IOC Report
Copy.shtml

loading gif

Files

File Path
Type
Category
Malicious
Copy.shtml
HTML document, ASCII text, with very long lines (35303), with no line terminators
initial sample
 malicious
Chrome Cache Entry: 141
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
downloaded
Chrome Cache Entry: 142
troff or preprocessor input, ASCII text, with very long lines (372)
downloaded
Chrome Cache Entry: 143
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
downloaded
Chrome Cache Entry: 144
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 145
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
dropped
Chrome Cache Entry: 146
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
dropped
Chrome Cache Entry: 147
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
dropped
Chrome Cache Entry: 148
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 149
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
downloaded
Chrome Cache Entry: 150
ASCII text, with very long lines (32030)
downloaded

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 --field-trial-handle=1788,i,8236339667510414405,2185392968241344403,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Copy.shtml

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/Copy.shtml
malicious
https://ahg1.co/q/dd50b59.php
52.11.128.180
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.203.110
http://fontawesome.io
unknown
https://aadcdn.msauthimages.net/dbd5a2dd-nlfbwdmmtwey3bmysqci40atk0x2ttpxcb1c-eutnqu/logintenantbranding/0/bannerlogo?ts=637594497510297324
152.199.23.72
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
104.17.25.14
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.203.109
http://fontawesome.io/license
unknown

Domains

Name
IP
Malicious
accounts.google.com
142.250.203.109
cdnjs.cloudflare.com
104.17.25.14
www.google.com
142.250.203.100
part-0032.t-0009.fdv2-t-msedge.net
13.107.237.60
clients.l.google.com
142.250.203.110
cs1025.wpc.upsiloncdn.net
152.199.23.72
ahg1.co
52.11.128.180
aadcdn.msauthimages.net
unknown
clients2.google.com
unknown
code.jquery.com
unknown

IPs

IP
Domain
Country
Malicious
52.11.128.180
ahg1.co
United States
192.168.2.1
unknown
unknown
152.199.23.72
cs1025.wpc.upsiloncdn.net
United States
142.250.203.100
www.google.com
United States
142.250.203.110
clients.l.google.com
United States
192.168.2.4
unknown
unknown
239.255.255.250
unknown
Reserved
13.107.237.60
part-0032.t-0009.fdv2-t-msedge.net
United States
127.0.0.1
unknown
unknown
104.17.25.14
cdnjs.cloudflare.com
United States
142.250.203.109
accounts.google.com
United States
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
There are 42 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2AE5327E000
heap
page read and write
291B7F90000
remote allocation
page read and write
3BBEEFE000
stack
page read and write
18A48C71000
heap
page read and write
2AE53275000
heap
page read and write
19C49613000
heap
page read and write
2AE53262000
heap
page read and write
19C49600000
heap
page read and write
207464E0000
trusted library allocation
page read and write
2704DE2A000
heap
page read and write
2AE53213000
heap
page read and write
2AE5326A000
heap
page read and write
B1CA67F000
stack
page read and write
2AE5327D000
heap
page read and write
244F5480000
heap
page read and write
2AF254B8000
heap
page read and write
2AE53260000
heap
page read and write
18A48C78000
heap
page read and write
2AF25D00000
heap
page read and write
A878CFC000
stack
page read and write
A878F7F000
stack
page read and write
2AF25413000
heap
page read and write
2AE53264000
heap
page read and write
244F562F000
heap
page read and write
2704DE47000
heap
page read and write
18A48C13000
heap
page read and write
207464D0000
trusted library allocation
page read and write
2704DE25000
heap
page read and write
19C49671000
heap
page read and write
1AE175B0000
trusted library allocation
page read and write
B9F919B000
stack
page read and write
18A48C5B000
heap
page read and write
244F5600000
heap
page read and write
2AF25330000
heap
page read and write
19C49668000
heap
page read and write
244F5613000
heap
page read and write
2AE53268000
heap
page read and write
244F5E02000
trusted library allocation
page read and write
B1CA57C000
stack
page read and write
207457FF000
heap
page read and write
2AE53232000
heap
page read and write
18A49522000
heap
page read and write
291B7790000
heap
page read and write
18A48C87000
heap
page read and write
C004E7B000
stack
page read and write
75CC77E000
stack
page read and write
20746270000
trusted library allocation
page read and write
207457F7000
heap
page read and write
A8787EB000
stack
page read and write
18A48D8C000
heap
page read and write
2704DE80000
heap
page read and write
18A48C00000
heap
page read and write
2704DD40000
trusted library allocation
page read and write
244F563E000
heap
page read and write
18A49600000
heap
page read and write
2704DE13000
heap
page read and write
19C49560000
trusted library allocation
page read and write
18A495B0000
heap
page read and write
20746260000
trusted library allocation
page read and write
2AE5325C000
heap
page read and write
2AE53100000
heap
page read and write
2AE53256000
heap
page read and write
D5A74FE000
stack
page read and write
1AE17679000
heap
page read and write
2AE53261000
heap
page read and write
2AE53240000
heap
page read and write
291B7A5C000
heap
page read and write
D5A727E000
stack
page read and write
20745705000
heap
page read and write
2DD93FB000
stack
page read and write
19C494D0000
heap
page read and write
19C49675000
heap
page read and write
1AE17580000
heap
page read and write
2AF25C02000
heap
page read and write
502C27F000
stack
page read and write
2AE5326D000
heap
page read and write
2AE5327B000
heap
page read and write
291B7F90000
remote allocation
page read and write
244F5602000
heap
page read and write
502BD0C000
stack
page read and write
A878EFD000
stack
page read and write
207458B0000
trusted library allocation
page read and write
207456C0000
heap
page read and write
207464B0000
trusted library allocation
page read and write
19C49713000
heap
page read and write
18A49502000
heap
page read and write
2AE53263000
heap
page read and write
291B7A02000
heap
page read and write
2AE5326B000
heap
page read and write
75CC47C000
stack
page read and write
2AE530A0000
heap
page read and write
19C4966B000
heap
page read and write
2AF25400000
heap
page read and write
19C49671000
heap
page read and write
502C3F9000
stack
page read and write
1AE17713000
heap
page read and write
1AE17700000
heap
page read and write
B9F94FE000
stack
page read and write
18A48C3C000
heap
page read and write
502C5FF000
stack
page read and write
244F54E0000
heap
page read and write
2704DE58000
heap
page read and write
B1CA479000
stack
page read and write
18A48C59000
heap
page read and write
1AE17702000
heap
page read and write
244F5653000
heap
page read and write
207457B8000
heap
page read and write
20745560000
heap
page read and write
20745750000
trusted library allocation
page read and write
2AF254C9000
heap
page read and write
2704DBC0000
heap
page read and write
18A48B90000
trusted library allocation
page read and write
20745709000
heap
page read and write
502C8FE000
stack
page read and write
2AE53A02000
trusted library allocation
page read and write
1AE17613000
heap
page read and write
2AE53229000
heap
page read and write
18A48DB9000
heap
page read and write
2AF254E0000
heap
page read and write
18A49402000
heap
page read and write
1AE17E02000
trusted library allocation
page read and write
2704DE02000
heap
page read and write
18A49522000
heap
page read and write
244F564F000
heap
page read and write
2AE53860000
trusted library allocation
page read and write
207457B0000
heap
page read and write
2DD94FB000
stack
page read and write
C00537E000
stack
page read and write
18A49554000
heap
page read and write
502C4FA000
stack
page read and write
75CC27F000
stack
page read and write
2704DDF0000
remote allocation
page read and write
C00527E000
stack
page read and write
3BBF6FF000
stack
page read and write
18A48DE5000
heap
page read and write
18A49602000
heap
page read and write
D5A76FF000
stack
page read and write
2AE53274000
heap
page read and write
502C17A000
stack
page read and write
2AE53226000
heap
page read and write
291B7A37000
heap
page read and write
18A49623000
heap
page read and write
2AF25444000
heap
page read and write
18A49500000
heap
page read and write
2DD8E9B000
stack
page read and write
2AE53241000
heap
page read and write
18A48B00000
heap
page read and write
D5A75FE000
stack
page read and write
18A48C43000
heap
page read and write
1AE17668000
heap
page read and write
2704F802000
trusted library allocation
page read and write
207457FF000
heap
page read and write
244F5645000
heap
page read and write
18A48D13000
heap
page read and write
18A495C2000
heap
page read and write
2704DDF0000
remote allocation
page read and write
C0053FC000
stack
page read and write
2AF25320000
heap
page read and write
18A48B60000
heap
page read and write
20745740000
trusted library allocation
page read and write
2704DF00000
heap
page read and write
18A495BE000
heap
page read and write
2AE53265000
heap
page read and write
3BBED7B000
stack
page read and write
18A49590000
heap
page read and write
2704DD70000
trusted library allocation
page read and write
18A49630000
heap
page read and write
207457C0000
heap
page read and write
C00567C000
stack
page read and write
2AF25390000
heap
page read and write
2704DDB0000
trusted library allocation
page read and write
19C49640000
heap
page read and write
291B7A13000
heap
page read and write
1AE17510000
heap
page read and write
291B7B02000
heap
page read and write
18A48C29000
heap
page read and write
A878A7E000
stack
page read and write
2AF25429000
heap
page read and write
2AE5327A000
heap
page read and write
1AE1763C000
heap
page read and write
75CBFFC000
stack
page read and write
2AF25502000
heap
page read and write
19C4965B000
heap
page read and write
20745570000
trusted library allocation
page read and write
2AE5323D000
heap
page read and write
244F5702000
heap
page read and write
1AE17658000
heap
page read and write
2704DF18000
heap
page read and write
C00577F000
stack
page read and write
18A49613000
heap
page read and write
2AF25483000
heap
page read and write
2AE53302000
heap
page read and write
75CBB9C000
stack
page read and write
2AE5326F000
heap
page read and write
19C49665000
heap
page read and write
2AE5325F000
heap
page read and write
3BBF5FE000
stack
page read and write
D5A6FEE000
stack
page read and write
C0054FE000
stack
page read and write
18A49627000
heap
page read and write
291B7A00000
heap
page read and write
19C494C0000
heap
page read and write
19C49671000
heap
page read and write
502C37C000
stack
page read and write
75CC37F000
stack
page read and write
3BBF2FD000
stack
page read and write
75CC57C000
stack
page read and write
244F5629000
heap
page read and write
2704DE3D000
heap
page read and write
3BBF3FE000
stack
page read and write
18A48C92000
heap
page read and write
C00587C000
stack
page read and write
20745801000
heap
page read and write
B1C9F7C000
stack
page read and write
2AF25513000
heap
page read and write
502C6FE000
stack
page read and write
2DD95FE000
stack
page read and write
2AE5325A000
heap
page read and write
2AF25D32000
heap
page read and write
75CC17F000
stack
page read and write
2704DE48000
heap
page read and write
2AE5323B000
heap
page read and write
2704DF13000
heap
page read and write
18A48C8C000
heap
page read and write
3BBEFFB000
stack
page read and write
502C87E000
stack
page read and write
2AF25485000
heap
page read and write
207457FF000
heap
page read and write
291B7A60000
heap
page read and write
75CC67F000
stack
page read and write
2AE53259000
heap
page read and write
20746530000
trusted library allocation
page read and write
C00507C000
stack
page read and write
D5A6F6C000
stack
page read and write
18A48C4E000
heap
page read and write
19C49530000
heap
page read and write
207456A0000
heap
page read and write
18A48C8A000
heap
page read and write
C00597F000
stack
page read and write
2704DE48000
heap
page read and write
291B79D0000
trusted library allocation
page read and write
18A48C68000
heap
page read and write
2704DE00000
heap
page read and write
1AE17602000
heap
page read and write
2704DC20000
heap
page read and write
B9F95FA000
stack
page read and write
18A49543000
heap
page read and write
2704DD20000
trusted library allocation
page read and write
291B7A41000
heap
page read and write
291B77A0000
heap
page read and write
291B7800000
heap
page read and write
2AE53258000
heap
page read and write
18A48AF0000
heap
page read and write
2704DE89000
heap
page read and write
D5A73FE000
stack
page read and write
19C49E02000
trusted library allocation
page read and write
244F563B000
heap
page read and write
19C49629000
heap
page read and write
2AF254C3000
heap
page read and write
2704DE57000
heap
page read and write
2AF253C0000
trusted library allocation
page read and write
2AE53284000
heap
page read and write
3BBF1FF000
stack
page read and write
244F55E0000
trusted library allocation
page read and write
502C7FE000
stack
page read and write
2AE53200000
heap
page read and write
2AE53242000
heap
page read and write
3BBF7FF000
stack
page read and write
244F5490000
heap
page read and write
2AE53247000
heap
page read and write
A87907D000
stack
page read and write
19C49602000
heap
page read and write
20745700000
heap
page read and write
A878C7E000
stack
page read and write
B9F9579000
stack
page read and write
C00557B000
stack
page read and write
207464C0000
heap
page readonly
B9F967E000
stack
page read and write
2AE53257000
heap
page read and write
1AE17600000
heap
page read and write
3BBE90C000
stack
page read and write
19C49702000
heap
page read and write
B1CA37E000
stack
page read and write
18A48C8F000
heap
page read and write
1AE17628000
heap
page read and write
291B8002000
trusted library allocation
page read and write
18A48C43000
heap
page read and write
18A48C95000
heap
page read and write
291B7A29000
heap
page read and write
291B7F90000
remote allocation
page read and write
A878DFE000
stack
page read and write
2DD96FE000
stack
page read and write
2704DDF0000
remote allocation
page read and write
2704DF02000
heap
page read and write
B9F96F9000
stack
page read and write
18A48BB0000
trusted library allocation
page read and write
18A495C9000
heap
page read and write
3BBF4FF000
stack
page read and write
2AF2546C000
heap
page read and write
2AE5324D000
heap
page read and write
2704DE58000
heap
page read and write
2704DBB0000
heap
page read and write
18A4956F000
heap
page read and write
2704DE62000
heap
page read and write
2AE53090000
heap
page read and write
2AE53255000
heap
page read and write
291B7A3B000
heap
page read and write
1AE17520000
heap
page read and write
2AE53279000
heap
page read and write
B9F947E000
stack
page read and write
There are 300 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/Copy.shtml
 malicious