd:wItadb;GleZL:J1A7Od;Xeq57c:wZTUNc;eJZqRc:wUwbse;RiX1h:uiAbXc;oSUNyd:fTfGO;SJsSc:H1GVub;SMDL4c:fTfGO;JsbNhc:Xd8iUd;zOsCQe:Ko78Df;KcokUb:KiuZBf;WCEKNd:I46Hvd;LBgRLc:XVMNvd;LsNahb:ucGLNb;UyG7Kb:wQd0G;TxfV6d:YORN0b;qaS3gd:yiLg6e;aAJE9c:WHW6Ef;BgS6mb:fidj5d;UVmjEd:EesRsb;z97YGf:oug9te;CxXAWb:YyRLvc;VN6jIc:ddQyuf;SLtqO:Kh1xYe;VxQ32b:k0XsBb;DULqB:RKfG5c;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;hjRo6e:F62sG;whEZac:F4AmNb;qddgKe:x4FYXe;eBAeSb:Ck63tb;vfVwPd:OXTqFb;w9w86d:dt4g2b;lkq0A:Z0MWEf;KQzWid:mB4wNe;pNsl2d:j9Yuyc;eHDfl:ofjVkb;Nyt6ic:jn2sGd;SNUn3:x8cHvb;LEikZe:byfTOb,lsjVmc;io8t5d:sgY6Zb;Oj465e:KG2eXe;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;nAFL3:s39S4;iFQyKf:QIhFr/m=aLUfP?xjs=s2

142.250.203.100

https://www.google.com/favicon.ico

142.250.203.100

https://google.com/

172.217.168.14

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

142.250.203.100

https://listfoo.org/favicon.ico

185.180.199.229

https://www.google.com/xjs/_/js/k=xjs.s.en_GB.zobC7UqdsqU.O/ck=xjs.s.F0fY5Pm-eS0.L.W.O/am=AAEqCFcAOAAAQAAAAAAkIAAAAAAAAgAwBkDwlA0I2BAOEIMBsCwBIAAgiNEPEQAABgADGBYABAAAAED-AAQ8AQCDCQsAAAAAAAAAELAEweAGCQoCQAAAAAAAAACU0uTFASAIAgAAAQ/d=1/exm=DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,UUJqVe,aa,abd,async,cdos,csi,d,dpf,epYOx,hsm,jsa,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch/ed=1/dg=2/br=1/rs=ACT90oHWjJk68F8W9qa5QTlNuGD_7xu0jA/ee=Pjplud:PoEs9b;QGR0gd:Mlhmy;uY49fb:COQbmf;EVNhjf:pw70Gc;sTsDMc:kHVSUb;g8nkx:U4MzKc;wQlYve:aLUfP;kbAm9d:MkHyGd;F9mqte:UoRcbe;oUlnpc:RagDlc;YV5bee:IvPZ6d;dtl0hd:lLQWFe;yGxLoc:FmAr0c;dIoSBb:ZgGg9b;pXdRYb:JKoKVe;wR5FRb:TtcOte;KpRAue:Tia57b;aZ61od:arTwJ;JXS8fb:Qj0suc;rQSrae:C6D5Fc;qavrXe:zQzcXe;UDrY1c:eps46d;w3bZCb:ZPGaIb;VGRfx:VFqbr;imqimf:jKGL2e;Np8Qkd:Dpx6qc;BjwMce:cXX2Wb;oGtAuc:sOXFj;NPKaK:PVlQOd;EmZ2Bf:zr1jrb;daB6be:lMxGPd;Fmv9Nc:O1Tzwc;hK67qb:QWEO5b;R4IIIb:QWfeKf;BMxAGc:E5bFse;WDGyFe:jcVOxd;wV5Pjc:L8KGxe;xbe2wc:wbTLEd;DpcR3d:zL72xf;tosKvd:ZCqP3;ESrPQc:mNTJvc;NSEoX:lazG7b;G6wU6e:hezEbd;kCQyJ:ueyPK;okUaUd:wItadb;GleZL:J1A7Od;Xeq57c:wZTUNc;eJZqRc:wUwbse;RiX1h:uiAbXc;oSUNyd:fTfGO;SJsSc:H1GVub;SMDL4c:fTfGO;JsbNhc:Xd8iUd;zOsCQe:Ko78Df;KcokUb:KiuZBf;WCEKNd:I46Hvd;LBgRLc:XVMNvd;LsNahb:ucGLNb;UyG7Kb:wQd0G;TxfV6d:YORN0b;qaS3gd:yiLg6e;aAJE9c:WHW6Ef;BgS6mb:fidj5d;UVmjEd:EesRsb;z97YGf:oug9te;CxXAWb:YyRLvc;VN6jIc:ddQyuf;SLtqO:Kh1xYe;VxQ32b:k0XsBb;DULqB:RKfG5c;bcPXSc:gSZLJb;cFTWae:gT8qnd;gaub4:TN6bMe;hjRo6e:F62sG;whEZac:F4AmNb;qddgKe:x4FYXe;eBAeSb:Ck63tb;vfVwPd:OXTqFb;w9w86d:dt4g2b;lkq0A:Z0MWEf;KQzWid:mB4wNe;pNsl2d:j9Yuyc;eHDfl:ofjVkb;Nyt6ic:jn2sGd;SNUn3:x8cHvb;LEikZe:byfTOb,lsjVmc;io8t5d:sgY6Zb;Oj465e:KG2eXe;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;nAFL3:s39S4;iFQyKf:QIhFr/m=CnSW2d,DPreE,WlNQGd,fXO0xe,kQvlef,nabPbb?xjs=s2

142.250.203.100

https://www.google.com/xjs/_/js/md=1/k=xjs.s.en_GB.zobC7UqdsqU.O/am=AAEqCFcAOAAAQAAAAAAkIAAAAAAAAgAwBkDwlA0I2BAOEIMBsCwBIAAgiNEPEQAABgADGBYABAAAAED-AAQ8AQCDCQsAAAAAAAAAELAEweAGCQoCQAAAAAAAAACU0uTFASAIAgAAAQ/rs=ACT90oFLXSotrQJhVFHbtpFxrnCGNSmSlQ

142.250.203.100

https://www.google.com/gen_204?ei=ruvQY6uHDeSP9u8PlpqO-Ak&ved=0ahUKEwirlsyBquL8AhXkh_0HHRaNA58QiZAHCCA&uact=3

142.250.203.100

https://consent.google.com/save?continue=https://www.google.com/&gl=HR&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20230118-0_RC1&uxe=none&set_eom=false&set_aps=true&set_sc=true

216.58.215.238

https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp

142.250.203.100

https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&hl=en-HR&authuser=0&psi=ruvQY6uHDeSP9u8PlpqO-Ak.1674636232907&nolsbt=1&dpr=1

142.250.203.100

https://www.google.com/gen_204?atyp=csi&ei=ruvQY6uHDeSP9u8PlpqO-Ak&s=webhp&st=20420&fid=1&t=fi&zx=1674636232867

142.250.203.100

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

142.250.203.110

https://www.google.com/client_204?&atyp=i&biw=1280&bih=913&ei=ruvQY6uHDeSP9u8PlpqO-Ak

142.250.203.100

https://www.google.com/gen_204?ei=ruvQY6uHDeSP9u8PlpqO-Ak&vet=10ahUKEwirlsyBquL8AhXkh_0HHRaNA58QhJAHCBk..s&gl=HR&pc=SEARCH_HOMEPAGE&isMobile=false

142.250.203.100

https://www.google.com/gen_204?ei=ruvQY6uHDeSP9u8PlpqO-Ak&vet=10ahUKEwirlsyBquL8AhXkh_0HHRaNA58QhJAHCBk..h&va=26014

142.250.203.100

https://www.google.com/

142.250.203.100

https://www.google.com/xjs/_/js/k=xjs.s.en_GB.zobC7UqdsqU.O/am=AAEqCFcAOAAAQAAAAAAkIAAAAAAAAgAwBkDwlA0I2BAOEIMBsCwBIAAgiNEPEQAABgADGBYABAAAAED-AAQ8AQCDCQsAAAAAAAAAELAEweAGCQoCQAAAAAAAAACU0uTFASAIAgAAAQ/d=1/ed=1/dg=2/br=1/rs=ACT90oFLXSotrQJhVFHbtpFxrnCGNSmSlQ/m=cdos,dpf,hsm,jsa,d,csi

142.250.203.100

There are 21 hidden URLs, click here to show them.

Domains

Name

Malicious

google.com

172.217.168.14

Details

Name:	google.com
IP:	172.217.168.14
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

consent.google.com

216.58.215.238

accounts.google.com

142.250.203.109

Details

Name:	accounts.google.com
IP:	142.250.203.109
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

plus.l.google.com

172.217.168.78

listfoo.org

185.180.199.229

Details

Name:	listfoo.org
IP:	185.180.199.229
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Spawns processes	System Summary	Process Injection

www.google.com

142.250.203.100

Details

Name:	www.google.com
IP:	142.250.203.100
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

clients.l.google.com

142.250.203.110

clients2.google.com

unknown

Details

Name:	clients2.google.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

apis.google.com

unknown

Details

Name:	apis.google.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

IPs

Domain

Country

Malicious

192.168.2.1

unknown

216.58.215.238

consent.google.com

United States

142.250.203.100

www.google.com

United States

185.180.199.229

listfoo.org

Netherlands

142.250.203.110

clients.l.google.com

United States

172.217.168.78

plus.l.google.com

United States

172.217.168.14

google.com

United States

239.255.255.250

unknown

Reserved

127.0.0.1

unknown

142.250.203.109

accounts.google.com

United States

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blocklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry

TraceTimeLast

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

There are 42 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

ABE7FB000

stack

page read and write

20A5D853000

heap

page read and write

20A5D813000

heap

page read and write

ABE8FB000

stack

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://listfoo.org/zmg5f

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://listfoo.org/zmg5f

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
https://listfoo.org/zmg5f