Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Agreements Pages YHGBWHS98322324.html

HTML document, ASCII text, with CRLF line terminators

initial sample

Chrome Cache Entry: 267

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 268

ASCII text, with very long lines (6190), with no line terminators

downloaded

Chrome Cache Entry: 269

Unicode text, UTF-8 text, with very long lines (65532), with no line terminators

downloaded

Chrome Cache Entry: 270

ASCII text, with very long lines (8798), with no line terminators

downloaded

Chrome Cache Entry: 271

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 272

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 273

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 274

ASCII text, with very long lines (17003), with no line terminators

downloaded

Chrome Cache Entry: 275

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 276

GIF image data, version 89a, 512 x 109

downloaded

Chrome Cache Entry: 277

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 278

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 279

JSON data

downloaded

Chrome Cache Entry: 280

RIFF (little-endian) data, Web/P image

downloaded

Chrome Cache Entry: 281

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 282

JSON data

downloaded

Chrome Cache Entry: 283

ASCII text, with very long lines (521)

downloaded

Chrome Cache Entry: 284

PNG image data, 509 x 509, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 285

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 286

MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

downloaded

Chrome Cache Entry: 287

PNG image data, 85 x 52, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 288

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 289

ASCII text, with very long lines (2968)

downloaded

Chrome Cache Entry: 290

ASCII text, with very long lines (606)

downloaded

Chrome Cache Entry: 291

MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

downloaded

Chrome Cache Entry: 292

ASCII text, with very long lines (13063), with no line terminators

downloaded

Chrome Cache Entry: 293

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 294

ASCII text, with very long lines (900), with no line terminators

downloaded

Chrome Cache Entry: 295

RIFF (little-endian) data, Web/P image

downloaded

Chrome Cache Entry: 296

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 297

ASCII text, with very long lines (1375), with no line terminators

downloaded

Chrome Cache Entry: 298

ASCII text, with very long lines (2783), with no line terminators

downloaded

Chrome Cache Entry: 299

JSON data

downloaded

Chrome Cache Entry: 300

PNG image data, 85 x 52, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 301

ASCII text, with very long lines (14295), with no line terminators

downloaded

Chrome Cache Entry: 302

JSON data

downloaded

Chrome Cache Entry: 303

MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

dropped

Chrome Cache Entry: 304

C source, ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 305

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 306

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 307

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 308

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 309

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 310

PNG image data, 310 x 205, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 311

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 312

ASCII text, with very long lines (7555), with no line terminators

downloaded

Chrome Cache Entry: 313

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 314

RIFF (little-endian) data, Web/P image

downloaded

Chrome Cache Entry: 315

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 316

ASCII text, with very long lines (23671), with no line terminators

downloaded

Chrome Cache Entry: 317

PNG image data, 27 x 46, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 318

ASCII text, with very long lines (6139), with no line terminators

downloaded

Chrome Cache Entry: 319

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 320

ASCII text, with very long lines (54960), with no line terminators

downloaded

Chrome Cache Entry: 321

ASCII text, with very long lines (1977), with no line terminators

downloaded

Chrome Cache Entry: 322

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 323

JSON data

downloaded

Chrome Cache Entry: 324

ASCII text, with very long lines (41007), with no line terminators

downloaded

Chrome Cache Entry: 325

ASCII text, with very long lines (6142)

downloaded

Chrome Cache Entry: 326

Unicode text, UTF-8 text, with very long lines (61993), with no line terminators

downloaded

Chrome Cache Entry: 327

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 328

JSON data

downloaded

Chrome Cache Entry: 329

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 330

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 331

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 332

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 333

JSON data

downloaded

Chrome Cache Entry: 334

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 335

HTML document, ASCII text, with very long lines (8524)

downloaded

Chrome Cache Entry: 336

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 337

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 338

ASCII text, with very long lines (14198), with no line terminators

downloaded

Chrome Cache Entry: 339

ASCII text, with very long lines (365), with no line terminators

downloaded

Chrome Cache Entry: 340

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 341

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 342

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 343

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 344

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 345

ASCII text, with very long lines (14029)

downloaded

Chrome Cache Entry: 346

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 347

ASCII text, with very long lines (45030), with no line terminators

downloaded

Chrome Cache Entry: 348

ASCII text, with very long lines (7254), with no line terminators

downloaded

Chrome Cache Entry: 349

PNG image data, 45 x 72, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 350

GIF image data, version 89a, 512 x 109

dropped

Chrome Cache Entry: 351

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 352

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 353

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 354

exported SGML document, ASCII text

downloaded

Chrome Cache Entry: 355

JSON data

downloaded

Chrome Cache Entry: 356

MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

dropped

Chrome Cache Entry: 357

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 358

ASCII text, with very long lines (50967), with no line terminators

downloaded

Chrome Cache Entry: 359

ASCII text, with very long lines (24399), with no line terminators

downloaded

Chrome Cache Entry: 360

HTML document, Unicode text, UTF-8 text, with very long lines (62411)

downloaded

Chrome Cache Entry: 361

ASCII text, with very long lines (33094), with no line terminators

downloaded

Chrome Cache Entry: 362

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 363

ASCII text, with very long lines (17065), with no line terminators

downloaded

Chrome Cache Entry: 364

JSON data

downloaded

Chrome Cache Entry: 365

PNG image data, 74 x 1, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 366

ASCII text, with very long lines (8581), with no line terminators

downloaded

Chrome Cache Entry: 367

HTML document, Unicode text, UTF-8 text, with very long lines (62494)

downloaded

Chrome Cache Entry: 368

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 369

ASCII text, with very long lines (25600), with no line terminators

downloaded

Chrome Cache Entry: 370

HTML document, Unicode text, UTF-8 text, with very long lines (62411)

downloaded

Chrome Cache Entry: 371

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 372

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 373

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 374

JSON data

downloaded

Chrome Cache Entry: 375

PNG image data, 74 x 1, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 376

HTML document, ASCII text, with very long lines (8524)

downloaded

Chrome Cache Entry: 377

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 378

JSON data

downloaded

Chrome Cache Entry: 379

JSON data

downloaded

Chrome Cache Entry: 380

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 381

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 382

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 383

JSON data

downloaded

Chrome Cache Entry: 384

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 385

PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 386

ASCII text, with very long lines (35483), with no line terminators

downloaded

Chrome Cache Entry: 387

ASCII text, with very long lines (11808), with no line terminators

downloaded

Chrome Cache Entry: 388

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 389

JSON data

downloaded

Chrome Cache Entry: 390

Unicode text, UTF-8 text, with very long lines (65526), with no line terminators

downloaded

Chrome Cache Entry: 391

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 392

Unicode text, UTF-8 text, with very long lines (65526), with no line terminators

downloaded

Chrome Cache Entry: 393

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 394

Unicode text, UTF-8 text, with very long lines (65532), with no line terminators

downloaded

Chrome Cache Entry: 395

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 396

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 397

JSON data

downloaded

Chrome Cache Entry: 398

ASCII text, with very long lines (35553), with no line terminators

downloaded

Chrome Cache Entry: 399

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 400

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 401

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 402

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 403

ASCII text, with very long lines (20654), with no line terminators

downloaded

Chrome Cache Entry: 404

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 405

PNG image data, 43 x 58, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 406

ASCII text, with very long lines (15590), with no line terminators

downloaded

Chrome Cache Entry: 407

PNG image data, 1800 x 1013, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 408

Unicode text, UTF-8 text, with very long lines (65532), with no line terminators

downloaded

Chrome Cache Entry: 409

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 410

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 411

ASCII text, with very long lines (6279)

downloaded

Chrome Cache Entry: 412

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 413

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 414

ASCII text, with very long lines (303), with no line terminators

downloaded

Chrome Cache Entry: 415

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 416

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 417

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 418

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 419

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 420

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 421

JSON data

downloaded

Chrome Cache Entry: 422

PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 423

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 424

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 425

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 426

PNG image data, 27 x 46, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 427

PNG image data, 310 x 205, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 428

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 429

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 430

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 431

HTML document, ASCII text, with very long lines (8524)

downloaded

Chrome Cache Entry: 432

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 433

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 434

ASCII text, with very long lines (14029)

downloaded

Chrome Cache Entry: 435

ASCII text, with very long lines (12526), with no line terminators

downloaded

Chrome Cache Entry: 436

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 437

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 438

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 439

JSON data

downloaded

Chrome Cache Entry: 440

ASCII text, with very long lines (23897), with no line terminators

downloaded

Chrome Cache Entry: 441

PNG image data, 26 x 29, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 442

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 443

ASCII text, with very long lines (24742), with no line terminators

downloaded

Chrome Cache Entry: 444

ASCII text, with very long lines (54848), with no line terminators

downloaded

Chrome Cache Entry: 445

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 446

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 447

ASCII text, with very long lines (36995), with no line terminators

downloaded

Chrome Cache Entry: 448

Unicode text, UTF-8 text, with very long lines (54268)

downloaded

Chrome Cache Entry: 449

JSON data

downloaded

Chrome Cache Entry: 450

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 451

ASCII text, with very long lines (3121), with no line terminators

downloaded

Chrome Cache Entry: 452

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 453

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 454

ASCII text, with very long lines (31982)

downloaded

Chrome Cache Entry: 455

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 456

ASCII text, with very long lines (17031), with no line terminators

downloaded

Chrome Cache Entry: 457

PNG image data, 26 x 29, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 458

ASCII text, with very long lines (63529), with no line terminators

downloaded

Chrome Cache Entry: 459

PNG image data, 43 x 58, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 460

ASCII text, with very long lines (18882), with no line terminators

downloaded

Chrome Cache Entry: 461

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 462

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 463

ASCII text, with very long lines (23865), with no line terminators

downloaded

Chrome Cache Entry: 464

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 465

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 466

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 467

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 468

Unicode text, UTF-8 text, with very long lines (65515), with no line terminators

downloaded

Chrome Cache Entry: 469

PNG image data, 45 x 72, 8-bit/color RGB, non-interlaced

dropped

Chrome Cache Entry: 470

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 471

Unicode text, UTF-8 text, with very long lines (65526), with no line terminators

downloaded

Chrome Cache Entry: 472

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 473

Unicode text, UTF-8 text, with very long lines (36491)

downloaded

Chrome Cache Entry: 474

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 475

ASCII text, with very long lines (14375), with no line terminators

downloaded

Chrome Cache Entry: 476

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 477

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 478

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 479

ASCII text

downloaded

Chrome Cache Entry: 480

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 481

Unicode text, UTF-8 text, with very long lines (62461), with no line terminators

downloaded

Chrome Cache Entry: 482

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 483

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 484

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 485

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 486

RIFF (little-endian) data, Web/P image

downloaded

Chrome Cache Entry: 487

HTML document, ASCII text, with very long lines (1553), with no line terminators

downloaded

Chrome Cache Entry: 488

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 489

JSON data

downloaded

There are 214 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank

Details

Is windows:	true
Is dropped:	false
PID:	5356
Target ID:	0
Parent PID:	976
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	22:52:25
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1848,i,15505337359864818185,13013131658649980670,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	3176
Target ID:	1
Parent PID:	5356
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1848,i,15505337359864818185,13013131658649980670,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	22:52:27
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Agreements Pages YHGBWHS98322324.html

Details

Is windows:	true
Is dropped:	false
PID:	6276
Target ID:	2
Parent PID:	976
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Agreements Pages YHGBWHS98322324.html
Size:	2851656
MD5:	0FEC2748F363150DC54C1CAFFB1A9408
Time:	22:52:28
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff683680000
Modulesize:	2916352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://x8ioeg.canksru.ru/favicon.ico

104.26.6.106

https://x8ioeg.canksru.ru/Mcbush@hinckleyallen.com

104.26.6.106

https://x8ioeg.canksru.ru/cdn-cgi/challenge-platform/h/g/pat/7ab132028db19a0b/1679349285652/35c3edd27bc9880916c9034b64c93eb0a0ca894b830b0a1cfc5563c4a3a21a97/n49MwinQOCGTqjk

172.67.75.82

https://blog.cloudflare.com/de-de/regional-services-comes-to-apac-de-de/

unknown

https://blog.cloudflare.com/http-ddos-managed-rules/

unknown

https://www.cloudflare.com/analysts/forrester-snapshot-performance-without-sacrificing-security/

unknown

https://blog.cloudflare.com/ko-kr/api-gateway-ko-kr/

unknown

https://blog.cloudflare.com/network-based-policies-in-cloudflare-gateway/

unknown

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1679349207579

18.165.183.123

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

18.165.183.123

https://js.driftt.com/core?d=1&embedId=diyh7bap5ddc&eId=diyh7bap5ddc&region=US&forceShow=false&skipCampaigns=false&sessionId=0c294ea3-0f0e-4f4b-98cf-f77b49bd0021&sessionStarted=1679349208.303&campaignRefreshToken=9a951c13-c8a2-41df-ac06-8d268f22a89b&hideController=false&pageLoadStartTime=1679349208765&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2F

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7ab1324eccc69b21/1679349297228/ozRSoTtCAI-eitm

104.18.6.185

https://www.cloudflare.com/magic-firewall/

unknown

https://blog.cloudflare.com/introducing-network-discovery

unknown

https://blog.cloudflare.com/zh-cn/email-link-isolation-zh-cn/

unknown

https://www.cloudflare.com/products/cloudforceone/

unknown

https://www.cloudflare.com/load-balancing/

unknown

https://blog.cloudflare.com/waf-ml/

unknown

https://presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwNjc5MDktMTc2NTc4ODE4OTUtNGQABm9yZ19pZG0AAAAHNTA2NzkwOWQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzE3NjU3ODgxODk1ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAPdFAwGHAQ.MJJY5AI4eIg6VjUnpJENl6FyrKgIUmE7t9DMTIxTTM4&remote_ip=3.226.111.211&vsn=2.0.0

54.85.240.191

https://1.1.1.1/

unknown

https://js.driftt.com/core?d=1&embedId=diyh7bap5ddc&eId=diyh7bap5ddc&region=US&forceShow=false&skipCampaigns=false&sessionId=8a291dcd-2ca7-448a-8848-f45b72293b71&sessionStarted=1679349197.085&campaignRefreshToken=9a951c13-c8a2-41df-ac06-8d268f22a89b&hideController=false&pageLoadStartTime=1679349195323&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Fproducts%2Fturnstile%2F%3Futm_source%3Dturnstile%26utm_campaign%3Dwidget%23main-content

18.165.183.123

https://metrics.api.drift.com

unknown

https://a.nel.cloudflare.com/report/v3?s=GWvJ9pcs0Lx68LVSDvfRJbaNOwIaRLyxUMUjiEY5wVxEFqFErpt2wq4iMQKFmgmpFm5b8mBewEIoky%2B5Kni9qp5rvOK%2BpwrsS6l0jM4ZTMWE5lzDFmn4mafUaTTtZV79Mypv

35.190.80.1

https://dash.cloudflare.com/login?account=analytics

unknown

https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget#main-content

https://js.driftt.com/core?d=1&embedId=diyh7bap5ddc&eId=diyh7bap5ddc&region=US&forceShow=false&skipCampaigns=false&sessionId=8a291dcd-2ca7-448a-8848-f45b72293b71&sessionStarted=1679349197.085&campaignRefreshToken=9a951c13-c8a2-41df-ac06-8d268f22a89b&hideController=false&pageLoadStartTime=1679349199586&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Fproducts%2Fturnstile%2F%3Futm_source%3Dturnstile%26utm_campaign%3Dwidget%23main-content

18.165.183.123

https://developers.cloudflare.com/logs/reference/logpush-api-configuration/filters/

unknown

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

18.165.183.123

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y2crn/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/9e703/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.18.6.185

https://blog.cloudflare.com/network-performance-update-cio-edition/

unknown

https://blog.cloudflare.com/announcing-amp-real-url/

unknown

https://www.cloudflare.com/magic-transit/

unknown

https://blog.cloudflare.com/403-logs-cloudflare-access/

unknown

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1679349173222

18.165.183.123

https://blog.cloudflare.com/ssh-command-logging/

unknown

https://js.driftt.com/core/assets/js/4.d22a73b9.chunk.js

18.165.183.123

https://blog.cloudflare.com/data-protection-browser/

unknown

https://www.cloudflare.com/products/zero-trust/email-security/

unknown

https://www.cloudflare.com/page-data/en-gb/what-is-cloudflare/page-data.json

104.16.123.96

https://blog.cloudflare.com/ko-kr/casb-dlp-ko-kr/

unknown

https://dash.cloudflare.com/login

unknown

https://5067909-9.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA2NzkwOS0xNzY1Nzg4MTg5NS00ZAAGb3JnX2lkbQAAAAc1MDY3OTA5ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTc2NTc4ODE4OTVkAAl1c2VyX3R5cGVkAARsZWFkbgYA8kUDAYcBYgABUYA.SNztOGainSO1MAjC8iY_-P0tCCuoY0IotTrHFsOO0e0&remote_ip=3.226.111.211&vsn=2.0.0

3.226.147.7

https://www.cloudflare.com/page-data/en-gb/lp/turnstile/page-data.json

104.16.123.96

https://blog.cloudflare.com/protect-all-network-traffic/

unknown

https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.21.0/otBannerSdk.js

104.16.123.96

https://js.driftt.com/core/assets/js/26.2cac9cc9.chunk.js

18.165.183.123

https://blog.cloudflare.com/magic-transit-network-functions/

unknown

https://www.cloudflare.com/lp/waf-ml/

unknown

https://js.driftt.com/include/

unknown

https://www.cloudflare.com/lp/ema-sase-report/

unknown

https://developers.cloudflare.com/ddos-protection/managed-rulesets/network/configure-dashboard

unknown

https://blog.cloudflare.com/unmetered-ratelimiting/

unknown

https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.57.101

https://www.cloudflare.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQ2xvdWRmbGFyZSUyMC0lMjBUaGUlMjBXZWIlMjBQZXJmb3JtYW5jZSUyMCUyNiUyMFNlY3VyaXR5JTIwQ29tcGFueSUyMCU3QyUyMENsb3VkZmxhcmUlMjIlMkMlMjJ4JTIyJTNBMC4zMTQzNTYxMTg3NzY3NTgzJTJDJTIydyUyMiUzQTEyODAlMkMlMjJoJTIyJTNBMTAyNCUyQyUyMmolMjIlM0E5MTMlMkMlMjJlJTIyJTNBMTI4MCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5jbG91ZGZsYXJlLmNvbSUyRmVuLWdiJTJGJTIyJTJDJTIyciUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGd3d3LmNsb3VkZmxhcmUuY29tJTJGZW4tZ2IlMkYlMjIlMkMlMjJrJTIyJTNBMjQlMkMlMjJuJTIyJTNBJTIyVVRGLTglMjIlMkMlMjJvJTIyJTNBLTYwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==

104.16.123.96

https://blog.cloudflare.com/zh-cn/api-gateway-zh-cn/

unknown

https://developers.marketo.com/MunchkinLicense.pdf

unknown

https://www.cloudflare.com/ssl/

unknown

https://workers.cloudflare.com/

unknown

https://customer.api.drift.com

unknown

https://developers.cloudflare.com/magic-firewall/how-to/collect-pcaps

unknown

https://js.driftt.com/core/assets/js/28.01a0fe87.chunk.js

18.165.183.123

https://www.cloudflare.com/lp/kuppingercole-ztna-report/

unknown

https://www.cloudflare.com/static/8e6e17c1d426c4173db2d937aeeead9d/performance-cloud-speed-blue.svg

104.16.123.96

https://blog.cloudflare.com/de-de/area1-eli-ga-de-de/

unknown

https://blog.cloudflare.com/fr-fr/bridge-to-zero-trust-fr-fr/

unknown

https://blog.cloudflare.com/pages-function-goes-ga/

unknown

https://blog.cloudflare.com/zero-trust-private-networking-rules/

unknown

https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js

18.165.183.123

https://www.cloudflare.com/oahu/?cf_target_id=99009164B5BF2CC2388EAE0780B08C0C

unknown

https://js.driftt.com/include/1679349300000/diyh7bap5ddc.js

18.165.183.123

https://blog.cloudflare.com/zh-cn/introducing-network-discovery-zh-cn/

unknown

https://developers.cloudflare.com/workers/platform/logpush/

unknown

https://blog.cloudflare.com/de-de/magic-wan-connector-de-de/

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/1paha/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.18.7.185

https://blog.cloudflare.com/clientless-web-isolation-general-availability/

unknown

https://cloudflare.com/lp/idc-worldwide-cdn-marketscape

unknown

https://www.cloudflare.com/cdn-cgi/rum?

104.16.123.96

https://developers.cloudflare.com/byoip/

unknown

https://developers.cloudflare.com/magic-firewall/how-to/collect-pcaps/

unknown

https://blog.cloudflare.com/fr-fr/introducing-cloudforce-one-threat-operations-and-threat-research-f

unknown

https://developers.cloudflare.com/waf/analytics/

unknown

https://blog.cloudflare.com/browser-vnc-with-zero-trust-rules/

unknown

https://developers.cloudflare.com/load-balancing/

unknown

https://support.cloudflare.com/hc/en-us/articles/360033929991

unknown

https://www.cloudflare.com/es-es/lp/emailsecurity/

unknown

https://blog.cloudflare.com/de-de/bridge-to-zero-trust-de-de/

unknown

https://blog.cloudflare.com/workers-ai

unknown

https://www.cloudflare.com/zero-trust/lp/clientless-web-isolation-beta/

unknown

https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-PHVG60J2FD&cid=1331768206.1679349215&gtm=45je33f0&aip=1&z=1819322542

172.217.168.67

https://blog.cloudflare.com/ko-kr/why-cios-select-cloudflare-one-ko-kr/

unknown

https://blog.cloudflare.com/one-click-zerotrust-isolation/

unknown

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/9e703/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://conversation.api.drift.com

unknown

https://www.cloudflare.com/static/576796641c4fac80ee740be449732d6d/security-lock-blue.svg

104.16.123.96

https://www.cloudflare.com/rvs/?u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2F

104.16.123.96

https://cdn.cookielaw.org/vendorlist/googleData.json

unknown

https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js

18.165.183.123

https://blog.cloudflare.com/introducing-browser-insights/

unknown

https://www.cloudflare.com/lp/application-isolation-beta/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

x8ioeg.canksru.ru

104.26.7.106

benchmark.1e100cdn.net

35.190.26.57

static.cloudflareinsights.com

104.16.57.101

afe79c04fd8464db69f453355c110684-6aa967fe209738b1.elb.us-east-1.amazonaws.com

50.16.7.188

tr.www.cloudflare.com

104.16.123.96

ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com

3.226.147.7

adservice.google.com

142.250.203.98

serverless-benchmarks-js.flame.compute-pipe.com

104.18.17.182

d37vlkgj6jn9t1.cloudfront.net

13.224.98.49

stats.g.doubleclick.net

108.177.96.157

dl7g9llrghqi1.cloudfront.net

18.165.183.123

privacyportal.onetrust.com

104.18.43.158

a2f905133e04e4d35ade9cd4751dd35b-4fd69d4b6621dbbd.elb.us-east-1.amazonaws.com

54.85.240.191

performance.radar.cloudflare.com

104.18.30.78

ipv4-check-perf.radar.cloudflare.com

104.18.31.78

serverless-benchmarks-js.compute-pipe.com

104.18.1.248

www.google.com

142.250.203.100

serverless-benchmarks-rust.compute-pipe.com

104.18.0.248

epsilon.6sense.com

3.73.219.16

ecp.map.fastly.net

151.101.1.51

dash.cloudflare.com

104.17.110.184

pagead46.l.doubleclick.net

172.217.168.2

a.nel.cloudflare.com

35.190.80.1

accounts.google.com

142.250.203.109

ad.doubleclick.net

142.250.203.102

invalid.rpki.cloudflare.com

103.21.244.8

prod.cedexis-ssl.map.fastly.net

151.101.0.65

www.googleoptimize.com

142.250.203.110

valid.rpki.cloudflare.com

104.16.0.16

www.cloudflare.com

104.16.123.96

reddit.map.fastly.net

151.101.1.140

challenges.cloudflare.com

104.18.6.185

clients.l.google.com

142.250.203.110

713-xsc-918.mktoresp.com

192.28.144.124

ib.anycast.adnxs.com

37.252.172.123

www.google.ch

172.217.168.67

alb.reddit.com

unknown

presence.api.drift.com

unknown

metrics.api.drift.com

unknown

secure.adnxs.com

unknown

js.driftt.com

unknown

clients2.google.com

unknown

j.6sc.co

unknown

flow.api.drift.com

unknown

conversation.api.drift.com

unknown

c.6sc.co

unknown

px.ads.linkedin.com

unknown

munchkin.marketo.net

unknown

bootstrap.api.drift.com

unknown

ipv6.6sc.co

unknown

ipv6-check-perf.radar.cloudflare.com

unknown

exactly-huge-arachnid.edgecompute.app

unknown

performance-radar.is-cf.help.every1dns.net

unknown

adservice.google.co.uk

unknown

customer.api.drift.com

unknown

event.api.drift.com

unknown

b.6sc.co

unknown

5067909-9.chat.api.drift.com

unknown

uniquely-peaceful-hagfish.edgecompute.app

unknown

www.linkedin.com

unknown

targeting.api.drift.com

unknown

fastly.cedexis-test.com

unknown

There are 52 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

192.28.144.124

713-xsc-918.mktoresp.com

United States

104.18.0.248

serverless-benchmarks-rust.compute-pipe.com

United States

192.168.2.1

unknown

151.101.1.51

ecp.map.fastly.net

United States

54.147.21.139

unknown

United States

3.89.95.81

unknown

United States

104.18.6.185

challenges.cloudflare.com

United States

104.18.30.78

performance.radar.cloudflare.com

United States

35.190.80.1

a.nel.cloudflare.com

United States

142.250.203.98

adservice.google.com

United States

104.18.1.248

serverless-benchmarks-js.compute-pipe.com

United States

104.18.7.185

unknown

United States

172.67.75.82

unknown

United States

172.217.168.2

pagead46.l.doubleclick.net

United States

35.174.210.7

unknown

United States

104.17.110.184

dash.cloudflare.com

United States

239.255.255.250

unknown

Reserved

35.190.26.57

benchmark.1e100cdn.net

United States

104.18.31.78

ipv4-check-perf.radar.cloudflare.com

United States

127.0.0.1

unknown

3.226.147.7

ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com

United States

18.165.183.59

unknown

United States

142.250.203.110

www.googleoptimize.com

United States

151.101.0.65

prod.cedexis-ssl.map.fastly.net

United States

37.252.172.123

ib.anycast.adnxs.com

European Union

172.217.168.67

www.google.ch

United States

104.16.57.101

static.cloudflareinsights.com

United States

18.165.183.123

dl7g9llrghqi1.cloudfront.net

United States

108.177.96.157

stats.g.doubleclick.net

United States

142.250.203.109

accounts.google.com

United States

104.26.6.106

unknown

United States

3.73.219.16

epsilon.6sense.com

United States

142.250.203.102

ad.doubleclick.net

United States

142.250.203.100

www.google.com

United States

34.193.113.164

unknown

United States

54.85.240.191

a2f905133e04e4d35ade9cd4751dd35b-4fd69d4b6621dbbd.elb.us-east-1.amazonaws.com

United States

104.18.17.182

serverless-benchmarks-js.flame.compute-pipe.com

United States

151.101.1.140

reddit.map.fastly.net

United States

104.16.0.16

valid.rpki.cloudflare.com

United States

104.18.43.158

privacyportal.onetrust.com

United States

103.21.244.8

invalid.rpki.cloudflare.com

United States

13.224.98.49

d37vlkgj6jn9t1.cloudfront.net

United States

18.233.144.104

unknown

United States

3.94.218.138

unknown

United States

104.16.123.96

tr.www.cloudflare.com

United States

There are 35 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Microsoft\Speech_OneCore\Voices

DefaultTokenId

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

gdaefkejpgkiemlaofpalmlakkmbjdnl

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

kmendfapggjehodndflmmgagdbamhnfd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

neajdppkdcdipfabeoofebfddakdcjhd

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

nmmhkkegccagdldgiimedpiccmgmieda

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.account_id

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

module_blocklist_cache_md5_digest

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

google.services.last_username

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}

lastrun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry

TraceTimeLast

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault

S-1-5-21-3853321935-2125563209-4053062332-1002

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty

StatusCodes

HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon

state

There are 45 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1BC55560000

trusted library allocation

page read and write

1BC5471C000

heap

page read and write

1BC546A0000

trusted library allocation

page read and write

1BC546D8000

heap

page read and write

1BC546C0000

trusted library allocation

page read and write

1BC5473C000

heap

page read and write

1BC55350000

trusted library allocation

page read and write

1BC54990000

heap

page read and write

186F1FF000

stack

page read and write

1BC55570000

trusted library allocation

page read and write

1BC54610000

heap

page read and write

186F179000

stack

page read and write

1BC549A0000

trusted library allocation

page read and write

1BC54680000

trusted library allocation

page read and write

1BC544B0000

heap

page read and write

186F0FF000

stack

page read and write

1BC54690000

trusted library allocation

page read and write

1BC54995000

heap

page read and write

1BC54715000

heap

page read and write

186EFFB000

stack

page read and write

186EE7B000

stack

page read and write

1BC555C0000

trusted library allocation

page read and write

1BC546D0000

heap

page read and write

186F079000

stack

page read and write

1BC544C0000

trusted library allocation

page read and write

1BC5471C000

heap

page read and write

1BC54980000

heap

page readonly

1BC545F0000

heap

page read and write

1BC5471C000

heap

page read and write

1BC54999000

heap

page read and write

There are 20 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://x8ioeg.canksru.ru/Mcbush@hinckleyallen.com

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y2crn/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://js.driftt.com/core?d=1&embedId=diyh7bap5ddc&eId=diyh7bap5ddc&region=US&forceShow=false&skipCampaigns=false&sessionId=ee89a268-a2b8-41b6-bbd5-56c352855b82&sessionStarted=1679349168.712&campaignRefreshToken=9a951c13-c8a2-41df-ac06-8d268f22a89b&hideController=false&pageLoadStartTime=1679349167618&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Fproducts%2Fturnstile%2F%3Futm_source%3Dturnstile%26utm_campaign%3Dwidget

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1679349167618

https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget

https://js.driftt.com/core?d=1&embedId=diyh7bap5ddc&eId=diyh7bap5ddc&region=US&forceShow=false&skipCampaigns=false&sessionId=ee89a268-a2b8-41b6-bbd5-56c352855b82&sessionStarted=1679349168.712&campaignRefreshToken=9a951c13-c8a2-41df-ac06-8d268f22a89b&hideController=false&pageLoadStartTime=1679349173222&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Fproducts%2Fturnstile%2F%3Futm_source%3Dturnstile%26utm_campaign%3Dwidget

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1679349173222

https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/y2crn/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget#main-content

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1679349199586

https://js.driftt.com/core?d=1&embedId=diyh7bap5ddc&eId=diyh7bap5ddc&region=US&forceShow=false&skipCampaigns=false&sessionId=8a291dcd-2ca7-448a-8848-f45b72293b71&sessionStarted=1679349197.085&campaignRefreshToken=9a951c13-c8a2-41df-ac06-8d268f22a89b&hideController=false&pageLoadStartTime=1679349199586&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Fproducts%2Fturnstile%2F%3Futm_source%3Dturnstile%26utm_campaign%3Dwidget%23main-content

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1679349208765

https://www.cloudflare.com/en-gb/

https://dash.cloudflare.com/sign-up?lang=en-US

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/1paha/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://dash.cloudflare.com/sign-up?lang=en-US

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/1paha/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://x8ioeg.canksru.ru/Mcbush@hinckleyallen.com

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/9e703/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

https://x8ioeg.canksru.ru/Mcbush@hinckleyallen.com

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/9e703/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

There are 13 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Agreements Pages YHGBWHS98322324.html

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAgreements Pages YHGBWHS98322324.html

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

IOC Report
Agreements Pages YHGBWHS98322324.html