IOC Report
https://dfsfsfsd.s3.us-east-005.backblazeb2.com/index+(44).html

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 120
ASCII text, with very long lines (19015)
downloaded
Chrome Cache Entry: 121
HTML document, ASCII text, with very long lines (49885), with CRLF line terminators
downloaded
Chrome Cache Entry: 122
ASCII text, with very long lines (32012)
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (50758)
downloaded
Chrome Cache Entry: 124
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (48664)
downloaded
Chrome Cache Entry: 126
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 127
ASCII text, with very long lines (65325)
downloaded
Chrome Cache Entry: 128
ASCII text
downloaded

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1644,i,2101607640442121641,12480239808714859300,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dfsfsfsd.s3.us-east-005.backblazeb2.com/index+(44).html

URLs

Name
IP
Malicious
https://dfsfsfsd.s3.us-east-005.backblazeb2.com/index+(44).html
malicious
https://dfsfsfsd.s3.us-east-005.backblazeb2.com/index+(44).html
149.137.137.254
 malicious
https://dfsfsfsd.s3.us-east-005.backblazeb2.com/index+(44).html
malicious
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.25.14
https://getbootstrap.com)
unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.203.109
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.203.110
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
104.18.10.207
https://nwschool.ac.th/qazxcc/index.php
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.11.207
https://dfsfsfsd.s3.us-east-005.backblazeb2.com/favicon.ico
149.137.137.254
http://opensource.org/licenses/MIT).
unknown
https://getbootstrap.com/)
unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
104.18.11.207
There are 6 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
stackpath.bootstrapcdn.com
104.18.10.207
accounts.google.com
142.250.203.109
cdnjs.cloudflare.com
104.17.25.14
dfsfsfsd.s3.us-east-005.backblazeb2.com
149.137.137.254
maxcdn.bootstrapcdn.com
104.18.11.207
c-0001.c-msedge.net
13.107.4.50
www.google.com
142.250.203.100
clients.l.google.com
142.250.203.110
clients2.google.com
unknown
code.jquery.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
104.18.10.207
stackpath.bootstrapcdn.com
United States
142.250.203.100
www.google.com
United States
142.250.203.110
clients.l.google.com
United States
149.137.137.254
dfsfsfsd.s3.us-east-005.backblazeb2.com
United States
104.18.11.207
maxcdn.bootstrapcdn.com
United States
239.255.255.250
unknown
Reserved
104.17.25.14
cdnjs.cloudflare.com
United States
127.0.0.1
unknown
unknown
142.250.203.109
accounts.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 42 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2536DAB0000
heap
page read and write
2536DC5B000
heap
page read and write
21D2ADB0000
heap
page read and write
1B4028C3000
heap
page read and write
2536E613000
heap
page read and write
26079E60000
heap
page read and write
26079E3A000
heap
page read and write
A6183F9000
stack
page read and write
2875866C000
heap
page read and write
AABCF9000
stack
page read and write
2536DBD0000
trusted library allocation
page read and write
9469BCB000
stack
page read and write
2536E5BF000
heap
page read and write
C76107F000
stack
page read and write
21E5CD02000
heap
page read and write
F5235FF000
stack
page read and write
D6EF98B000
stack
page read and write
21E5CC00000
heap
page read and write
21D2CA02000
trusted library allocation
page read and write
D62707E000
stack
page read and write
26079E58000
heap
page read and write
21D2AE49000
heap
page read and write
26079E13000
heap
page read and write
26079E32000
heap
page read and write
D626E7E000
stack
page read and write
D626D7D000
stack
page read and write
A6187FF000
stack
page read and write
21D2AE3D000
heap
page read and write
11C9F252000
heap
page read and write
28758713000
heap
page read and write
21E5CAF0000
heap
page read and write
27414C60000
heap
page read and write
82284CC000
stack
page read and write
D626F7F000
stack
page read and write
1B402840000
heap
page read and write
27414E63000
heap
page read and write
946A67E000
stack
page read and write
C7615FD000
stack
page read and write
21E5CC41000
heap
page read and write
28758702000
heap
page read and write
11C9F23C000
heap
page read and write
AAB6DC000
stack
page read and write
2875866B000
heap
page read and write
F5233FC000
stack
page read and write
21D2AE5A000
heap
page read and write
2536DC77000
heap
page read and write
F5231FF000
stack
page read and write
21D2ADE0000
trusted library allocation
page read and write
26079E3B000
heap
page read and write
2875866B000
heap
page read and write
27414E00000
heap
page read and write
26079E78000
heap
page read and write
2536E600000
heap
page read and write
822854E000
stack
page read and write
1B402710000
heap
page read and write
21E5CC34000
heap
page read and write
26079E40000
heap
page read and write
21E5CBC0000
remote allocation
page read and write
21E5CC02000
heap
page read and write
2536E54B000
heap
page read and write
21D2AE72000
heap
page read and write
26079E7F000
heap
page read and write
21D2AE5A000
heap
page read and write
C760B8B000
stack
page read and write
2607A602000
trusted library allocation
page read and write
2536E5CD000
heap
page read and write
2536E52A000
heap
page read and write
26079E85000
heap
page read and write
21E5CC29000
heap
page read and write
A6186FE000
stack
page read and write
26079E4E000
heap
page read and write
27414E5C000
heap
page read and write
2536E50A000
heap
page read and write
26079E6C000
heap
page read and write
C7612FD000
stack
page read and write
D6268FB000
stack
page read and write
26079C70000
heap
page read and write
2536E623000
heap
page read and write
2536E630000
heap
page read and write
21D2AE58000
heap
page read and write
1B402867000
heap
page read and write
2536DCB8000
heap
page read and write
21D2AF18000
heap
page read and write
27414F13000
heap
page read and write
21D2C8A0000
trusted library allocation
page read and write
D6F00FB000
stack
page read and write
11C9F140000
heap
page read and write
28758420000
heap
page read and write
26079E57000
heap
page read and write
2536DBB0000
trusted library allocation
page read and write
2536DC29000
heap
page read and write
28758700000
heap
page read and write
2536DC90000
heap
page read and write
11C9F130000
heap
page read and write
1B4027B0000
trusted library allocation
page read and write
D6EFEFB000
stack
page read and write
1B4028E3000
heap
page read and write
8228A7E000
stack
page read and write
8228C7E000
stack
page read and write
26079E61000
heap
page read and write
21E5CBC0000
remote allocation
page read and write
21D2C870000
trusted library allocation
page read and write
21E5D402000
trusted library allocation
page read and write
28758C02000
trusted library allocation
page read and write
2536E5B3000
heap
page read and write
946A2FE000
stack
page read and write
D626B7B000
stack
page read and write
D62648C000
stack
page read and write
2536DC13000
heap
page read and write
21D2AD50000
heap
page read and write
2536DDB9000
heap
page read and write
1B402885000
heap
page read and write
21D2AE8B000
heap
page read and write
21E5CB60000
heap
page read and write
21D2C960000
remote allocation
page read and write
946A1FC000
stack
page read and write
11C9FA02000
trusted library allocation
page read and write
8228B7F000
stack
page read and write
D6EFFFB000
stack
page read and write
1B4028CC000
heap
page read and write
28758613000
heap
page read and write
A61837B000
stack
page read and write
F5230FF000
stack
page read and write
28758602000
heap
page read and write
1B4028BB000
heap
page read and write
26079E44000
heap
page read and write
AABDFE000
stack
page read and write
26079E6A000
heap
page read and write
2536DC3C000
heap
page read and write
F522FFE000
stack
page read and write
2875863C000
heap
page read and write
A6184FF000
stack
page read and write
11C9F246000
heap
page read and write
28758658000
heap
page read and write
2536DC97000
heap
page read and write
2536DD8E000
heap
page read and write
946A47B000
stack
page read and write
946A3FC000
stack
page read and write
2536E594000
heap
page read and write
2536DC2C000
heap
page read and write
2536DC00000
heap
page read and write
946A57D000
stack
page read and write
11C9F202000
heap
page read and write
11C9F22A000
heap
page read and write
21D2C960000
remote allocation
page read and write
F5232FD000
stack
page read and write
21E5CB00000
heap
page read and write
2536DDE5000
heap
page read and write
287583B0000
heap
page read and write
21E5CC13000
heap
page read and write
F522C7C000
stack
page read and write
2536DC84000
heap
page read and write
2536E627000
heap
page read and write
A61827E000
stack
page read and write
A6180FA000
stack
page read and write
2875867D000
heap
page read and write
1B402823000
heap
page read and write
2536E571000
heap
page read and write
26079E5A000
heap
page read and write
21D2C8E0000
trusted library allocation
page read and write
2536DA40000
heap
page read and write
1B402889000
heap
page read and write
11C9F1C0000
trusted library allocation
page read and write
1B402813000
heap
page read and write
26079C00000
heap
page read and write
26079E46000
heap
page read and write
2536DC8B000
heap
page read and write
A61877F000
stack
page read and write
AABBFE000
stack
page read and write
11C9F230000
heap
page read and write
26079E7B000
heap
page read and write
11C9F226000
heap
page read and write
27414E29000
heap
page read and write
1B402902000
heap
page read and write
2875866B000
heap
page read and write
A617CCB000
stack
page read and write
11C9F213000
heap
page read and write
1B402720000
heap
page read and write
21E5CC4D000
heap
page read and write
27414F02000
heap
page read and write
1B402780000
heap
page read and write
27414C70000
heap
page read and write
26079E6E000
heap
page read and write
28758600000
heap
page read and write
27414E02000
heap
page read and write
27414E74000
heap
page read and write
21E5CC56000
heap
page read and write
1B40286E000
heap
page read and write
822897E000
stack
page read and write
26079E3D000
heap
page read and write
21D2AF02000
heap
page read and write
11C9F224000
heap
page read and write
11C9F302000
heap
page read and write
26079E59000
heap
page read and write
1B402800000
heap
page read and write
1B403100000
heap
page read and write
2875866A000
heap
page read and write
21D2AE59000
heap
page read and write
287585F0000
trusted library allocation
page read and write
2875866B000
heap
page read and write
11C9F190000
heap
page read and write
21E5CBC0000
remote allocation
page read and write
26079E00000
heap
page read and write
26079E41000
heap
page read and write
2536E55C000
heap
page read and write
11C9F238000
heap
page read and write
C7614FF000
stack
page read and write
11C9F200000
heap
page read and write
26079E62000
heap
page read and write
21D2AF00000
heap
page read and write
2536DC8D000
heap
page read and write
21D2AE4A000
heap
page read and write
21D2AE2A000
heap
page read and write
2536DC43000
heap
page read and write
C7610FE000
stack
page read and write
26079E29000
heap
page read and write
D62727F000
stack
page read and write
21D2AE02000
heap
page read and write
946A87F000
stack
page read and write
27415602000
trusted library allocation
page read and write
21D2AD40000
heap
page read and write
27414E40000
heap
page read and write
26079E47000
heap
page read and write
946A77E000
stack
page read and write
D6F01FE000
stack
page read and write
26079F02000
heap
page read and write
27414E71000
heap
page read and write
27414DD0000
trusted library allocation
page read and write
21D2AF13000
heap
page read and write
26079E42000
heap
page read and write
D62717F000
stack
page read and write
2536DC21000
heap
page read and write
9469F7E000
stack
page read and write
2536DA50000
heap
page read and write
1B402829000
heap
page read and write
26079E5F000
heap
page read and write
21E5CB90000
trusted library allocation
page read and write
C76147D000
stack
page read and write
2536DD13000
heap
page read and write
21D2AE00000
heap
page read and write
D626C7E000
stack
page read and write
26079E64000
heap
page read and write
2536E402000
heap
page read and write
287583C0000
heap
page read and write
21D2AE13000
heap
page read and write
1B403002000
heap
page read and write
1B402913000
heap
page read and write
28758628000
heap
page read and write
2875866B000
heap
page read and write
27414E13000
heap
page read and write
D626A7F000
stack
page read and write
2536E602000
heap
page read and write
21D2AE65000
heap
page read and write
F5236FC000
stack
page read and write
C76137F000
stack
page read and write
26079E45000
heap
page read and write
2536E500000
heap
page read and write
2536E52A000
heap
page read and write
27414CD0000
heap
page read and write
26079E7C000
heap
page read and write
26079E68000
heap
page read and write
21D2AE4A000
heap
page read and write
82285CE000
stack
page read and write
26079E65000
heap
page read and write
9469FFC000
stack
page read and write
26079D70000
trusted library allocation
page read and write
26079E63000
heap
page read and write
2536DC97000
heap
page read and write
26079C10000
heap
page read and write
26079E5C000
heap
page read and write
21D2C960000
remote allocation
page read and write
F5234FF000
stack
page read and write
A6185FA000
stack
page read and write
2536DC43000
heap
page read and write
C7611FE000
stack
page read and write
26079E31000
heap
page read and write
There are 266 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://dfsfsfsd.s3.us-east-005.backblazeb2.com/index+(44).html
 malicious