Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

PI No 20000814C.exe

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.946112183475076
Filename:	PI No 20000814C.exe
Filesize:	691200
MD5:	fddc263879fbf539b746d116e8429a7f
SHA1:	d83296177c8f166a95cafbd12ac1ae327ded42c7
SHA256:	6803a04a376df6f873fe53b3b79bf12534b8c1b74d037a01f537e74bac994f88
SHA512:	99b8c182f7afdc3912e567e5f408a6255fcc2c30361f84d51f2f315629d3adaf96225e819b6a9358957ea994b69e1d878b956afe0c27a8abc3041944e0041ed8
SSDEEP:	12288:aYV6MorX7qzuC3QHO9FQVHPF51jgcxL/wgbggD+En6onCvJzgngsU:JBXu9HGaVHh/wgbv6okJQNU
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary	Virtualization/Sandbox Evasion Security Software Discovery
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Valid Accounts Access Token Manipulation Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Native API
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools Clipboard Data
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found evasive API chain (date check)	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery System Information Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\227j94

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\227j94
Category:	dropped
Dump:	227j94.4.dr
ID:	dr_4
Target ID:	4
Process:	C:\Windows\SysWOW64\cipher.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Entropy:	1.1239949490932863
Encrypted:	false
Ssdeep:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
Size:	196608
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\Local\Temp\aut81DC.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut81DC.tmp
Category:	dropped
Dump:	aut81DC.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\PI No 20000814C.exe
Type:	data
Entropy:	7.994419475076061
Encrypted:	true
Ssdeep:	6144:g6+wCRAoON1UzGt87l3ba5neMDi2K6TxNP0D1/:uRKN+vp3boRDK6jP+
Size:	270336
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\aut820C.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut820C.tmp
Category:	dropped
Dump:	aut820C.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\PI No 20000814C.exe
Type:	data
Entropy:	7.599258598709732
Encrypted:	false
Ssdeep:	192:eyaFcTokleYnNrFyF7d8ionhQ0qu+UoPrUkU5lfm0D8Wj:AFxkleYnnyF7C1hQPu+UoPFU5lfm4p
Size:	9934
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\rhombiform

ASCII text, with very long lines (29748), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\rhombiform
Category:	dropped
Dump:	rhombiform.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\PI No 20000814C.exe
Type:	ASCII text, with very long lines (29748), with no line terminators
Entropy:	3.5516531405972858
Encrypted:	false
Ssdeep:	768:ViTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNb2E+Ip6Cr4vfF3if6gyD:ViTZ+2QoioGRk6ZklputwjpjBkCiw2RA
Size:	29748
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\vaccinators

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\vaccinators
Category:	dropped
Dump:	vaccinators.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\PI No 20000814C.exe
Type:	data
Entropy:	7.994419475076061
Encrypted:	true
Ssdeep:	6144:g6+wCRAoON1UzGt87l3ba5neMDi2K6TxNP0D1/:uRKN+vp3boRDK6jP+
Size:	270336
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\PI No 20000814C.exe

"C:\Users\user\Desktop\PI No 20000814C.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1096
Target ID:	0
Parent PID:	4004
Name:	PI No 20000814C.exe
Path:	C:\Users\user\Desktop\PI No 20000814C.exe
Commandline:	"C:\Users\user\Desktop\PI No 20000814C.exe"
Size:	691200
MD5:	FDDC263879FBF539B746D116E8429A7F
Time:	09:18:19
Date:	23/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf00000
Modulesize:	1568768
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\PI No 20000814C.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3204
Target ID:	2
Parent PID:	1096
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\PI No 20000814C.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	09:18:20
Date:	23/05/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xcd0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe

"C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1132
Target ID:	3
Parent PID:	3204
Name:	YoOsbbockoYKKBpRowW.exe
Path:	C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe
Commandline:	"C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	09:18:28
Date:	23/05/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xb00000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\cipher.exe

"C:\Windows\SysWOW64\cipher.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3432
Target ID:	4
Parent PID:	1132
Name:	cipher.exe
Path:	C:\Windows\SysWOW64\cipher.exe
Commandline:	"C:\Windows\SysWOW64\cipher.exe"
Size:	39936
MD5:	EC2B2944AB4480E520A8015A0740E684
Time:	09:18:29
Date:	23/05/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0xc00000
Modulesize:	65536
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe

"C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3152
Target ID:	6
Parent PID:	3432
Name:	YoOsbbockoYKKBpRowW.exe
Path:	C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe
Commandline:	"C:\Program Files (x86)\ZKTVCxXmVpOAlSpRMrHiuryimmIlixFCBUvSvMDsZzTtUVBghPJFdqjgUthrOf\YoOsbbockoYKKBpRowW.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	09:18:43
Date:	23/05/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xb00000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6408
Target ID:	8
Parent PID:	3432
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	09:18:55
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff728280000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.kubanci.ru/3nn5/

194.58.112.174

http://www.darkerberrycoffee.com/q801/

3.33.130.190

http://www.novosti-dubai.ru/pczf/?FNPd=vvhIsGWCPluUUYKozwujHRnpBsxhc4873MKwq9aQfmKEHTaouY4bbLMkzLN1D0yMYwsFeTDzET5UctfaR3GvIGUh8HX7yBNnSQfVfxhBU4FjPt5zEeZpSpbIsG6X42DlnYxUoU4=&zdK0d=M8mTZ0xHNd1dPVm

87.236.16.214

http://www.isrninjas.com/klk7/

3.33.130.190

http://www.badcopsinyourtown.info/vucc/

3.33.130.190

http://www.ilodezu.com/z48v/

188.114.96.3

http://www.szandraromanovics.hu/xaki/

92.118.24.161

http://www.szandraromanovics.hu/xaki/?FNPd=wRLBEujJd4B1pnn0jgbcCD9yzLi5n0gWQHliinLShRQwSVs5kwR/9Eag334lnRUYK0hhQTyk4agd1D3QGuL+jgjAjqkpdV5oyMSY0wmC42s9caEZ6Np2ARJau1ITEDyDk07yXfw=&zdK0d=M8mTZ0xHNd1dPVm

92.118.24.161

http://www.kubanci.ru/3nn5/?FNPd=4XBe2xrQoWjnswKLKDm2mj9gze7KON4v3N+j4TaEXCiYldMk5+wT4RAjeLUuWdfkxSJYkkjl9YjcDipJ/nGSZTJn94UV3fFhn0eiHqMCH7NwlCC8Ww2FTOTnO/H4b47QggKeMo0=&zdK0d=M8mTZ0xHNd1dPVm

194.58.112.174

http://www.fruitique.co.uk/2oa4/

212.227.172.253

http://www.featurasandals.com/tqo3/

104.21.28.203

http://www.badcopsinyourtown.info/vucc/?FNPd=spJMClAwzf8Vr4tU/CNFMIwartImjnuX45nH0e+a/t8mnJgptjgbw3tj3ejIJ/FML5FH3w7kVV5/X9kg+3gEfjxhkZ7ZkTpqlYFj4xEsGEUQd8yZWQ8UdxmAeS1YmrNTPUkJX5Q=&zdK0d=M8mTZ0xHNd1dPVm

3.33.130.190

http://www.darkerberrycoffee.com/q801/?FNPd=k3+C/Hz11l7GGMbtyaJwFwJpJMDKB1ezXvCBEwQvFs9JnbfCVR4CFb+wnQ6+1xhwjegmGkdUp41mNGCOeWSxR+T+a6juW6LhjpcRfEd8pWKsVNJFlAS3Jblwp/Y5eAdaUUcSoKM=&zdK0d=M8mTZ0xHNd1dPVm

3.33.130.190

http://www.fruitique.co.uk/2oa4/?zdK0d=M8mTZ0xHNd1dPVm&FNPd=i5qj3MbwnaqqZlaCzV8lkcyXWM7z5OtwAvMYuHy+Rs8D5dDCYTlmhW0rahL5OEPHZ4qZwnhHQRjdmYMWg8iT8fZssjRHm0dm/kqluwDPMT77mKIBha7fxwQW4MO+4PevzRBPSWs=

212.227.172.253

http://www.autonomyai.xyz/nvvv/?FNPd=JDodjlWkk0lcNcT9zM0S24FlsQS/eMqacQTVuCL7j+UnSXfTOV7xNk/UDiJqL4CQ9wwpEirhIcb8jwYA7Bo2HvZQNtTCLCENCF3b65oF2QxnolO6iVWtqwVopt5Qqv0FYMJ/2e8=&zdK0d=M8mTZ0xHNd1dPVm

3.33.130.190

http://www.anoldshow.top/ii3e/

203.161.43.228

http://www.ilodezu.com/z48v/?FNPd=V7EBmqWgiCvSgvqad7SyaCOgC+e4BvQG3ktlhx6lo/cZrGqdjKlpWUio9FOhJOaxZOVNIG538/ROKaWARcsTTcMUAhKYPtR70XL2Xhx4NmC7fpbV6q2t8I9SMzcLGlFD+PeBXEg=&zdK0d=M8mTZ0xHNd1dPVm

188.114.96.3

http://www.brzuszkiewicz.pl/xf32/

185.253.212.22

http://www.novosti-dubai.ru/pczf/

87.236.16.214

http://www.botcsllc.com/qukz/

216.40.34.41

http://www.botcsllc.com/qukz/?FNPd=2j86s8NJ5fDu8DdyaluKTyyQGpxO5RQn4ZQP4QlLq4dDbMhIcvPH81QwZFWQYfauPSKzeNxy1T+ygqRogiCCubiSHCzeY+ai+VGnS0fEikTej8/T0yfRDQzRtbWcxq7BJieL0EY=&zdK0d=M8mTZ0xHNd1dPVm

216.40.34.41

http://www.emgeecontracting.shop/88o1/?FNPd=6H0XwdryOyxEld2In19mTcPbDWu4JiPerPnhtxRIRMEZrjEQVkxwg3m1x0TM7/jCK+5wA6bK2pnso5xUF2TOd/2As6zlvvV262DB5DqMTNUdTxWj14lc65WjVUDEbYoF5Wnps5M=&zdK0d=M8mTZ0xHNd1dPVm

69.57.162.24

http://www.autonomyai.xyz/nvvv/

3.33.130.190

http://www.upshercode.store/x98j/

162.240.81.18

http://www.dvizhenie-pallet.ru/t96c/?zdK0d=M8mTZ0xHNd1dPVm&FNPd=4HeJ9NLv0sXxrw0DzDAC1WoSlNK9MN8e7k2kqtvkuL0qZpE735Fp+TMdSC/xJF1XoX+msXZD9KWOaF8gkpoi/zU8Ecilk3SCpDE4oxEYJqxSeKyI7QDD26ritGREhwxOgv5PBbM=

5.101.153.149

http://www.anoldshow.top/ii3e/?FNPd=gUffmmgf+j+eonfXGycQzt8ao2VHtB63wMQRmDLG69g3nf5Br3Vvevf8g6YjJ3DFTJ0p8mRaN1UTMPOwjNToF+SwMNbt6WzMyov1r5SS6GyZoHVOyxmtZVBap1MoFQhjNwOQqL8=&zdK0d=M8mTZ0xHNd1dPVm

203.161.43.228

http://www.dvizhenie-pallet.ru/t96c/

5.101.153.149

http://www.isrninjas.com/klk7/?FNPd=9dP0BDeQOeIgUtwHisb4+HhriuuC7aFbTiKeAEdqL4fJM7qIcfT3xserNr/6IBhXmDc0Se+gIKMrWWn6otGBJpYMdUchDVG2Mcac25kobj2gW5aJo9JvfS7IA0chOZVsE0AwxR4=&zdK0d=M8mTZ0xHNd1dPVm

3.33.130.190

https://duckduckgo.com/chrome_newtab

unknown

https://twitter.com/hover

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.instagram.com/hover_domains

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://www.fruitique.co.uk/2oa4/?zdK0d=M8mTZ0xHNd1dPVm&FNPd=i5qj3MbwnaqqZlaCzV8lkcyXWM7z5OtwAvMYuHy

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://www.ecosia.org/newtab/

unknown

http://www.isrninjas.com

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://t2837.am-track.pl/redir.php?panel=Market_Listing&params=id%3D3940392%26utm_source%3Dmarket_r

unknown

http://nginx.net/

unknown

https://www.hover.com/domains/results

unknown

http://fedoraproject.org/

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css

unknown

http://kubanci.ru/3nn5/?FNPd=4XBe2xrQoWjnswKLKDm2mj9gze7KON4v3N

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://novosti-dubai.ru/pczf/?FNPd=vvhIsGWCPluUUYKozwujHRnpBsxhc4873MKwq9aQfmKEHTaouY4bbLMkzLN1D0yMY

unknown

There are 38 hidden URLs, click here to show them.

Domains

Name

Malicious

www.botcsllc.com

216.40.34.41

darkerberrycoffee.com

3.33.130.190

www.brzuszkiewicz.pl

185.253.212.22

www.ilodezu.com

188.114.96.3

upshercode.store

162.240.81.18

www.fruitique.co.uk

212.227.172.253

autonomyai.xyz

3.33.130.190

www.featurasandals.com

104.21.28.203

www.novosti-dubai.ru

87.236.16.214

isrninjas.com

3.33.130.190

www.dvizhenie-pallet.ru

5.101.153.149

szandraromanovics.hu

92.118.24.161

www.anoldshow.top

203.161.43.228

badcopsinyourtown.info

3.33.130.190

www.kubanci.ru

194.58.112.174

emgeecontracting.shop

69.57.162.24

www.autonomyai.xyz

unknown

www.darkerberrycoffee.com

unknown

www.upshercode.store

unknown

www.isrninjas.com

unknown

www.emgeecontracting.shop

unknown

www.szandraromanovics.hu

unknown

www.badcopsinyourtown.info

unknown

There are 13 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

162.240.81.18

upshercode.store

United States

87.236.16.214

www.novosti-dubai.ru

Russian Federation

92.118.24.161

szandraromanovics.hu

Hungary

69.57.162.24

emgeecontracting.shop

United States

185.253.212.22

www.brzuszkiewicz.pl

Poland

5.101.153.149

www.dvizhenie-pallet.ru

Russian Federation

203.161.43.228

www.anoldshow.top

Malaysia

188.114.96.3

www.ilodezu.com

European Union

194.58.112.174

www.kubanci.ru

Russian Federation

212.227.172.253

www.fruitique.co.uk

Germany

3.33.130.190

darkerberrycoffee.com

United States

216.40.34.41

www.botcsllc.com

Canada

104.21.28.203

www.featurasandals.com

United States

There are 3 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

3490000

unkown

page execute and read and write

4000000

unclassified section

page execute and read and write

5230000

system

page execute and read and write

470000

system

page execute and read and write

4FC0000

trusted library allocation

page read and write

32B0000

system

page execute and read and write

5000000

trusted library allocation

page read and write

2CE0000

unclassified section

page execute and read and write

36D1000

heap

page read and write

28B4000

heap

page read and write

1A0A000

heap

page read and write

36D1000

heap

page read and write

533A000

system

page execute and read and write

3E74000

unkown

page read and write

447E000

direct allocation

page read and write

BB0000

heap

page read and write

2456E4CE000

trusted library allocation

page read and write

82CB000

heap

page read and write

4330000

direct allocation

page read and write

27F0000

unkown

page read and write

42E0000

direct allocation

page read and write

613000

heap

page read and write

E7C11FE000

stack

page read and write

36D1000

heap

page read and write

3029000

direct allocation

page execute and read and write

82F000

heap

page read and write

36D1000

heap

page read and write

83C0000

trusted library allocation

page read and write

3810000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

B50000

heap

page read and write

832000

heap

page read and write

AF0000

unkown

page readonly

900000

unkown

page readonly

AC0000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

F41000

unkown

page readonly

37D0000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

2456E160000

trusted library allocation

page read and write

36D1000

heap

page read and write

8322000

heap

page read and write

3508000

unkown

page read and write

36D1000

heap

page read and write

31CD000

direct allocation

page execute and read and write

6E8A000

unclassified section

page read and write

9BA000

stack

page read and write

2DFC000

unkown

page read and write

42E0000

direct allocation

page read and write

B15000

unkown

page read and write

43B000

stack

page read and write

2C72C000

system

page read and write

36D1000

heap

page read and write

2456C870000

heap

page read and write

36D1000

heap

page read and write

3654000

heap

page read and write

B00000

unkown

page readonly

19B0000

heap

page read and write

F01000

unkown

page execute and read and write

42B3000

direct allocation

page read and write

5040000

trusted library allocation

page read and write

66B0000

unclassified section

page read and write

2A80000

unkown

page read and write

B15000

unkown

page read and write

1880000

heap

page read and write

AB0000

heap

page read and write

61FA000

unclassified section

page read and write

B17000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

100F000

heap

page read and write

B40000

unkown

page readonly

81B000

heap

page read and write

2B22000

unkown

page read and write

35F4000

heap

page read and write

510000

heap

page read and write

613000

heap

page read and write

940000

unkown

page readonly

36D1000

heap

page read and write

538F000

unclassified section

page execute and read and write

369A000

unkown

page read and write

602000

heap

page read and write

35E9000

heap

page read and write

2B22000

unkown

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

2860000

unkown

page readonly

82DB000

heap

page read and write

2920000

heap

page read and write

35FA000

heap

page read and write

36D1000

heap

page read and write

BC1000

unkown

page readonly

19AB000

heap

page read and write

805000

heap

page read and write

36D1000

heap

page read and write

1A0A000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

82FE000

heap

page read and write

FD5000

unkown

page execute and write copy

2456E4A5000

trusted library allocation

page read and write

9BA000

stack

page read and write

E7C01FB000

stack

page read and write

52E3000

system

page execute and read and write

613000

heap

page read and write

4263000

direct allocation

page read and write

812000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

35F4000

heap

page read and write

ABC000

stack

page read and write

1AA7000

heap

page read and write

36D1000

heap

page read and write

17FD000

stack

page read and write

AA0000

unkown

page readonly

824000

heap

page read and write

F00000

unkown

page readonly

2456C890000

heap

page read and write

36D1000

heap

page read and write

2C8EC000

system

page read and write

36D1000

heap

page read and write

613000

heap

page read and write

36D1000

heap

page read and write

8F0000

unkown

page readonly

3629000

heap

page read and write

1AC7000

heap

page read and write

36D1000

heap

page read and write

B00000

unkown

page readonly

B00000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

3242000

direct allocation

page execute and read and write

36D0000

heap

page read and write

36D1000

heap

page read and write

35D0000

heap

page read and write

83B0000

trusted library allocation

page read and write

102C000

unkown

page read and write

36D1000

heap

page read and write

1A0A000

heap

page read and write

36D1000

heap

page read and write

3278000

stack

page read and write

2456E160000

trusted library allocation

page read and write

B15000

unkown

page read and write

36D1000

heap

page read and write

2890000

unkown

page read and write

36D1000

heap

page read and write

613000

heap

page read and write

AF0000

unkown

page read and write

940000

unkown

page readonly

2456E316000

trusted library allocation

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

E6A000

stack

page read and write

28FE000

stack

page read and write

950000

unkown

page readonly

2D00000

heap

page read and write

216D000

stack

page read and write

832C000

heap

page read and write

5672000

direct allocation

page execute and read and write

FF0000

heap

page read and write

B30000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

1900000

heap

page read and write

3635000

heap

page read and write

440D000

direct allocation

page read and write

69D4000

unclassified section

page read and write

517B000

heap

page read and write

2A60000

unkown

page readonly

54CE000

direct allocation

page execute and read and write

2850000

heap

page read and write

35F4000

heap

page read and write

36D1000

heap

page read and write

28B0000

heap

page read and write

36D1000

heap

page read and write

19B0000

heap

page read and write

36D1000

heap

page read and write

82D8000

heap

page read and write

1025000

unkown

page execute and read and write

4263000

direct allocation

page read and write

34BF000

stack

page read and write

35EF000

heap

page read and write

613000

heap

page read and write

5459000

direct allocation

page execute and read and write

8330000

heap

page read and write

36D1000

heap

page read and write

BB0000

heap

page read and write

36D1000

heap

page read and write

2E9E000

heap

page read and write

1AC5000

heap

page read and write

36D1000

heap

page read and write

4330000

direct allocation

page read and write

82F000

heap

page read and write

613000

heap

page read and write

36C4000

heap

page read and write

36D1000

heap

page read and write

8338000

heap

page read and write

BC1000

unkown

page readonly

4330000

direct allocation

page read and write

3671000

heap

page read and write

35EB000

heap

page read and write

1AA8000

heap

page read and write

309E000

direct allocation

page execute and read and write

36A7000

heap

page read and write

81A000

heap

page read and write

28B0000

heap

page read and write

10FE000

stack

page read and write

36D1000

heap

page read and write

2CE0000

direct allocation

page read and write

36D1000

heap

page read and write

447E000

direct allocation

page read and write

805000

heap

page read and write

1970000

heap

page read and write

B01000

unkown

page execute read

96A000

stack

page read and write

52C7000

system

page execute and read and write

FF0000

heap

page read and write

36D1000

heap

page read and write

AF0000

unkown

page read and write

613000

heap

page read and write

2954000

heap

page read and write

B9E000

stack

page read and write

4409000

direct allocation

page read and write

42B3000

direct allocation

page read and write

1AD7000

heap

page read and write

36D1000

heap

page read and write

AA0000

unkown

page readonly

445D000

direct allocation

page read and write

2A5F000

stack

page read and write

E3E000

stack

page read and write

71AE000

unclassified section

page read and write

3687000

heap

page read and write

4263000

direct allocation

page read and write

3B50000

unkown

page read and write

3400000

heap

page read and write

36D1000

heap

page read and write

44CE000

direct allocation

page read and write

B3E000

stack

page read and write

1AC7000

heap

page read and write

36D1000

heap

page read and write

3600000

unclassified section

page execute and read and write

3681000

heap

page read and write

36D1000

heap

page read and write

51A0000

trusted library allocation

page read and write

BF0000

unkown

page readonly

36D1000

heap

page read and write

3646000

heap

page read and write

2A30000

unkown

page readonly

1480000

unkown

page readonly

1AB7000

heap

page read and write

B17000

unkown

page readonly

36D1000

heap

page read and write

4459000

direct allocation

page read and write

36D1000

heap

page read and write

545D000

direct allocation

page execute and read and write

2456C8C0000

heap

page read and write

B30000

unkown

page readonly

C80000

direct allocation

page read and write

AC0000

unkown

page readonly

2A80000

unkown

page read and write

36D1000

heap

page read and write

2456E321000

trusted library allocation

page read and write

F50000

heap

page read and write

35D8000

heap

page read and write

5682000

unclassified section

page read and write

1120000

heap

page read and write

18C0000

heap

page read and write

2A60000

unkown

page readonly

BD0000

unkown

page read and write

36D1000

heap

page read and write

2456E150000

heap

page read and write

82DE000

heap

page read and write

AE0000

heap

page read and write

1AD7000

heap

page read and write

4459000

direct allocation

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

817000

heap

page read and write

36D1000

heap

page read and write

F50000

heap

page read and write

B40000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

7340000

unclassified section

page read and write

36D1000

heap

page read and write

B17000

unkown

page readonly

19EF000

heap

page read and write

52BD000

system

page execute and read and write

2456E303000

trusted library allocation

page read and write

AB0000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

1050000

unkown

page readonly

3695000

heap

page read and write

5601000

direct allocation

page execute and read and write

5D44000

unclassified section

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36B7000

heap

page read and write

36D1000

heap

page read and write

613000

heap

page read and write

36D1000

heap

page read and write

FBF000

unkown

page execute and read and write

3650000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

10F0000

unkown

page readonly

EE0000

heap

page read and write

E7C19FE000

stack

page read and write

1AB6000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

2456C8BC000

heap

page read and write

36D1000

heap

page read and write

10F0000

unkown

page readonly

35FA000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

82C3000

heap

page read and write

4FC9000

heap

page read and write

1FC000

stack

page read and write

440D000

direct allocation

page read and write

85EE000

stack

page read and write

2456E401000

trusted library allocation

page read and write

1978000

heap

page read and write

44BC000

unkown

page read and write

36D1000

heap

page read and write

498F000

unclassified section

page execute and read and write

36D1000

heap

page read and write

930000

unkown

page readonly

613000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

2E2D000

heap

page read and write

28B4000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

2456C8AC000

heap

page read and write

17BF000

stack

page read and write

A00000

direct allocation

page read and write

36D1000

heap

page read and write

B0E000

unkown

page readonly

613000

heap

page read and write

36D1000

heap

page read and write

10BE000

stack

page read and write

2456E300000

trusted library allocation

page read and write

5F0000

heap

page read and write

2A90000

unkown

page execute and read and write

2456E200000

trusted library allocation

page read and write

2456E30A000

trusted library allocation

page read and write

36D1000

heap

page read and write

BF0000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

52E5000

system

page execute and read and write

4006000

unkown

page read and write

18E0000

direct allocation

page execute and read and write

36D1000

heap

page read and write

2456E311000

trusted library allocation

page read and write

36D1000

heap

page read and write

3667000

heap

page read and write

1AC5000

heap

page read and write

521E000

stack

page read and write

3434000

heap

page read and write

36D1000

heap

page read and write

F41000

unkown

page readonly

C7F000

stack

page read and write

4409000

direct allocation

page read and write

FB5000

unkown

page execute and read and write

B0E000

unkown

page readonly

651E000

unclassified section

page read and write

36D1000

heap

page read and write

42E0000

direct allocation

page read and write

36D1000

heap

page read and write

AF0000

unkown

page readonly

3642000

heap

page read and write

2850000

heap

page read and write

36D1000

heap

page read and write

35F4000

heap

page read and write

2C6D2000

system

page read and write

FE0000

unkown

page read and write

17DB000

stack

page read and write

36D1000

heap

page read and write

2DFC000

unkown

page read and write

5330000

direct allocation

page execute and read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

600000

heap

page read and write

800000

heap

page read and write

B50000

heap

page read and write

52A8000

heap

page read and write

3677000

heap

page read and write

4140000

direct allocation

page read and write

3376000

unkown

page read and write

36D1000

heap

page read and write

3605000

heap

page read and write

F7F000

heap

page read and write

36D1000

heap

page read and write

3CE2000

unkown

page read and write

36AD000

heap

page read and write

36D1000

heap

page read and write

4459000

direct allocation

page read and write

36D1000

heap

page read and write

440D000

direct allocation

page read and write

2950000

heap

page read and write

862F000

stack

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

3430000

heap

page read and write

613000

heap

page read and write

613000

heap

page read and write

82C6000

heap

page read and write

548C000

unkown

page read and write

525E000

stack

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

BA0000

unkown

page read and write

4409000

direct allocation

page read and write

36D1000

heap

page read and write

3434000

heap

page read and write

1910000

direct allocation

page read and write

900000

unkown

page readonly

302D000

direct allocation

page execute and read and write

B00000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

2A2F000

stack

page read and write

F58000

heap

page read and write

447E000

direct allocation

page read and write

36D1000

heap

page read and write

E7C09FE000

stack

page read and write

36D1000

heap

page read and write

8640000

heap

page read and write

36D1000

heap

page read and write

930000

unkown

page readonly

8335000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

2456C680000

system

page execute and read and write

52A4000

heap

page read and write

284E000

stack

page read and write

2456C830000

heap

page read and write

2C612000

system

page read and write

35EF000

heap

page read and write

613000

heap

page read and write

367E000

heap

page read and write

4190000

direct allocation

page read and write

432A000

unkown

page read and write

4140000

direct allocation

page read and write

BD0000

unkown

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

31E4000

unkown

page read and write

365A000

heap

page read and write

36D1000

heap

page read and write

4E0000

heap

page read and write

FE0000

unkown

page read and write

B01000

unkown

page execute read

4140000

direct allocation

page read and write

36D1000

heap

page read and write

FF8000

heap

page read and write

82FA000

heap

page read and write

440D000

direct allocation

page read and write

19A4000

heap

page read and write

36D1000

heap

page read and write

F00000

unkown

page readonly

55FD000

direct allocation

page execute and read and write

36D1000

heap

page read and write

39BE000

unkown

page read and write

13E0000

unkown

page readonly

701C000

unclassified section

page read and write

8F0000

unkown

page readonly

36D1000

heap

page read and write

44CE000

direct allocation

page read and write

36D1000

heap

page read and write

B01000

unkown

page execute read

36D1000

heap

page read and write

1A82000

heap

page read and write

ABC000

stack

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

831C000

heap

page read and write

36D1000

heap

page read and write

42E0000

direct allocation

page read and write

2920000

heap

page read and write

3401000

heap

page read and write

DD3000

unkown

page read and write

82E0000

heap

page read and write

36B2000

heap

page read and write

36D1000

heap

page read and write

2E29000

heap

page read and write

B7E000

stack

page read and write

102B000

unkown

page execute and write copy

2950000

heap

page read and write

36D1000

heap

page read and write

3E1F000

unkown

page execute and read and write

1AE7000

heap

page read and write

1AE7000

heap

page read and write

82D1000

heap

page read and write

35F4000

heap

page read and write

817000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

8E0000

unkown

page readonly

A3E000

stack

page read and write

4263000

direct allocation

page read and write

35E9000

heap

page read and write

5742000

unclassified section

page read and write

102C000

unkown

page write copy

36D1000

heap

page read and write

35F4000

heap

page read and write

FCF000

stack

page read and write

36D1000

heap

page read and write

2456C89F000

heap

page read and write

950000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

2BE2000

unkown

page read and write

36D1000

heap

page read and write

538C000

unkown

page read and write

36D1000

heap

page read and write

19A2000

heap

page read and write

F3F000

stack

page read and write

35F0000

heap

page read and write

2456E4BE000

trusted library allocation

page read and write

6CF8000

unclassified section

page read and write

2CCD4000

system

page read and write

2954000

heap

page read and write

F82000

heap

page read and write

36D1000

heap

page read and write

B9E000

stack

page read and write

36D1000

heap

page read and write

256E000

stack

page read and write

2456C8C3000

heap

page read and write

36D1000

heap

page read and write

445D000

direct allocation

page read and write

FCE000

unkown

page execute and read and write

36D1000

heap

page read and write

3434000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

B0E000

unkown

page readonly

4190000

direct allocation

page read and write

613000

heap

page read and write

44CE000

direct allocation

page read and write

B23000

heap

page read and write

36D1000

heap

page read and write

A6C000

stack

page read and write

36D1000

heap

page read and write

ED0000

heap

page read and write

36D1000

heap

page read and write

2456C6BD000

system

page execute and read and write

36D1000

heap

page read and write

901000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

51A0000

trusted library allocation

page read and write

36D1000

heap

page read and write

5ED6000

unclassified section

page read and write

447E000

direct allocation

page read and write

579C000

unclassified section

page read and write

464E000

unkown

page read and write

3650000

heap

page read and write

481F000

unkown

page execute and read and write

AD0000

unkown

page readonly

A6C000

stack

page read and write

2456C750000

heap

page read and write

1AE7000

heap

page read and write

4409000

direct allocation

page read and write

8328000

heap

page read and write

833A000

heap

page read and write

27F0000

unkown

page read and write

2456C897000

heap

page read and write

1884000

heap

page read and write

1AA7000

heap

page read and write

1A0A000

heap

page read and write

382C000

unkown

page read and write

50EC000

heap

page read and write

AD0000

unkown

page readonly

2456C6B9000

system

page execute and read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

4140000

direct allocation

page read and write

638C000

unclassified section

page read and write

AE0000

heap

page read and write

3667000

heap

page read and write

2F00000

direct allocation

page execute and read and write

1480000

unkown

page readonly

51A0000

trusted library allocation

page read and write

36D1000

heap

page read and write

5319000

heap

page read and write

36D1000

heap

page read and write

FCF000

stack

page read and write

8030000

trusted library allocation

page read and write

1A0B000

heap

page read and write

BA0000

unkown

page read and write

52D7000

system

page execute and read and write

82EF000

heap

page read and write

36D1000

heap

page read and write

595C000

unclassified section

page read and write

613000

heap

page read and write

2CE0000

direct allocation

page read and write

1050000

unkown

page readonly

4198000

unkown

page read and write

2A30000

unkown

page readonly

13E1000

unkown

page readonly

31D1000

direct allocation

page execute and read and write

1AA2000

heap

page read and write

B0E000

unkown

page readonly

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

37D0000

trusted library allocation

page read and write

50F0000

trusted library allocation

page execute and read and write

4190000

direct allocation

page read and write

36D1000

heap

page read and write

96A000

stack

page read and write

B17000

unkown

page readonly

82BA000

heap

page read and write

36D1000

heap

page read and write

35EB000

heap

page read and write

36D1000

heap

page read and write

8E0000

unkown

page readonly

82F5000

heap

page read and write

2456E4C4000

trusted library allocation

page read and write

832000

heap

page read and write

6068000

unclassified section

page read and write

347E000

stack

page read and write

323B000

stack

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

8314000

heap

page read and write

36D1000

heap

page read and write

82D6000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

36D1000

heap

page read and write

6842000

unclassified section

page read and write

2456E400000

trusted library allocation

page read and write

2456E30E000

trusted library allocation

page read and write

3654000

heap

page read and write

36D1000

heap

page read and write

A00000

heap

page read and write

445D000

direct allocation

page read and write

2C3C000

unkown

page read and write

2CE0000

direct allocation

page read and write

B01000

unkown

page execute read

6B66000

unclassified section

page read and write

F58000

heap

page read and write

82E3000

heap

page read and write

3320000

heap

page read and write

2860000

unkown

page readonly

47E0000

unkown

page read and write

FF8000

heap

page read and write

42B3000

direct allocation

page read and write

B15000

unkown

page read and write

36D1000

heap

page read and write

36BA000

heap

page read and write

36D1000

heap

page read and write

4C0000

heap

page read and write

19B0000

heap

page read and write

17CE000

stack

page read and write

365A000

heap

page read and write

36D1000

heap

page read and write

There are 665 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
PI No 20000814C.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPI No 20000814C.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
PI No 20000814C.exe