IOC Report
https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1708,i,1738826521745381383,15185311736595585432,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1

URLs

Name
IP
Malicious
https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1
https://www.iana.org/_img/2022/fonts/SourceCodePro-Regular.woff
192.0.46.8
https://www.iana.org/_img/2022/fonts/NotoSans-Italic.woff
192.0.46.8
https://cse.google.com/cse.js?cx=010470622406686203020:boq_dnseony
142.250.180.174
https://www.iana.org/_img/2022/iana-logo-header.svg
192.0.46.8
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
216.58.209.45
http://www.iana.org/domains/reserved
192.0.46.8
https://www.iana.org/_img/bookmark_icon.ico
192.0.46.8
https://www.iana.org/_css/2022/iana_website.css
192.0.46.8
http://www.iana.org/_img/bookmark_icon.ico
192.0.46.8
http://www.iana.org/
192.0.46.8
http://www.iana.org/domains
192.0.46.8
http://www.iana.org/
http://www.iana.org/_img/2013.1/rir-map.svg
192.0.46.8
https://www.iana.org/_img/2022/fonts/NotoSans-Bold.woff
192.0.46.8
https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1
34.214.99.116
http://www.iana.org/domains/reserved
https://example.com/
https://href.li/?https://example.com
192.0.78.26
https://www.iana.org/_js/iana.js
192.0.46.8
http://www.iana.org/protocols
192.0.46.8
https://www.iana.org/_img/2022/fonts/NotoSans-Regular.woff
192.0.46.8
https://example.com/favicon.ico
93.184.216.34
https://www.iana.org/_img/2013.1/rir-map.svg
192.0.46.8
http://www.iana.org/protocols
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.180.174
https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3D010470622406686203020:boq_dnseony&q=EgRUETQNGOORip8GIjCfzYmwLuKcy4lAIwbs2Qk2pKJdI6TLau-PLMIWh6D5iMBjkYX4NLuYSVAPF0L8ud0yAXI
142.250.184.100
http://www.iana.org/numbers
http://www.iana.org/_img/2022/iana-logo-header.svg
192.0.46.8
https://www.iana.org/domains/example
192.0.46.8
https://www.iana.org/_img/2015.1/iana-logo-homepage.svg
192.0.46.8
http://www.iana.org/numbers
192.0.46.8
https://www.iana.org/_js/jquery.js
192.0.46.8
https://example.com/
93.184.216.34
http://www.iana.org/domains
There are 24 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.arin.net
199.43.0.47
www.nro.net
193.0.19.65
accounts.google.com
216.58.209.45
www.afrinic.net
196.216.2.6
ianawww.vip.icann.org
192.0.46.8
href.li
192.0.78.26
www.vip.icann.org
192.0.47.7
www.lacnic.net
200.3.14.184
server.1ksat.com
34.214.99.116
cse.google.com
142.250.180.174
www.google.com
142.250.184.100
clients.l.google.com
142.250.180.174
example.com
93.184.216.34
www.apnic.net
unknown
www.ietf.org
unknown
clients2.google.com
unknown
www.iana.org
unknown
pti.icann.org
unknown
www.ripe.net
unknown
www.icann.org
unknown
There are 10 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.0.46.8
ianawww.vip.icann.org
United States
192.168.2.1
unknown
unknown
93.184.216.34
example.com
European Union
216.58.209.45
accounts.google.com
United States
192.168.2.4
unknown
unknown
192.168.2.5
unknown
unknown
192.0.78.26
href.li
United States
239.255.255.250
unknown
Reserved
34.214.99.116
server.1ksat.com
United States
142.250.184.100
www.google.com
United States
142.250.180.174
cse.google.com
United States
127.0.0.1
unknown
unknown
There are 2 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 42 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1FE052A0000
heap
page read and write
18E3FFBF000
heap
page read and write
2203D232000
heap
page read and write
3CE64F9000
stack
page read and write
1FE0548A000
heap
page read and write
18D11DA0000
trusted library allocation
page read and write
1FE05429000
heap
page read and write
18D11600000
heap
page read and write
36B8CFE000
stack
page read and write
18E3F458000
heap
page read and write
18E3F58C000
heap
page read and write
208E6060000
heap
page read and write
2203D213000
heap
page read and write
3CE63FF000
stack
page read and write
2203D26D000
heap
page read and write
18D11649000
heap
page read and write
2203D26B000
heap
page read and write
1F22EFC000
stack
page read and write
18E3F400000
heap
page read and write
36B90FA000
stack
page read and write
26ECA029000
heap
page read and write
26ECA102000
heap
page read and write
8E1787D000
stack
page read and write
2203D24E000
heap
page read and write
18D11E02000
trusted library allocation
page read and write
36B94FB000
stack
page read and write
18E3FFC7000
heap
page read and write
36B8FF9000
stack
page read and write
1FE05400000
heap
page read and write
2203DA02000
trusted library allocation
page read and write
18E3F463000
heap
page read and write
26ECA013000
heap
page read and write
18E3F5B9000
heap
page read and write
E77A3AB000
stack
page read and write
8E174FE000
stack
page read and write
2203D260000
heap
page read and write
26ECA03D000
heap
page read and write
CB5BB9E000
stack
page read and write
18E3F413000
heap
page read and write
18E3FF00000
heap
page read and write
8E173FE000
stack
page read and write
1FE052B0000
heap
page read and write
3CE66FF000
stack
page read and write
26ECAA02000
trusted library allocation
page read and write
2203D25C000
heap
page read and write
18D11613000
heap
page read and write
2203D269000
heap
page read and write
CB5C07E000
stack
page read and write
18E3F491000
heap
page read and write
208E6070000
heap
page read and write
2203D200000
heap
page read and write
18E40002000
heap
page read and write
CB5BF7E000
stack
page read and write
18E40027000
heap
page read and write
3CE65FE000
stack
page read and write
18E3F320000
heap
page read and write
18E3F3D0000
trusted library allocation
page read and write
2203D27A000
heap
page read and write
1F2367C000
stack
page read and write
2203D229000
heap
page read and write
26ECA000000
heap
page read and write
18D1162A000
heap
page read and write
1FE05D00000
heap
page read and write
2203CFD0000
heap
page read and write
E77ACFE000
stack
page read and write
18D1162E000
heap
page read and write
208E6275000
heap
page read and write
E77AAFF000
stack
page read and write
CB5BB1E000
stack
page read and write
E77ADFF000
stack
page read and write
2203D030000
heap
page read and write
1FE05413000
heap
page read and write
18E3F310000
heap
page read and write
18E3F513000
heap
page read and write
26ECA05C000
heap
page read and write
2203D242000
heap
page read and write
208E6229000
heap
page read and write
208E6213000
heap
page read and write
2203D23D000
heap
page read and write
1FE05310000
heap
page read and write
208E625B000
heap
page read and write
18E3F48B000
heap
page read and write
2203D248000
heap
page read and write
18E3FF02000
heap
page read and write
E77AEFF000
stack
page read and write
8E1767E000
stack
page read and write
2203D130000
trusted library allocation
page read and write
18E40030000
heap
page read and write
2203D23B000
heap
page read and write
2203D27E000
heap
page read and write
CB5BA9B000
stack
page read and write
18E3F5E5000
heap
page read and write
2203D262000
heap
page read and write
18E3F429000
heap
page read and write
18E3FF22000
heap
page read and write
2203D27B000
heap
page read and write
18D1163A000
heap
page read and write
CB5C17E000
stack
page read and write
8E175FD000
stack
page read and write
208E6A02000
trusted library allocation
page read and write
36B8D7F000
stack
page read and write
18D1164B000
heap
page read and write
1FE054CC000
heap
page read and write
208E6200000
heap
page read and write
1F2377F000
stack
page read and write
18E3F453000
heap
page read and write
2203D257000
heap
page read and write
18D114B0000
heap
page read and write
E77ABFD000
stack
page read and write
18E3FF90000
heap
page read and write
208E6258000
heap
page read and write
18D11602000
heap
page read and write
1FE05BB0000
trusted library allocation
page read and write
1F2307F000
stack
page read and write
208E6202000
heap
page read and write
208E6226000
heap
page read and write
18D11654000
heap
page read and write
2203D302000
heap
page read and write
26EC9FA0000
remote allocation
page read and write
1F2337B000
stack
page read and write
1F2357F000
stack
page read and write
208E60D0000
heap
page read and write
1FE05C02000
heap
page read and write
18E3FF43000
heap
page read and write
36B92FF000
stack
page read and write
1F231FC000
stack
page read and write
36B894B000
stack
page read and write
18D11646000
heap
page read and write
18E3F443000
heap
page read and write
18E3F466000
heap
page read and write
26EC9F40000
heap
page read and write
18E3F493000
heap
page read and write
1FE05D12000
heap
page read and write
18D11500000
heap
page read and write
18D11702000
heap
page read and write
2203D264000
heap
page read and write
2203D277000
heap
page read and write
18E3F46B000
heap
page read and write
8E16E9C000
stack
page read and write
18E3FF22000
heap
page read and write
36B91FE000
stack
page read and write
36B8E7E000
stack
page read and write
2203D258000
heap
page read and write
1FE054BB000
heap
page read and write
18E3F43D000
heap
page read and write
208E61D0000
trusted library allocation
page read and write
2203D240000
heap
page read and write
208E623D000
heap
page read and write
36B8F7B000
stack
page read and write
26EC9EE0000
heap
page read and write
26EC9FA0000
remote allocation
page read and write
18E3FE02000
heap
page read and write
E77B0FF000
stack
page read and write
1FE0543D000
heap
page read and write
36B93FB000
stack
page read and write
1F22ABB000
stack
page read and write
18E3F380000
heap
page read and write
1F2317E000
stack
page read and write
1FE054BD000
heap
page read and write
2203D266000
heap
page read and write
18E3F3B0000
trusted library allocation
page read and write
2203D284000
heap
page read and write
18E3FFAF000
heap
page read and write
18E40023000
heap
page read and write
1FE05502000
heap
page read and write
2203D256000
heap
page read and write
E77A9FC000
stack
page read and write
26EC9F70000
trusted library allocation
page read and write
1FE05D3A000
heap
page read and write
1FE054E2000
heap
page read and write
18E3F46E000
heap
page read and write
1F232FE000
stack
page read and write
E77AFFF000
stack
page read and write
8E1777D000
stack
page read and write
1F2347C000
stack
page read and write
26ECA054000
heap
page read and write
18E3F48D000
heap
page read and write
18E40000000
heap
page read and write
18E40013000
heap
page read and write
18E3FF71000
heap
page read and write
208E6277000
heap
page read and write
18D114A0000
heap
page read and write
1FE054CA000
heap
page read and write
26EC9ED0000
heap
page read and write
E77A8FD000
stack
page read and write
26ECA002000
heap
page read and write
1FE05513000
heap
page read and write
1FE0546E000
heap
page read and write
208E6302000
heap
page read and write
18E3F42F000
heap
page read and write
2203D25A000
heap
page read and write
2203CFC0000
heap
page read and write
CB5C27E000
stack
page read and write
18D1163D000
heap
page read and write
8E1737E000
stack
page read and write
208E6313000
heap
page read and write
8E178FF000
stack
page read and write
3CE5F8B000
stack
page read and write
E77A7FA000
stack
page read and write
26EC9FA0000
remote allocation
page read and write
18E3FF54000
heap
page read and write
2203D25D000
heap
page read and write
There are 192 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://example.com/
http://www.iana.org/domains/reserved
http://www.iana.org/
http://www.iana.org/domains
http://www.iana.org/protocols
http://www.iana.org/numbers