Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,18324760747851478443,7253911549642704679,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udce7 Tax Statements-2-121_076_454656_3-4(4).hTm
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Desktop/%23Ud83d%23Udce7%20Tax%20Statements-2-121_076_454656_3-4(4).hTm
|
|||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=%0A6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN&co=aHR0cHM6Ly9mdWFkcmFzaGlkLmNvbTo0NDM.&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=normal&cb=eys0y7domytm
|
|||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=%0A6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN&co=aHR0cHM6Ly9mdWFkcmFzaGlkLmNvbTo0NDM.&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=normal&cb=eys0y7domytm
|
142.250.185.196
|
||
https://fuadrashid.com/su35/gtl/
|
192.185.113.229
|
||
https://fuadrashid.com/su35/gtl/9d3844dcadd00b46e3c10b77a0a825247573748608401705203573270e089c75a6b105a2f85776e2cdd4528476e3084017052035a93c9f185932557fd997ff3a4ba3e0e124e9a338084017052035b5c58094f8174d1bce72ba953e424e3130f4df0b084017052035/gUNkRyOTOnTErUDeoDOLI
|
192.185.113.229
|
||
https://www.google.com/recaptcha/api.js
|
142.250.185.196
|
||
https://fuadrashid.com/su35/gtl/9d3844dcadd00b46e3c10b77a0a825247573748608401705203573270e089c75a6b105a2f85776e2cdd4528476e3084017052035a93c9f185932557fd997ff3a4ba3e0e124e9a338084017052035b5c58094f8174d1bce72ba953e424e3130f4df0b084017052035/gUNkRyOTOnTErUDeoDOLI#lkohanski@alkegen.com
|
|||
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
142.250.185.77
|
||
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.185.142
|
||
https://fuadrashid.com/su35/gtl/9d3844dcadd00b46e3c10b77a0a825247573748608401705203573270e089c75a6b105a2f85776e2cdd4528476e3084017052035a93c9f185932557fd997ff3a4ba3e0e124e9a338084017052035b5c58094f8174d1bce72ba953e424e3130f4df0b084017052035/capt
|
192.185.113.229
|
||
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me
|
142.250.185.196
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN
|
142.250.185.196
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN
|
There are 3 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
accounts.google.com
|
142.250.185.77
|
||
www.google.com
|
142.250.185.196
|
||
clients.l.google.com
|
142.250.185.142
|
||
fuadrashid.com
|
192.185.113.229
|
||
clients2.google.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.185.77
|
accounts.google.com
|
United States
|
||
192.168.11.1
|
unknown
|
unknown
|
||
192.168.11.20
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.185.196
|
www.google.com
|
United States
|
||
142.250.185.142
|
clients.l.google.com
|
United States
|
||
192.185.113.229
|
fuadrashid.com
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3425316567-2969588382-3778222414-1001
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
module_blocklist_cache_md5_digest
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3425316567-2969588382-3778222414-1001
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
|
state
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
|
StatusCodes
|
||
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
|
state
|
There are 42 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
51EEFE000
|
stack
|
page read and write
|
||
170D3265000
|
heap
|
page read and write
|
||
42EA67F000
|
stack
|
page read and write
|
||
11E2ED80000
|
heap
|
page read and write
|
||
42EA1DB000
|
stack
|
page read and write
|
||
170D2F40000
|
heap
|
page read and write
|
||
11E2ECE0000
|
heap
|
page read and write
|
||
170D3090000
|
heap
|
page read and write
|
||
11E2EF50000
|
heap
|
page read and write
|
||
11E2F015000
|
heap
|
page read and write
|
||
170D3190000
|
heap
|
page read and write
|
||
42EA4FE000
|
stack
|
page read and write
|
||
11E2EDB6000
|
heap
|
page read and write
|
||
42EA47E000
|
stack
|
page read and write
|
||
11E2ED88000
|
heap
|
page read and write
|
||
51EAEA000
|
stack
|
page read and write
|
||
42EA5FF000
|
stack
|
page read and write
|
||
170D309B000
|
heap
|
page read and write
|
||
170D3270000
|
heap
|
page read and write
|
||
170D30BB000
|
heap
|
page read and write
|
||
170D3080000
|
unclassified section
|
page readonly
|
||
11E2F020000
|
heap
|
page read and write
|
||
42EA6FA000
|
stack
|
page read and write
|
||
170D3260000
|
heap
|
page read and write
|
||
11E2F010000
|
heap
|
page read and write
|
||
42EA57F000
|
stack
|
page read and write
|
There are 16 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
file:///C:/Users/user/Desktop/%23Ud83d%23Udce7%20Tax%20Statements-2-121_076_454656_3-4(4).hTm
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=%0A6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN&co=aHR0cHM6Ly9mdWFkcmFzaGlkLmNvbTo0NDM.&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=normal&cb=eys0y7domytm
|
||
https://fuadrashid.com/su35/gtl/9d3844dcadd00b46e3c10b77a0a825247573748608401705203573270e089c75a6b105a2f85776e2cdd4528476e3084017052035a93c9f185932557fd997ff3a4ba3e0e124e9a338084017052035b5c58094f8174d1bce72ba953e424e3130f4df0b084017052035/gUNkRyOTOnTErUDeoDOLI#lkohanski@alkegen.com
|
||
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6Lcf2-EhAAAAAAb4lCjGZLljSQMQ9lL7LxhkWGBN
|