IOC Report
Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.html

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1748,i,3206524124022006366,8441393421957404145,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
file:///C:/Users/user/Desktop/Markelcorp%20Pay-Application%20Completed%20November%2029,%202022_48707712230774110046.html
https://dreams15.co/csc/host9/0f70e1a.php
192.185.196.50
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
104.17.24.14
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.186.110
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.186.45
https://aadcdn.msauthimages.net/dbd5a2dd-ttl-x9zsondwno6uogaxggczkbj5okcite29gtm-6do/logintenantbranding/0/bannerlogo?ts=636450702596912772
152.199.23.72

Domains

Name
IP
Malicious
part-0017.t-0009.t-msedge.net
13.107.246.45
accounts.google.com
142.250.186.45
cdnjs.cloudflare.com
104.17.24.14
part-0017.t-0009.fbs1-t-msedge.net
13.107.219.45
www.google.com
142.250.181.228
clients.l.google.com
142.250.186.110
cs1025.wpc.upsiloncdn.net
152.199.23.72
dreams15.co
192.185.196.50
aadcdn.msauthimages.net
unknown
clients2.google.com
unknown
code.jquery.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.186.45
accounts.google.com
United States
104.17.24.14
cdnjs.cloudflare.com
United States
192.168.2.2
unknown
unknown
192.168.2.1
unknown
unknown
152.199.23.72
cs1025.wpc.upsiloncdn.net
United States
13.107.246.45
part-0017.t-0009.t-msedge.net
United States
239.255.255.250
unknown
Reserved
142.250.181.228
www.google.com
United States
192.185.196.50
dreams15.co
United States
142.250.186.110
clients.l.google.com
United States
127.0.0.1
unknown
unknown
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-2660496737-530772487-1027249058-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-2660496737-530772487-1027249058-1002
There are 35 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1FFBFE47000
heap
page read and write
1FFBFE49000
heap
page read and write
F203A7F000
stack
page read and write
237F925F000
heap
page read and write
E12A59B000
stack
page read and write
2A93C25B000
heap
page read and write
1DB1D502000
heap
page read and write
1FFBFE9B000
heap
page read and write
2A827A3F000
heap
page read and write
20EB1D30000
heap
page read and write
2A93CE25000
heap
page read and write
1FFBFE62000
heap
page read and write
237F976D000
heap
page read and write
2A93C220000
heap
page read and write
2A93CF86000
heap
page read and write
1FFBFE00000
heap
page read and write
237F92CD000
heap
page read and write
F23FE7A000
stack
page read and write
237F9213000
heap
page read and write
1DB1D445000
heap
page read and write
1FFBFE8D000
heap
page read and write
2A93C24F000
heap
page read and write
2A93C2A7000
heap
page read and write
1FFBFE35000
heap
page read and write
1FFBFE6F000
heap
page read and write
F2039FB000
stack
page read and write
2A827A25000
heap
page read and write
5E5FD7E000
stack
page read and write
20EB2602000
trusted library allocation
page read and write
1DB1D4D3000
heap
page read and write
237F9296000
heap
page read and write
1F8E7A00000
heap
page read and write
2A93C293000
heap
page read and write
F23FF7F000
stack
page read and write
2A93C170000
heap
page read and write
E12ACFE000
stack
page read and write
1DB1D497000
heap
page read and write
1FFBFE45000
heap
page read and write
1F8E7930000
heap
page read and write
2A93C24A000
heap
page read and write
4A6E7B000
stack
page read and write
237F9868000
heap
page read and write
F23FFF9000
stack
page read and write
E12B27D000
stack
page read and write
2A93C29B000
heap
page read and write
1FFBFE42000
heap
page read and write
1FFBFE4B000
heap
page read and write
2A93CC2F000
heap
page read and write
2A93C2CC000
heap
page read and write
E12AE7E000
stack
page read and write
2A93CC28000
heap
page read and write
5E5FF7F000
stack
page read and write
2A93C20E000
heap
page read and write
2A93CF79000
heap
page read and write
1F8E7A61000
heap
page read and write
4A6EFE000
stack
page read and write
2A93C2EE000
heap
page read and write
5E6027E000
stack
page read and write
1FFBFE7D000
heap
page read and write
1FFBFE2B000
heap
page read and write
E1597FB000
stack
page read and write
E12AF7D000
stack
page read and write
1FFBFE83000
heap
page read and write
E159378000
stack
page read and write
F24007F000
stack
page read and write
E15917E000
stack
page read and write
1F8E7A41000
heap
page read and write
2A93CF77000
heap
page read and write
1FFBFE13000
heap
page read and write
1FFBFE5E000
heap
page read and write
20EB1E57000
heap
page read and write
1FFBFE3E000
heap
page read and write
2A93C2D8000
heap
page read and write
237F92B5000
heap
page read and write
E158D2B000
stack
page read and write
20EB1F02000
heap
page read and write
2A93C2D9000
heap
page read and write
237F976F000
heap
page read and write
2A827A13000
heap
page read and write
20EB1E02000
heap
page read and write
2A827A02000
heap
page read and write
2A93CE2A000
heap
page read and write
5E6007F000
stack
page read and write
1F8E7A65000
heap
page read and write
E12AC7E000
stack
page read and write
1FFBFE46000
heap
page read and write
2A827A2B000
heap
page read and write
1FFBFE7A000
heap
page read and write
2A93C2B4000
heap
page read and write
F23F9ED000
stack
page read and write
1FFBFE85000
heap
page read and write
2A8279A0000
heap
page read and write
1F8E7A02000
heap
page read and write
F24017D000
stack
page read and write
1FFBFCC0000
heap
page read and write
237F988B000
heap
page read and write
237F9160000
heap
page read and write
1DB1DD00000
heap
page read and write
2A827940000
heap
page read and write
2A93C2BA000
heap
page read and write
1FFBFE5D000
heap
page read and write
ABD857F000
stack
page read and write
1DB1D513000
heap
page read and write
E12AB7D000
stack
page read and write
2A93C2E0000
heap
page read and write
F2402FE000
stack
page read and write
2A93CE22000
heap
page read and write
1FFBFE8B000
heap
page read and write
1DB1D2D0000
heap
page read and write
1FFBFD60000
trusted library allocation
page read and write
2A93CC20000
heap
page read and write
237F91FB000
heap
page read and write
1F8E7A8A000
heap
page read and write
2A93CC28000
heap
page read and write
1DB1D4DA000
heap
page read and write
1DB1D46D000
heap
page read and write
2A93C28B000
heap
page read and write
237F9850000
heap
page read and write
E15927F000
stack
page read and write
2A93C28B000
heap
page read and write
2A93CF7E000
heap
page read and write
2A93C284000
heap
page read and write
2A8279D0000
trusted library allocation
page read and write
1FFBFE71000
heap
page read and write
ABD82FF000
stack
page read and write
2A93CF7C000
heap
page read and write
2A93C299000
heap
page read and write
2A93C253000
heap
page read and write
20EB1D20000
heap
page read and write
4A6F7E000
stack
page read and write
1F8E7A13000
heap
page read and write
2A93C25E000
heap
page read and write
2A93C267000
heap
page read and write
1FFBFE4D000
heap
page read and write
2A93CC39000
heap
page read and write
237F9830000
heap
page read and write
2A93CF84000
heap
page read and write
1FFBFE6B000
heap
page read and write
2A827A45000
heap
page read and write
2A93C1C0000
heap
page read and write
1FFBFD30000
heap
page read and write
2A93CE24000
heap
page read and write
2A93CE27000
heap
page read and write
2A93C2A9000
heap
page read and write
2A827A5B000
heap
page read and write
ABD837C000
stack
page read and write
2A93C3C0000
heap
page read and write
237F9855000
heap
page read and write
2A93C2E0000
heap
page read and write
E15947E000
stack
page read and write
F203BFF000
stack
page read and write
237F9100000
heap
page read and write
1FFBFE60000
heap
page read and write
ABD847E000
stack
page read and write
1DB1D2E0000
heap
page read and write
ABD80FD000
stack
page read and write
2A93C2E8000
heap
page read and write
2A93C2EA000
heap
page read and write
1FFBFE64000
heap
page read and write
2A93C2D5000
heap
page read and write
2A827A6F000
heap
page read and write
1FFBFE44000
heap
page read and write
237F9858000
heap
page read and write
2A93C2CE000
heap
page read and write
2A93C26C000
heap
page read and write
5E6017D000
stack
page read and write
E12AFFF000
stack
page read and write
2A93CC31000
heap
page read and write
237F9730000
heap
page read and write
2A93CF70000
heap
page read and write
1F8E7B02000
heap
page read and write
20EB1E6D000
heap
page read and write
2A827930000
heap
page read and write
2A93CC2F000
heap
page read and write
1FFBFE97000
heap
page read and write
2A93C27F000
heap
page read and write
20EB1E2B000
heap
page read and write
2A93C2E4000
heap
page read and write
237F9165000
heap
page read and write
2A93CC3B000
heap
page read and write
2A93C23E000
heap
page read and write
2A93C2E1000
heap
page read and write
2A93C231000
heap
page read and write
2A93C229000
heap
page read and write
2A8279E0000
trusted library allocation
page read and write
237F91D0000
heap
page read and write
ABD7A7B000
stack
page read and write
E1594F8000
stack
page read and write
2A827B13000
heap
page read and write
E1595FC000
stack
page read and write
2A93C2EE000
heap
page read and write
F2400FD000
stack
page read and write
1F8E7A5A000
heap
page read and write
4A72FE000
stack
page read and write
2A93C27F000
heap
page read and write
F23FD7F000
stack
page read and write
2A93CE2A000
heap
page read and write
2A93C260000
heap
page read and write
1DB1D400000
heap
page read and write
2A93C2E0000
heap
page read and write
1FFBFCD0000
heap
page read and write
1DB1D340000
heap
page read and write
1FFBFE93000
heap
page read and write
2A93CF7B000
heap
page read and write
E12B0FE000
stack
page read and write
20EB1E00000
heap
page read and write
1DB1DD19000
heap
page read and write
2A93C2E2000
heap
page read and write
237F9120000
trusted library allocation
page read and write
1F8E7B13000
heap
page read and write
F23FEF9000
stack
page read and write
2A93CE20000
heap
page read and write
1DB1D481000
heap
page read and write
20EB1D80000
heap
page read and write
237F9831000
heap
page read and write
237F97F8000
heap
page read and write
2A93C2E6000
heap
page read and write
1FFBFE48000
heap
page read and write
20EB1E21000
heap
page read and write
2A93C1F0000
heap
page read and write
1FFBFE57000
heap
page read and write
2A827B02000
heap
page read and write
1DB1DD12000
heap
page read and write
1DB1DD43000
heap
page read and write
4A71FF000
stack
page read and write
1FFBFE36000
heap
page read and write
F20397E000
stack
page read and write
237F9874000
heap
page read and write
2A93C2A3000
heap
page read and write
1F8E7960000
trusted library allocation
page read and write
1FFBFE6D000
heap
page read and write
20EB1E13000
heap
page read and write
2A93C29C000
heap
page read and write
20EB1E48000
heap
page read and write
1FFBFE73000
heap
page read and write
5E5FC7E000
stack
page read and write
1FFC0602000
trusted library allocation
page read and write
F203877000
stack
page read and write
20EB1E52000
heap
page read and write
237F9774000
heap
page read and write
F203AFC000
stack
page read and write
1FFBFE5F000
heap
page read and write
2A93C238000
heap
page read and write
1F8E8202000
trusted library allocation
page read and write
ABD81FD000
stack
page read and write
4A70FE000
stack
page read and write
1FFBFE8F000
heap
page read and write
2A93C420000
heap
page read and write
2A93C268000
heap
page read and write
2A827B00000
heap
page read and write
20EB1E44000
heap
page read and write
E12AD7A000
stack
page read and write
1F8E7A2B000
heap
page read and write
2A93CE2A000
heap
page read and write
ABD7C7B000
stack
page read and write
2A93CE27000
heap
page read and write
2A93CD40000
heap
page read and write
2A93C425000
heap
page read and write
1FFBFE77000
heap
page read and write
E1593FF000
stack
page read and write
2A93C245000
heap
page read and write
2A828202000
trusted library allocation
page read and write
1F8E7A58000
heap
page read and write
1F8E78D0000
heap
page read and write
2A93CC32000
heap
page read and write
5E5F69C000
stack
page read and write
2A93C209000
heap
page read and write
2A93CE2E000
heap
page read and write
ABD7E7E000
stack
page read and write
2A93C1F8000
heap
page read and write
237F9790000
heap
page read and write
2A827A00000
heap
page read and write
237F90E0000
heap
page read and write
ABD7FFE000
stack
page read and write
1DB1DD40000
heap
page read and write
1DB1D4F3000
heap
page read and write
1FFBFE41000
heap
page read and write
2A93C2E7000
heap
page read and write
E1596FE000
stack
page read and write
2A93C2E2000
heap
page read and write
1FFBFE5A000
heap
page read and write
2A93CF81000
heap
page read and write
F203B7F000
stack
page read and write
4A73FE000
stack
page read and write
2A93C2DB000
heap
page read and write
237F8FB0000
heap
page read and write
F23FDFF000
stack
page read and write
2A827A77000
heap
page read and write
E12B1FD000
stack
page read and write
2A93C2D5000
heap
page read and write
1FFBFE63000
heap
page read and write
2A93C2E0000
heap
page read and write
237F9831000
heap
page read and write
1FFBFF02000
heap
page read and write
2A93C28E000
heap
page read and write
1DB1D4C9000
heap
page read and write
1DB1DD20000
heap
page read and write
2A93C2E1000
heap
page read and write
F2401F9000
stack
page read and write
2A93C219000
heap
page read and write
2A93CE2B000
heap
page read and write
2A93C253000
heap
page read and write
1F8E78E0000
heap
page read and write
1F8E7A6E000
heap
page read and write
1DB1D413000
heap
page read and write
1DB1DC02000
heap
page read and write
2A93C2D5000
heap
page read and write
F2038FE000
stack
page read and write
1FFBFE54000
heap
page read and write
237F9876000
heap
page read and write
1FFBFE4B000
heap
page read and write
237F91D8000
heap
page read and write
1FFBFE4C000
heap
page read and write
1DB1D370000
trusted library allocation
page read and write
2A93CC31000
heap
page read and write
1DB1D48B000
heap
page read and write
1DB1D42B000
heap
page read and write
ABD7EFB000
stack
page read and write
2A93CE23000
heap
page read and write
5E5FAFB000
stack
page read and write
20EB1DB0000
trusted library allocation
page read and write
1FFBFE69000
heap
page read and write
2A93CC42000
heap
page read and write
5E5FE7C000
stack
page read and write
There are 314 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/Markelcorp%20Pay-Application%20Completed%20November%2029,%202022_48707712230774110046.html
malicious