Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB
--service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1704,i,16132118233755685620,6475161574412490261,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meta-checkpoint-875010059.azurewebsites.net/captcha
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://meta-checkpoint-875010059.azurewebsites.net/captcha
|
|||
https://newassets.hcaptcha.com/captcha/v1/5a6011a/hcaptcha.js
|
104.16.168.131
|
||
https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js
|
151.101.1.229
|
||
https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css
|
151.101.1.229
|
||
https://meta-checkpoint-875010059.azurewebsites.net/captcha
|
|||
https://js.hcaptcha.com/1/api.js
|
104.16.169.131
|
||
https://hcaptcha.com/checksiteconfig?v=5a6011a&host=meta-checkpoint-875010059.azurewebsites.net&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&sc=1&swa=1
|
104.16.168.131
|
||
https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html
|
104.16.168.131
|
||
https://newassets.hcaptcha.com/i/b2a3a9e/e
|
104.16.168.131
|
||
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
216.58.209.45
|
||
https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html#frame=checkbox&id=0x37lmbbefh&host=meta-checkpoint-875010059.azurewebsites.net&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&theme=light&origin=https%3A%2F%2Fmeta-checkpoint-875010059.azurewebsites.net
|
|||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.180.174
|
||
https://newassets.hcaptcha.com/c/b2a3a9e/hsw.js
|
104.16.168.131
|
||
https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html#frame=challenge&id=0x37lmbbefh&host=meta-checkpoint-875010059.azurewebsites.net&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&theme=light&origin=https%3A%2F%2Fmeta-checkpoint-875010059.azurewebsites.net
|
There are 3 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
jsdelivr.map.fastly.net
|
151.101.1.229
|
||
hcaptcha.com
|
104.16.168.131
|
||
accounts.google.com
|
216.58.209.45
|
||
js.hcaptcha.com
|
104.16.169.131
|
||
clients.l.google.com
|
142.250.180.174
|
||
newassets.hcaptcha.com
|
104.16.168.131
|
||
clients2.google.com
|
unknown
|
||
code.jquery.com
|
unknown
|
||
cdn.jsdelivr.net
|
unknown
|
||
meta-checkpoint-875010059.azurewebsites.net
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
151.101.1.229
|
jsdelivr.map.fastly.net
|
United States
|
||
192.168.2.1
|
unknown
|
unknown
|
||
216.58.209.45
|
accounts.google.com
|
United States
|
||
104.16.168.131
|
hcaptcha.com
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
192.168.2.3
|
unknown
|
unknown
|
||
192.168.2.5
|
unknown
|
unknown
|
||
104.16.169.131
|
js.hcaptcha.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.180.174
|
clients.l.google.com
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
There are 1 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Microsoft\Speech_OneCore\Voices
|
DefaultTokenId
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
|
TraceTimeLast
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
There are 45 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2C31D720000
|
heap
|
page read and write
|
||
2C31D8A0000
|
heap
|
page read and write
|
||
EFA3A7C000
|
stack
|
page read and write
|
||
2C31D7C0000
|
trusted library allocation
|
page read and write
|
||
2C31D813000
|
heap
|
page read and write
|
||
2C31D83D000
|
heap
|
page read and write
|
||
2C31D862000
|
heap
|
page read and write
|
||
2C31D86D000
|
heap
|
page read and write
|
||
EFA3C7D000
|
stack
|
page read and write
|
||
EFA3B7E000
|
stack
|
page read and write
|
||
2C31D800000
|
heap
|
page read and write
|
||
2C31D84F000
|
heap
|
page read and write
|
||
2C31D83B000
|
heap
|
page read and write
|
||
EFA387C000
|
stack
|
page read and write
|
||
2C31D871000
|
heap
|
page read and write
|
||
2C31D875000
|
heap
|
page read and write
|
||
2C31D730000
|
heap
|
page read and write
|
||
EFA3D7D000
|
stack
|
page read and write
|
||
2C31D829000
|
heap
|
page read and write
|
||
2C31D902000
|
heap
|
page read and write
|
||
EFA3E7D000
|
stack
|
page read and write
|
||
2C31D7E0000
|
trusted library allocation
|
page read and write
|
||
2C31D867000
|
heap
|
page read and write
|
||
2C31E202000
|
trusted library allocation
|
page read and write
|
||
2C31D790000
|
heap
|
page read and write
|
||
2C31D846000
|
heap
|
page read and write
|
||
2C31D8AD000
|
heap
|
page read and write
|
There are 17 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html#frame=challenge&id=0x37lmbbefh&host=meta-checkpoint-875010059.azurewebsites.net&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&theme=light&origin=https%3A%2F%2Fmeta-checkpoint-875010059.azurewebsites.net
|
||
https://meta-checkpoint-875010059.azurewebsites.net/captcha
|
||
https://newassets.hcaptcha.com/captcha/v1/5a6011a/static/hcaptcha.html#frame=checkbox&id=0x37lmbbefh&host=meta-checkpoint-875010059.azurewebsites.net&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&sitekey=2090dde0-1a4a-4119-ac94-68dbc4180559&theme=light&origin=https%3A%2F%2Fmeta-checkpoint-875010059.azurewebsites.net
|