IOC Report
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\6d9bc226-77cc-44fa-85f1-07543759e5b4.tmp
ASCII text
dropped
C:\Users\user\Downloads\json.txt (copy)
ASCII text
dropped
C:\Users\user\Downloads\json.txt.crdownload (copy)
ASCII text
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

URLs

Name
IP
Malicious
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.203.110
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
142.250.203.110
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.203.109

Domains

Name
IP
Malicious
accounts.google.com
142.250.203.109
www.google.com
142.250.203.100
clients.l.google.com
142.250.203.110
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.203.100
www.google.com
United States
142.250.203.110
clients.l.google.com
United States
127.0.0.1
unknown
unknown
142.250.203.109
accounts.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 42 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2B5DA400000
heap
page read and write
1EA4C446000
heap
page read and write
25EC8C00000
heap
page read and write
21E783C0000
heap
page read and write
25EC8C44000
heap
page read and write
1EA4C3F0000
remote allocation
page read and write
1EA4C370000
heap
page read and write
5D6977E000
stack
page read and write
D5E617E000
stack
page read and write
21E7863D000
heap
page read and write
21193FB000
stack
page read and write
A63DBFE000
stack
page read and write
1C172F80000
heap
page read and write
2130E663000
heap
page read and write
25EC8C3D000
heap
page read and write
A51DAFE000
stack
page read and write
5D6997E000
stack
page read and write
25EC8C45000
heap
page read and write
1C172FD0000
trusted library allocation
page read and write
25EC8C39000
heap
page read and write
A63DD7F000
stack
page read and write
2130E5E0000
heap
page read and write
1C173054000
heap
page read and write
BF477FF000
stack
page read and write
1EA4C3F0000
remote allocation
page read and write
D5E657C000
stack
page read and write
BF472FF000
stack
page read and write
2B5DA713000
heap
page read and write
25EC8C6D000
heap
page read and write
25EC8C47000
heap
page read and write
1C173113000
heap
page read and write
2130E602000
heap
page read and write
211937D000
stack
page read and write
21195FE000
stack
page read and write
25EC8C46000
heap
page read and write
25EC8C74000
heap
page read and write
A63DEFF000
stack
page read and write
1EA4C518000
heap
page read and write
19B35E00000
heap
page read and write
1C173002000
heap
page read and write
21E78430000
heap
page read and write
19B35D20000
heap
page read and write
1EA4C3A0000
trusted library allocation
page read and write
C91AC7E000
stack
page read and write
25EC8C77000
heap
page read and write
25EC8C49000
heap
page read and write
1EA4DE70000
trusted library allocation
page read and write
19B36602000
heap
page read and write
2B5DA68B000
heap
page read and write
2130E656000
heap
page read and write
25EC8C6B000
heap
page read and write
1C173058000
heap
page read and write
A63D75B000
stack
page read and write
D5E647E000
stack
page read and write
1EA4C457000
heap
page read and write
1EA4C456000
heap
page read and write
1EA4C513000
heap
page read and write
25EC8C30000
heap
page read and write
2130E570000
heap
page read and write
A63DE7D000
stack
page read and write
D5E5F7F000
stack
page read and write
19B35E40000
heap
page read and write
A63DFFD000
stack
page read and write
2B5DA390000
heap
page read and write
5D6987A000
stack
page read and write
2130E580000
heap
page read and write
25EC8C75000
heap
page read and write
25EC8C41000
heap
page read and write
1EA4C413000
heap
page read and write
2B5DA602000
heap
page read and write
21E78C02000
trusted library allocation
page read and write
D5E627E000
stack
page read and write
25EC8C84000
heap
page read and write
2130E668000
heap
page read and write
25EC8C4D000
heap
page read and write
5D69A7F000
stack
page read and write
19B35E29000
heap
page read and write
1C173060000
heap
page read and write
25EC8C2D000
heap
page read and write
1EA4C310000
heap
page read and write
25EC8C7E000
heap
page read and write
25EC8C5F000
heap
page read and write
19B35D90000
heap
page read and write
25EC8C2A000
heap
page read and write
5D696FC000
stack
page read and write
5D69B7F000
stack
page read and write
2118F7C000
stack
page read and write
A51DFFF000
stack
page read and write
1EA4C300000
heap
page read and write
21191FF000
stack
page read and write
A51DA7C000
stack
page read and write
2B5DAC02000
trusted library allocation
page read and write
1EA4C3F0000
remote allocation
page read and write
1EA4C463000
heap
page read and write
1EA4C500000
heap
page read and write
BF474FF000
stack
page read and write
1EA4C454000
heap
page read and write
2118B3B000
stack
page read and write
D5E59AB000
stack
page read and write
1EA4C42A000
heap
page read and write
1C172F20000
heap
page read and write
BF470FE000
stack
page read and write
2B5DA673000
heap
page read and write
1C172FB0000
trusted library allocation
page read and write
21E7865C000
heap
page read and write
21E78BC0000
remote allocation
page read and write
1EA4C400000
heap
page read and write
C91A67B000
stack
page read and write
25EC8BE0000
trusted library allocation
page read and write
BF46B2C000
stack
page read and write
25EC8C2E000
heap
page read and write
25EC8A10000
heap
page read and write
25EC8C61000
heap
page read and write
1EA4C43D000
heap
page read and write
5D69BFF000
stack
page read and write
5D695FF000
stack
page read and write
25EC8C4E000
heap
page read and write
19B36700000
heap
page read and write
21E78600000
heap
page read and write
A63DA7E000
stack
page read and write
A63D7DE000
stack
page read and write
25EC8C63000
heap
page read and write
1EA4DEB0000
trusted library allocation
page read and write
25EC8C67000
heap
page read and write
19B35EE1000
heap
page read and write
1EA4C457000
heap
page read and write
2130E628000
heap
page read and write
1C172F10000
heap
page read and write
A51DEFE000
stack
page read and write
25EC8C3A000
heap
page read and write
2B5DA63D000
heap
page read and write
2130E702000
heap
page read and write
25EC8C60000
heap
page read and write
25EC9202000
trusted library allocation
page read and write
19B35EC5000
heap
page read and write
21E78BC0000
remote allocation
page read and write
25EC8C62000
heap
page read and write
2B5DA600000
heap
page read and write
25EC8C7B000
heap
page read and write
1C173043000
heap
page read and write
2130EE02000
trusted library allocation
page read and write
25EC89A0000
heap
page read and write
2B5DA669000
heap
page read and write
5D690CB000
stack
page read and write
1C173100000
heap
page read and write
21196FE000
stack
page read and write
19B35EE7000
heap
page read and write
BF476FE000
stack
page read and write
1C173102000
heap
page read and write
2130E67B000
heap
page read and write
1C17303C000
heap
page read and write
2B5DA613000
heap
page read and write
1EA4C447000
heap
page read and write
2B5DA629000
heap
page read and write
211927C000
stack
page read and write
2B5DA67A000
heap
page read and write
BF473FD000
stack
page read and write
25EC8C69000
heap
page read and write
BF46F7B000
stack
page read and write
C91AA7E000
stack
page read and write
2130ED40000
trusted library allocation
page read and write
1C173802000
trusted library allocation
page read and write
21E78702000
heap
page read and write
21E78602000
heap
page read and write
19B35E8B000
heap
page read and write
25EC8C13000
heap
page read and write
BF475FF000
stack
page read and write
2B5DA702000
heap
page read and write
19B35F02000
heap
page read and write
2130E613000
heap
page read and write
19B35D30000
heap
page read and write
21E78BC0000
remote allocation
page read and write
1C173043000
heap
page read and write
1C17302C000
heap
page read and write
19B35EBE000
heap
page read and write
21197FF000
stack
page read and write
5D694FB000
stack
page read and write
D5E607E000
stack
page read and write
C91AB7E000
stack
page read and write
1EA4C447000
heap
page read and write
A63E17F000
stack
page read and write
19B35F13000
heap
page read and write
25EC8C40000
heap
page read and write
1EA4C488000
heap
page read and write
25EC8C79000
heap
page read and write
A51DDFE000
stack
page read and write
A51DB7E000
stack
page read and write
21E783D0000
heap
page read and write
BF478FE000
stack
page read and write
A51DCFE000
stack
page read and write
D5E637C000
stack
page read and write
25EC89B0000
heap
page read and write
BF471FC000
stack
page read and write
A63E0FE000
stack
page read and write
1C173013000
heap
page read and write
25EC8C4B000
heap
page read and write
25EC8C64000
heap
page read and write
25EC8D02000
heap
page read and write
21E78B90000
trusted library allocation
page read and write
19B35E13000
heap
page read and write
1C173000000
heap
page read and write
1EA4E002000
trusted library allocation
page read and write
2B5DA3A0000
heap
page read and write
25EC8C7A000
heap
page read and write
21194FC000
stack
page read and write
1EA4C47E000
heap
page read and write
2130E700000
heap
page read and write
19B35DC0000
trusted library allocation
page read and write
25EC8C42000
heap
page read and write
19B35ECF000
heap
page read and write
2130E600000
heap
page read and write
D5E5DFF000
stack
page read and write
21E78629000
heap
page read and write
A63DC7E000
stack
page read and write
2B5DA65C000
heap
page read and write
2130E640000
heap
page read and write
2B5DA5D0000
trusted library allocation
page read and write
1C173029000
heap
page read and write
21E78613000
heap
page read and write
19B35E74000
heap
page read and write
C91A97B000
stack
page read and write
2B5DA656000
heap
page read and write
1EA4C3C0000
trusted library allocation
page read and write
2130E713000
heap
page read and write
1EA4C502000
heap
page read and write
21190FF000
stack
page read and write
1EA4C402000
heap
page read and write
25EC8C48000
heap
page read and write
There are 218 hidden memdumps, click here to show them.