Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

https://architectchintanvirani.com/1/2support/index.php?email=mmaye4@uottawa.ca

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0[1].htm

HTML document, ASCII text, with very long lines, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78E9B5C6-7593-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78E9B5C8-7593-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F62BA04-7593-11EB-90E4-ECF4BB862DED}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\585b051251[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicons[1].png

PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\free-v4-shims.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\free.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[1].woff

Web Open Font Format, TrueType, length 20268, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0[1].htm

HTML document, ASCII text, with very long lines

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css

ASCII text

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicons[1].png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem8YaGs126MiZpBA-UFVZ0d[1].woff

Web Open Font Format, TrueType, length 18100, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\popper.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\qwehbgfvdcfvtbgrvfecd[1].htm

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-fa-regular-400[1].eot

Embedded OpenType (EOT), Font Awesome 5 Free Regular family

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-3.1.1.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-3.2.1.slim.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

Web Open Font Format, TrueType, length 20356, version 1.1

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[2].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\free-fa-solid-900[1].eot

Embedded OpenType (EOT), Font Awesome 5 Free Solid family

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff

Web Open Font Format, TrueType, length 18900, version 1.1

downloaded

C:\Users\user\AppData\Local\Temp\~DF5C6855DB7C39EC1D.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFD7E45C6E89F63922.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFDD76AF591DFFF30C.TMP

data

dropped

There are 22 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2024
Target ID:	1
Parent PID:	792
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	20:56:22
Date:	22/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff783160000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary,	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2024 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	752
Target ID:	3
Parent PID:	2024
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2024 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	20:56:22
Date:	22/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x10f0000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary,	Process Injection

URLs

Name

Malicious

https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info

unknown

https://openplaywcowuk.gb.net/qwehbgfvdcfvtbgrvfecd/QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0/?Key=QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0&rand=13InboxLightaspxn_QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0_NHZVVml0czVCRkxRWmsw-&21613cde29049b3c91b62de76cfc8570a2e0ec37b8668ec5d246bab8a58db410#mmaye4@uottawa.ca

https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info@dell.com#

https://openplaywcowuk.gb.net/qwehbgfvdcfvtbgrvfecd/?sicmalsnj3f3=83djnskjac4fr#mmaye4

unknown

http://fontawesome.io

unknown

https://openplaywcowukanvirani.com/1/2support/index.php?email=mmaye4

unknown

https://ka-f.fontawesome.com

unknown

https://code.jquery.com/jquery-3.2.1.slim.min.js

unknown

https://code.jquery.com/jquery-3.1.1.min.js

unknown

https://openplaywcowuk.gb.net/qwehbgfvdcfvtbgrvfecd/QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5

unknown

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

unknown

https://getbootstrap.com/)

unknown

https://www.politikesg.gb.net/qwehbgfvdcfvtbgrvfecd/QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5

unknown

https://fontawesome.comhttps://fontawesome.comFont

unknown

https://code.jquery.com/jquery-3.3.1.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

unknown

https://fontawesome.com/license/free

unknown

http://fontawesome.io/license

unknown

https://fontawesome.com

unknown

https://kit.fontawesome.com

unknown

https://github.com/twbs/bootstrap/graphs/contributors)

unknown

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

unknown

https://getbootstrap.com)

unknown

https://openplaywcowuk.gb.net/qwehbgfvdcfvtbgrvfecd/?sicmalsnj3f3=83djnskjac4fr

unknown

https://melissadatawde.ru/ghyjunhtbgvsadrbt18feb/next.php

unknown

https://architectchintanvirani.com/1/2support/index.php?email=mmaye4

unknown

http://getbootstrap.com)

unknown

https://github.com/twbs/bootstrap/blob/master/LICENSE)

unknown

http://opensource.org/licenses/MIT).

unknown

https://kit.fontawesome.com/585b051251.js

unknown

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

unknown

There are 21 hidden URLs, click here to show them.

Domains

Name

Malicious

www.politikesgeuseis.gr

35.214.201.112

Details

Name:	www.politikesgeuseis.gr
IP:	35.214.201.112
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection,
Urls found in memory or binary data	Networking,
Uses secure TLS version for HTTPS connections	Compliance, Networking,

openplaywcowuk.gb.net

104.129.25.9

Details

Name:	openplaywcowuk.gb.net
IP:	104.129.25.9
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking,
Uses secure TLS version for HTTPS connections	Compliance, Networking,

cdnjs.cloudflare.com

104.16.19.94

Details

Name:	cdnjs.cloudflare.com
IP:	104.16.19.94
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking,
Uses secure TLS version for HTTPS connections	Compliance, Networking,

architectchintanvirani.com

173.237.190.111

Details

Name:	architectchintanvirani.com
IP:	173.237.190.111
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking,	Application Layer Protocol Non-Application Layer Protocol
Urls found in memory or binary data	Networking,
Uses secure TLS version for HTTPS connections	Compliance, Networking,

stackpath.bootstrapcdn.com

unknown

ka-f.fontawesome.com

unknown

code.jquery.com

unknown

kit.fontawesome.com

unknown

maxcdn.bootstrapcdn.com

unknown

IPs

Domain

Country

Active

Malicious

35.214.201.112

unknown

United States

unknown

Details

IP:	35.214.201.112
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	19527
ASN name:	GOOGLE-2US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

173.237.190.111

unknown

United States

unknown

Details

IP:	173.237.190.111
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	30496
ASN name:	AS-TIERP-30496US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

104.129.25.9

unknown

United States

unknown

Details

IP:	104.129.25.9
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	8100
ASN name:	ASN-QUADRANET-GLOBALUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

104.16.19.94

unknown

United States

unknown

Details

IP:	104.16.19.94
TargetID:	3
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{78E9B5C6-7593-11EB-90E4-ECF4BB862DED}

C:\Program Files\internet explorer\iexplore.exe

AdminActive

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 16 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF5D0B02000

unkown

page readonly

7FF506986000

unkown

page readonly

7FF4EFB72000

unkown

page readonly

7FF4EFC79000

unkown

page readonly

12FA4600000

unkown

page readonly

4885FF000

unkown

page read and write

14646C3C000

unkown

page read and write

7FF4EFAB7000

unkown

page readonly

7FF5067FF000

unkown

page readonly

7FF50683E000

unkown

page readonly

7FF5D0BA0000

unkown

page readonly

12FA444F000

unkown

page read and write

12FA4513000

unkown

page read and write

69605FD000

unkown

page read and write

7FF4EFBE6000

unkown

page readonly

7FF4EFBEC000

unkown

page readonly

7FF506A17000

unkown

page readonly

7FF506988000

unkown

page readonly

14646C13000

unkown

page read and write

1857EDA0000

heap private

page read and write

7FF4EFC6E000

unkown

page readonly

487DFE000

unkown

page read and write

69601AC000

unkown

page read and write

12FA4470000

unkown

page read and write

14646BC0000

unkown

page readonly

7FF4EFA3E000

unkown

page readonly

14647402000

unkown

page read and write

1857F320000

heap private

page read and write

12FA4451000

unkown

page read and write

14646AF0000

unkown

page readonly

7FF506883000

unkown

page readonly

10B7FDC000

unkown

page read and write

7FF5D0B6D000

unkown

page readonly

7FF4EFAEC000

unkown

page readonly

7FF4EFB88000

unkown

page readonly

12FA4456000

unkown

page read and write

12FA4A60000

unkown

page readonly

7FF4EFA68000

unkown

page readonly

12FA444A000

unkown

page read and write

7FF4EFC17000

unkown

page readonly

12FA4E00000

unkown

page readonly

12FA4C02000

unkown

page read and write

7FF5D081C000

unkown

page readonly

696067F000

unkown

page read and write

12FA4458000

unkown

page read and write

12FA4508000

unkown

page read and write

7FF50656A000

unkown

page readonly

14646C56000

unkown

page read and write

7FF506570000

unkown

page readonly

7FF5D0BA7000

unkown

page readonly

7FF4EFC10000

unkown

page readonly

48807E000

unkown

page read and write

14646AE0000

heap default

page read and write

7FF5D0B45000

unkown

page readonly

7FF4EFA8D000

unkown

page readonly

7FF506972000

unkown

page readonly

10B84FB000

unkown

page read and write

7FF5069BF000

unkown

page readonly

7FF5D0AAA000

unkown

page readonly

12FA448D000

unkown

page read and write

7FF5069DD000

unkown

page readonly

7FF4EFAB1000

unkown

page readonly

14646BE0000

unkown

page read and write

1857EB70000

unkown

page readonly

1857F65F000

heap private

page read and write

7FF5068B7000

unkown

page readonly

14646A80000

heap private

page read and write

12FA4429000

unkown

page read and write

10B86FF000

unkown

page read and write

7FF4EF76A000

unkown

page readonly

7FF4EFA83000

unkown

page readonly

14646D02000

unkown

page read and write

4882FE000

unkown

page read and write

7FF4EFC79000

unkown

page readonly

7FF5D0AAE000

unkown

page readonly

7FF4EFB82000

unkown

page readonly

7FF5D0C09000

unkown

page readonly

12FA4502000

unkown

page read and write

7FF4EFBBF000

unkown

page readonly

7FF506A14000

unkown

page readonly

69604FE000

unkown

page read and write

7FF4EF99A000

unkown

page readonly

7FF5D0B3E000

unkown

page readonly

696077C000

unkown

page read and write

1857ED50000

unkown

page readonly

7FF5069C9000

unkown

page readonly

7FF4EFB70000

unkown

page readonly

7FF50621C000

unkown

page readonly

1857EEC0000

unkown

page readonly

7FF5069AE000

unkown

page readonly

12FA4459000

unkown

page read and write

7FF5069EC000

unkown

page readonly

14646C00000

unkown

page read and write

7FF5D0B86000

unkown

page readonly

12FA4400000

unkown

page read and write

7FF506982000

unkown

page readonly

7FF5D0C01000

unkown

page readonly

7FF506A71000

unkown

page readonly

7FF5069FC000

unkown

page readonly

7FF5D0B2A000

unkown

page readonly

12FA444E000

unkown

page read and write

7FF4EFC71000

unkown

page readonly

10B87FD000

unkown

page read and write

7FF50679A000

unkown

page readonly

7FF5D0B71000

unkown

page readonly

4883F7000

unkown

page read and write

12FA4290000

unkown

page readonly

7FF5D0B8C000

unkown

page readonly

14646C29000

unkown

page read and write

7FF4EF780000

unkown

page readonly

14646D13000

unkown

page read and write

14646C02000

unkown

page read and write

7FF4EF770000

unkown

page readonly

7FF506580000

unkown

page readonly

48827B000

unkown

page read and write

7FF5068EC000

unkown

page readonly

12FA4481000

unkown

page read and write

7FF5D0B95000

unkown

page readonly

12FA4445000

unkown

page read and write

7FF5069E6000

unkown

page readonly

7FF50684A000

unkown

page readonly

7FF506A6E000

unkown

page readonly

7FF506224000

unkown

page readonly

1857EDCB000

heap default

page read and write

7FF5D0B00000

unkown

page readonly

7FF4EFC14000

unkown

page readonly

7FF5069B5000

unkown

page readonly

12FA443C000

unkown

page read and write

14647600000

unkown

page readonly

12FA444C000

unkown

page read and write

7FF5D0BAD000

unkown

page readonly

1857EDFB000

heap default

page read and write

7FF4EF353000

unkown

page readonly

1857EBD0000

unkown

page readonly

1857ECC0000

unkown

page read and write

1857F560000

heap private

page read and write

10B85F7000

unkown

page read and write

7FF4EFC05000

unkown

page readonly

7FF5D0B18000

unkown

page readonly

7FF5D0B76000

unkown

page readonly

7FF5D0BA4000

unkown

page readonly

7FF506868000

unkown

page readonly

7FF5D0AB4000

unkown

page readonly

696047E000

unkown

page read and write

1857ECE0000

unkown

page readonly

12FA4280000

heap default

page read and write

12FA444B000

unkown

page read and write

7FF5D0B16000

unkown

page readonly

12FA4380000

unkown

page read and write

487D7C000

unkown

page read and write

14646BD0000

unkown

page readonly

7FF4EFBDD000

unkown

page readonly

7FF4EFBC9000

unkown

page readonly

14646E00000

unkown

page readonly

14647190000

unkown

page readonly

7FF4EFBB5000

unkown

page readonly

7FF5D0B7C000

unkown

page readonly

1857F250000

unkown

page readonly

7FF506A79000

unkown

page readonly

10B827E000

unkown

page read and write

69606FE000

unkown

page read and write

7FF4EF9FF000

unkown

page readonly

7FF4EFBFC000

unkown

page readonly

12FA4360000

unkown

page readonly

7FF4EFB86000

unkown

page readonly

7FF5D03B7000

unkown

page readonly

1857F460000

heap private

page read and write

7FF4EFBF6000

unkown

page readonly

7FF50699A000

unkown

page readonly

12FA4454000

unkown

page read and write

7FF506A10000

unkown

page readonly

7FF506970000

unkown

page readonly

1857ED30000

unkown

page readonly

7FF506A05000

unkown

page readonly

1857EDC0000

heap default

page read and write

7FF5D0B1A000

unkown

page readonly

7FF506A79000

unkown

page readonly

10B82FE000

unkown

page read and write

7FF5D0BB2000

unkown

page readonly

7FF5D0B59000

unkown

page readonly

12FA4449000

unkown

page read and write

1857ED45000

heap private

page read and write

14646C8B000

unkown

page read and write

7FF4EFA4A000

unkown

page readonly

7FF5D0BFE000

unkown

page readonly

7FF5D088C000

unkown

page readonly

12FA4413000

unkown

page read and write

12FA4500000

unkown

page read and write

4884FF000

unkown

page read and write

7FF5D0C09000

unkown

page readonly

7FF5069F6000

unkown

page readonly

1857ECA0000

unkown

page read and write

10B83FD000

unkown

page read and write

1857ECF0000

unkown

page readonly

12FA4220000

heap private

page read and write

18500000000

unkown

page readonly

1857ED60000

unkown

page readonly

7FF4EFB9A000

unkown

page readonly

7FF4EFBAE000

unkown

page readonly

696057E000

unkown

page read and write

1857ED40000

heap private

page read and write

7FF5068B1000

unkown

page readonly

12FA4427000

unkown

page read and write

7FF5D0883000

unkown

page readonly

12FA4370000

unkown

page readonly

There are 195 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

Details

Filename:	473627.pages.html.dom
Url:	https://openplaywcowuk.gb.net/qwehbgfvdcfvtbgrvfecd/QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0/?Key=QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0&rand=13InboxLightaspxn_QXNpYQ==22-02-202107-56-25pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aNHZVVml0czVCRkxRWmswVUVzPQ==UGFraXN0YW4=VUVzPQ==4vUVits5BFLQZk0_NHZVVml0czVCRkxRWmsw-&21613cde29049b3c91b62de76cfc8570a2e0ec37b8668ec5d246bab8a58db410#mmaye4@uottawa.ca
Target ID:	3
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2024 CREDAT:17410 /prefetch:2

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish_10	Phishing,

https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info@dell.com#

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML