IOC Report
https://sites.google.com/view/southeasternchestercountyrefus/home

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1844,i,10637429234006776294,9776587234221978637,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sites.google.com/view/southeasternchestercountyrefus/home

URLs

Name
IP
Malicious
https://sites.google.com/view/southeasternchestercountyrefus/home
malicious
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.180.174
https://lh6.googleusercontent.com/xBeHiJ-CSXhPY2tjWkIedmRNH737CR6-tuCPOrWoomysQnz4KXL_8S5U8c4UZkQ7Vxd5KbWTXG3S06MPGp2-PFw=w16383
142.250.180.161
https://sites.google.com/_/view/logImpressions?authuser=0
142.250.184.78
https://sites.google.com/view/southeasternchestercountyrefus/home
https://sites.google.com/view/southeasternchestercountyrefus/home
142.250.184.78
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.AMZ27oQJoUI.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g/cb=gapi.loaded_0?le=scs
142.250.184.110
https://apis.google.com/js/client.js?onload=gapiLoaded
142.250.184.110
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
216.58.209.45

Domains

Name
IP
Malicious
accounts.google.com
216.58.209.45
plus.l.google.com
142.250.184.110
sites.google.com
142.250.184.78
www.google.com
142.250.184.100
clients.l.google.com
142.250.180.174
googlehosted.l.googleusercontent.com
142.250.180.161
clients2.google.com
unknown
lh6.googleusercontent.com
unknown
apis.google.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.184.78
sites.google.com
United States
192.168.2.1
unknown
unknown
142.250.184.110
plus.l.google.com
United States
216.58.209.45
accounts.google.com
United States
142.250.180.161
googlehosted.l.googleusercontent.com
United States
239.255.255.250
unknown
Reserved
142.250.184.100
www.google.com
United States
142.250.180.174
clients.l.google.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 42 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
201A0502000
heap
page read and write
201A1DE0000
remote allocation
page read and write
22D7E2CD000
heap
page read and write
AC61A7C000
stack
page read and write
2A3C53B0000
trusted library allocation
page read and write
22D7E23E000
heap
page read and write
16D3E213000
heap
page read and write
AC61D7F000
stack
page read and write
2A3C5E13000
heap
page read and write
2A3C5D22000
heap
page read and write
640B17B000
stack
page read and write
69CEB7F000
stack
page read and write
236A1040000
heap
page read and write
16D3E202000
heap
page read and write
3FDEBFE000
stack
page read and write
201A0459000
heap
page read and write
99AD67F000
stack
page read and write
201A0250000
heap
page read and write
AC61C7D000
stack
page read and write
201A1DE0000
remote allocation
page read and write
22D7E302000
heap
page read and write
69CE97F000
stack
page read and write
171B5C3D000
heap
page read and write
2A3C5D00000
heap
page read and write
171B5C7F000
heap
page read and write
2A3C5466000
heap
page read and write
236A1257000
heap
page read and write
69CE87E000
stack
page read and write
2217CD13000
heap
page read and write
2217CAD0000
heap
page read and write
201A02B0000
heap
page read and write
2217CC62000
heap
page read and write
2217CC76000
heap
page read and write
2217CBD0000
trusted library allocation
page read and write
171B5C65000
heap
page read and write
2217CC69000
heap
page read and write
201A0400000
heap
page read and write
AC61E7E000
stack
page read and write
236A0FE0000
heap
page read and write
2217CC29000
heap
page read and write
201A0464000
heap
page read and write
22D7E26E000
heap
page read and write
AC61F7F000
stack
page read and write
16D3E302000
heap
page read and write
3FDED7F000
stack
page read and write
22D7E313000
heap
page read and write
236A126D000
heap
page read and write
201A0513000
heap
page read and write
171B5C7B000
heap
page read and write
2A3C5444000
heap
page read and write
1E0B3802000
heap
page read and write
640A8DB000
stack
page read and write
2F133CC000
stack
page read and write
171B5C60000
heap
page read and write
2A3C5486000
heap
page read and write
171B5C41000
heap
page read and write
1E0B3844000
heap
page read and write
E06C37F000
stack
page read and write
171B5C44000
heap
page read and write
201A03D0000
trusted library allocation
page read and write
E06BEFF000
stack
page read and write
171B5C62000
heap
page read and write
201A0458000
heap
page read and write
E06C27E000
stack
page read and write
171B5C61000
heap
page read and write
2A3C5C02000
heap
page read and write
99AD77E000
stack
page read and write
2A3C5459000
heap
page read and write
2A3C5493000
heap
page read and write
E06BFFC000
stack
page read and write
640B57F000
stack
page read and write
1E0B3837000
heap
page read and write
16D3E100000
heap
page read and write
AC6217E000
stack
page read and write
AC6197E000
stack
page read and write
236A1302000
heap
page read and write
2A3C5449000
heap
page read and write
2217CC68000
heap
page read and write
16D3E25F000
heap
page read and write
640AFFC000
stack
page read and write
2F1397E000
stack
page read and write
201A0448000
heap
page read and write
F8A437E000
stack
page read and write
201A1DA0000
trusted library allocation
page read and write
171B5C31000
heap
page read and write
171B5C49000
heap
page read and write
2A3C55E5000
heap
page read and write
3FDECFD000
stack
page read and write
AC6207F000
stack
page read and write
236A1200000
heap
page read and write
22D7E2C3000
heap
page read and write
640AF7F000
stack
page read and write
201A03B0000
trusted library allocation
page read and write
22D7EA02000
heap
page read and write
2217CC52000
heap
page read and write
171B5C68000
heap
page read and write
2217D402000
trusted library allocation
page read and write
171B5C42000
heap
page read and write
16D3E241000
heap
page read and write
16D3E236000
heap
page read and write
2A3C5290000
heap
page read and write
201A0240000
heap
page read and write
16D3E1D0000
remote allocation
page read and write
2A3C543D000
heap
page read and write
2F1387E000
stack
page read and write
171B5D02000
heap
page read and write
3FDEE7D000
stack
page read and write
F8A3ACB000
stack
page read and write
1E0B3829000
heap
page read and write
2A3C5492000
heap
page read and write
171B6402000
trusted library allocation
page read and write
E06C17A000
stack
page read and write
F8A3FFB000
stack
page read and write
171B5C84000
heap
page read and write
201A0500000
heap
page read and write
3FDEF7D000
stack
page read and write
2A3C5460000
heap
page read and write
2217CA70000
heap
page read and write
171B5C4F000
heap
page read and write
171B5C4B000
heap
page read and write
236A1202000
heap
page read and write
2A3C5DAF000
heap
page read and write
22D7E2BC000
heap
page read and write
2A3C5D43000
heap
page read and write
1E0B3800000
heap
page read and write
171B5C63000
heap
page read and write
16D3E1A0000
trusted library allocation
page read and write
201A2000000
trusted library allocation
page read and write
22D7EB00000
heap
page read and write
2217CC00000
heap
page read and write
2A3C5230000
heap
page read and write
171B5C40000
heap
page read and write
171B5C75000
heap
page read and write
640B0FC000
stack
page read and write
2F1367E000
stack
page read and write
171B5C46000
heap
page read and write
69CE67C000
stack
page read and write
640ACFC000
stack
page read and write
2A3C5E00000
heap
page read and write
E06C47A000
stack
page read and write
22D7E213000
heap
page read and write
171B5C73000
heap
page read and write
99ADA7F000
stack
page read and write
69CEA79000
stack
page read and write
1E0B3813000
heap
page read and write
22D7E268000
heap
page read and write
171B5C78000
heap
page read and write
1E0B3849000
heap
page read and write
2A3C546F000
heap
page read and write
171B5C2E000
heap
page read and write
1E0B36F0000
heap
page read and write
171B5B90000
trusted library allocation
page read and write
236A17A0000
trusted library allocation
page read and write
99AD87C000
stack
page read and write
201A1E02000
trusted library allocation
page read and write
2A3C5E23000
heap
page read and write
3FDE5AB000
stack
page read and write
640AE7F000
stack
page read and write
201A0456000
heap
page read and write
171B5A30000
heap
page read and write
3FDEAFE000
stack
page read and write
2A3C5D6D000
heap
page read and write
1E0B3902000
heap
page read and write
2A3C5400000
heap
page read and write
171B5C2D000
heap
page read and write
2F13B7F000
stack
page read and write
171B5A20000
heap
page read and write
2A3C5D02000
heap
page read and write
171B5A90000
heap
page read and write
E06B96B000
stack
page read and write
2217CC02000
heap
page read and write
1E0B36E0000
heap
page read and write
22D7E0F0000
heap
page read and write
171B5C7E000
heap
page read and write
171B5C3A000
heap
page read and write
171B5C47000
heap
page read and write
2217CC72000
heap
page read and write
171B5C6E000
heap
page read and write
640B37E000
stack
page read and write
2217CC13000
heap
page read and write
201A0442000
heap
page read and write
171B5C7A000
heap
page read and write
16D3E1D0000
remote allocation
page read and write
E06BD7F000
stack
page read and write
22D7E22A000
heap
page read and write
201A1DE0000
remote allocation
page read and write
171B5C13000
heap
page read and write
2A3C5D90000
heap
page read and write
236A1802000
trusted library allocation
page read and write
99ADB7C000
stack
page read and write
1E0B4002000
trusted library allocation
page read and write
2217CC78000
heap
page read and write
1E0B382E000
heap
page read and write
2A3C5220000
heap
page read and write
640B27F000
stack
page read and write
2A3C5390000
trusted library allocation
page read and write
99ACF9C000
stack
page read and write
201A0402000
heap
page read and write
171B5C5E000
heap
page read and write
171B5C45000
heap
page read and write
236A1228000
heap
page read and write
2F13A7E000
stack
page read and write
171B5C30000
heap
page read and write
AC617FB000
stack
page read and write
1E0B3852000
heap
page read and write
16D3E229000
heap
page read and write
1E0B3841000
heap
page read and write
236A1213000
heap
page read and write
22D7E28A000
heap
page read and write
201A0449000
heap
page read and write
16D3E170000
heap
page read and write
F8A40FE000
stack
page read and write
3FDEA7F000
stack
page read and write
171B5C76000
heap
page read and write
201A048A000
heap
page read and write
2A3C5413000
heap
page read and write
2A3C5E27000
heap
page read and write
22D7EB32000
heap
page read and write
236A0FD0000
heap
page read and write
201A0459000
heap
page read and write
171B5C5E000
heap
page read and write
F8A41FE000
stack
page read and write
236A1313000
heap
page read and write
2F136FE000
stack
page read and write
2A3C558E000
heap
page read and write
2217CA60000
heap
page read and write
236A123C000
heap
page read and write
22D7E100000
heap
page read and write
2A3C5E02000
heap
page read and write
E06C079000
stack
page read and write
99AD57F000
stack
page read and write
AC61B7F000
stack
page read and write
AC613EB000
stack
page read and write
16D3E110000
heap
page read and write
2217CD02000
heap
page read and write
201A0518000
heap
page read and write
3FDE97E000
stack
page read and write
171B5C00000
heap
page read and write
2217CC41000
heap
page read and write
171B5C39000
heap
page read and write
201A0413000
heap
page read and write
2A3C5DBC000
heap
page read and write
2A3C5429000
heap
page read and write
236A1300000
heap
page read and write
AC6167D000
stack
page read and write
640B47C000
stack
page read and write
2A3C55B9000
heap
page read and write
201A0449000
heap
page read and write
171B5C7C000
heap
page read and write
22D7E160000
heap
page read and write
16D3E1D0000
remote allocation
page read and write
2A3C5E30000
heap
page read and write
236A1279000
heap
page read and write
16D3EA02000
trusted library allocation
page read and write
2A3C5456000
heap
page read and write
2A3C5DC6000
heap
page read and write
2A3C548C000
heap
page read and write
2A3C5513000
heap
page read and write
171B5C48000
heap
page read and write
201A042A000
heap
page read and write
171B5C64000
heap
page read and write
1E0B3740000
heap
page read and write
22D7E190000
trusted library allocation
page read and write
171B5C4E000
heap
page read and write
E06BCFE000
stack
page read and write
1E0B3770000
trusted library allocation
page read and write
2A3C5D22000
heap
page read and write
171B5C70000
heap
page read and write
2A3C5D54000
heap
page read and write
16D3E200000
heap
page read and write
1E0B383C000
heap
page read and write
99AD97C000
stack
page read and write
171B5C74000
heap
page read and write
171B5C6A000
heap
page read and write
2A3C542F000
heap
page read and write
22D7E200000
heap
page read and write
22D7E2E2000
heap
page read and write
171B5C31000
heap
page read and write
171B5C29000
heap
page read and write
There are 269 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://sites.google.com/view/southeasternchestercountyrefus/home