Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Shipping Document.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.099246803162921
Filename:	Shipping Document.exe
Filesize:	1153024
MD5:	d6e393603c46c4152ea7603ff047af86
SHA1:	664cfe9fa1b0df9d616d4158bb0b5742e62a1756
SHA256:	a70008d95ba3e813cd35c1c663aa46c3cf6c95eeaeccbfbdeb18597daec36647
SHA512:	b6a94caa7f7da85cd3297af6168f9ce4fb50fd52cf9575d47b5f748d205f41f879f6ae4a0d007064a1aeb4e01bfb90c4659f7036cba826e97bfb76428cc69d6a
SSDEEP:	24576:uAHnh+eWsN3skA4RV1Hom2KXMmHacLoBPr+yZU3BSy5:Zh+ZkldoPK8YacLoxr+yZ+X
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary	Security Software Discovery
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools Security Software Discovery
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery Application Window Discovery
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation Access Token Manipulation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Access Token Manipulation Process Discovery
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging	Access Token Manipulation Security Software Discovery
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	Access Token Manipulation System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Access Token Manipulation System Time Discovery Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API Access Token Manipulation
Found large amount of non-executed APIs	Malware Analysis System Evasion	Access Token Manipulation System Time Discovery
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Access Token Manipulation Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	Access Token Manipulation Security Software Discovery System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information Security Software Discovery
Contains functionality for error logging	System Summary	Access Token Manipulation Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion	Access Token Manipulation
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Access Token Manipulation Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion
Contains functionality to instantiate COM classes	System Summary	Access Token Manipulation Security Software Discovery
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	Access Token Manipulation
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery Security Software Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	Access Token Manipulation System Time Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging	Security Software Discovery
Creates temporary files	System Summary	Security Software Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary	Access Token Manipulation
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary	Access Token Manipulation
Sample is known by Antivirus	System Summary	Access Token Manipulation Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\33sf7m69

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7

modified

Details

File:	C:\Users\user\AppData\Local\Temp\33sf7m69
Category:	modified
Dump:	33sf7m69.4.dr
ID:	dr_4
Target ID:	4
Process:	C:\Windows\SysWOW64\certreq.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Entropy:	1.1215420383712111
Encrypted:	false
Ssdeep:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
Size:	196608
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\Local\Temp\autA2D7.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\autA2D7.tmp
Category:	dropped
Dump:	autA2D7.tmp.1.dr
ID:	dr_0
Target ID:	1
Process:	C:\Users\user\Desktop\Shipping Document.exe
Type:	data
Entropy:	7.994088974008671
Encrypted:	true
Ssdeep:	6144:LF7WfCm87IIv7qu2t7zWyhp4sF23/TGgUKWZX9fzTAc/5jr:LJWfkOuuXth7O/TjwzJ5jr
Size:	269312
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\autA317.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\autA317.tmp
Category:	dropped
Dump:	autA317.tmp.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Users\user\Desktop\Shipping Document.exe
Type:	data
Entropy:	7.596339518487682
Encrypted:	false
Ssdeep:	192:eyaFcTokbCKr+mfv76SgtVppx6RAbhBJPIHXnaT+vcYKIl363H+:AFxkeU+m2SgnppURYhBJ+3aCvcYKI2+
Size:	9906
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\soliloquised

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\soliloquised
Category:	dropped
Dump:	soliloquised.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Users\user\Desktop\Shipping Document.exe
Type:	data
Entropy:	7.994088974008671
Encrypted:	true
Ssdeep:	6144:LF7WfCm87IIv7qu2t7zWyhp4sF23/TGgUKWZX9fzTAc/5jr:LJWfkOuuXth7O/TjwzJ5jr
Size:	269312
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\thixophobia

ASCII text, with very long lines (29748), with no line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Temp\thixophobia
Category:	modified
Dump:	thixophobia.1.dr
ID:	dr_3
Target ID:	1
Process:	C:\Users\user\Desktop\Shipping Document.exe
Type:	ASCII text, with very long lines (29748), with no line terminators
Entropy:	3.5465806603192185
Encrypted:	false
Ssdeep:	768:ViTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbQE+I+h6584vfF3if6gP:ViTZ+2QoioGRk6ZklputwjpjBkCiw2R+
Size:	29748
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Shipping Document.exe

"C:\Users\user\Desktop\Shipping Document.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2520
Target ID:	1
Parent PID:	4056
Name:	Shipping Document.exe
Path:	C:\Users\user\Desktop\Shipping Document.exe
Commandline:	"C:\Users\user\Desktop\Shipping Document.exe"
Size:	1153024
MD5:	D6E393603C46C4152EA7603FF047AF86
Time:	06:19:37
Date:	27/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xfc0000
Modulesize:	1179648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Initial sample is a PE file and has a suspicious name	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\Shipping Document.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3820
Target ID:	2
Parent PID:	2520
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\Shipping Document.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	06:19:38
Date:	27/05/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x6a0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe

"C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2144
Target ID:	3
Parent PID:	3820
Name:	tvtoHmZUTcBKRIVpHYXPXI.exe
Path:	C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe
Commandline:	"C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	06:19:45
Date:	27/05/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x100000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\certreq.exe

"C:\Windows\SysWOW64\certreq.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2444
Target ID:	4
Parent PID:	2144
Name:	certreq.exe
Path:	C:\Windows\SysWOW64\certreq.exe
Commandline:	"C:\Windows\SysWOW64\certreq.exe"
Size:	439296
MD5:	A18A70A77AAC4E9D59CFD65C969AF959
Time:	06:19:46
Date:	27/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0xb60000
Modulesize:	458752
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe

"C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2780
Target ID:	6
Parent PID:	2444
Name:	tvtoHmZUTcBKRIVpHYXPXI.exe
Path:	C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe
Commandline:	"C:\Program Files (x86)\oRaHmvfHWYZzFEfwbxQgAeJyPjGSHxrfxbuOcRfPhgphNnWIjpjKGasKyUEFMfgPzJomMLDtClGs\tvtoHmZUTcBKRIVpHYXPXI.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	06:20:01
Date:	27/05/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x100000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3652
Target ID:	8
Parent PID:	2444
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	06:20:14
Date:	27/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff722870000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.performacetoyota.ca/opfh/

199.59.243.225

http://www.busypro.net/opfh/

160.251.148.118

http://www.swordshoop.ca/opfh/

199.59.243.225

http://www.y94hr.top/opfh/

38.47.207.149

http://www.pharmacielorraine.fr/opfh/?R40L6=FpNucvzIjWOmZMmiXb56c6bY69+Kb+n3d8h+TlHEUGgG180M1/D8mOTG6mRn1YM4wyonPK4hNo3l6hpm9fEjrGx3GgV25NLdT3AKPeddSoL4M+kWNe1Dr4885y6woZHnwBfR8wPvVVyX&b2PX=hZXl7VFPKl04

91.195.240.92

http://www.drapples.club/opfh/

199.59.243.225

http://www.pharmacielorraine.fr/opfh/

91.195.240.92

http://www.ukscan.co.uk/opfh/?R40L6=psz/lQNJHky0FOXgYDlRBO31u/UTIg5Z7J5/vGqoP1XE+s8tr2C67qXiCqgsbd7PhBjn/lOTwSnvTpIgb8gb5UyiwGIV81pY4xefKgdN39cek8LArgSLQN3X1wfTB8wzGIcdBGhl9zAd&b2PX=hZXl7VFPKl04

3.33.130.190

http://www.ukscan.co.uk/opfh/

3.33.130.190

http://www.pricekaboom.com/opfh/

185.31.240.240

http://www.gamemaster.at/opfh/?R40L6=PC685LTb06jHOCK4vGHbFQZ2xkI1XLFU2OtxALHCeHx3vCzda7v1dhtYxdz770kbIy0AX5udiNTwR8fzRWvU0kdzv6lB2tOiWMAiJN+HcPhB483U4R/s/Re5ANHairphm1/7Mj/vaUsb&b2PX=hZXl7VFPKl04

199.59.243.225

http://www.ziontool.xyz/opfh/

203.161.43.227

http://www.pricekaboom.com/opfh/?R40L6=i+7S41wOBsHRtkSR5z49LNLl1g14jCJSsH67VhPHZINUfWrbgsYvxB6MwE8qgxdKQETWoz01bCGz4LwvUs/3BJoUBrhuAwUbkATTebp7Ts+JQM1y8oWpV0wDLMDnSIORGtRyV6PjEdP1&b2PX=hZXl7VFPKl04

185.31.240.240

http://www.y94hr.top/opfh/?R40L6=+MQIh7XosrcV1YUvfmXLRZp9qVlVCaTixn9Z4SHGNrQWXqYuOwa/VK9HsnlVTmeIhuhJsBbQG3swuyVkvGLKXJd4NOCZwBpwFucJm+lE/1jiLpvFuFHXohi2H4hODzVegRzQFrQhMICC&b2PX=hZXl7VFPKl04

38.47.207.149

http://www.batchscraper.com/opfh/?R40L6=AGl44rzTw2dIC+2fJHSMY5CagqpMx9ss+xDw2ILHnY0V4XytCPUwKd/QF5kiL9X2gIgUWxZ6E+yGLjvXAstM4MAyIKs/O1HO2djzFZ+svgnMXhmr1Gwb4CXwLPvvhByMEXNfrkehm32q&b2PX=hZXl7VFPKl04

172.67.190.203

http://www.autonomyai.xyz/opfh/

3.33.130.190

http://www.busypro.net/opfh/?R40L6=wk5WmycUod9Ch4sGNMfw6PGGK537NvyqKve97Rqxx64bZj5Y6/ZXBsSfuT6LL9ibplMzreLTp4ANFGROZWA3htlR8tjUt25lxV/kg4OrCh2epctFiYjQQV8YBu8QEUXGE65qscSGJJfb&b2PX=hZXl7VFPKl04

160.251.148.118

http://www.performacetoyota.ca/opfh/?R40L6=i4up9kvrIhZylhTl+TGF8NSB39il2c4qnhHhVcZTirCO4e+BACowf4KjePAiAuddepejX0cVJHKGxf87gLVZ3yhxJ+t5gkh7Sx8ygwwh5CFsGAn8/fc7zcPpOBOJ0Z4qUeJ8jZdFyiV9&b2PX=hZXl7VFPKl04

199.59.243.225

http://www.fruitique.co.uk/opfh/

212.227.172.253

http://www.annahaywardva.co.uk/opfh/?R40L6=rBeI5JL4SdE8nFW9pIUfBkvOLwnHMU9O9JCyLdspFwofGsVtAi0tgWeg3zHJ2XnwxoW6lgl8FdELwhlchXf8iZDZl79NZT9hgeyhr+mr8upFSzDJKwHDStxLaliRPfjpA6FezmrpjIYZ&b2PX=hZXl7VFPKl04

213.171.195.105

http://www.annahaywardva.co.uk/opfh/

213.171.195.105

http://www.ziontool.xyz/opfh/?R40L6=YUsgxJYlBZRF0No39lc3JbqbmV5Q7LZCTky4dVHopuN0Ho35s4wXwSWKkFKDUjWggieTnElUH3EcFS8A7QGjP8jAu/34q2WYLtH3kt2+sJ07P+s7RD70L6colfRzV4eR9N3BYmYWcCpx&b2PX=hZXl7VFPKl04

203.161.43.227

http://www.drapples.club/opfh/?R40L6=ItiWO1iWeFtHa8hPek+OcHyLbef7ZgLT8jCYd//+XcZZdI8PxrJa9smp+DWZYnBxcEEGiLIUcWsNzCqVKSWt292FhOiPAibVi2DXZfZ1Bcb5xD1zZxmn+AopE2U6Sy6WzAqAlkUlqKwq&b2PX=hZXl7VFPKl04

199.59.243.225

http://www.gamemaster.at/opfh/

199.59.243.225

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/MorphSVGPlugin.min.js

unknown

https://s3-us-west-2.amazonaws.com/s.cdpn.io/16327/SplitText.min.js

unknown

http://www.auronhouse.com/opfh/

142.250.186.51

https://login.microsoftonline.com/%s/oauth2/authorizeStringCchPrintfWhttps://login.microsoftonline.c

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://www.fasthosts.co.uk/domain-names/search/?domain=$

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://www.auronhouse.com/opfh/?R40L6=7Wua4PKYKhchrV0dSktA0JoUSva1JJLdwMIZklFmHGZRtcxczCNUWysLgxYx/pnfXqYHMYy3waVzlkYFJZPX15RsNLA3Qz23CQiAilW87ptstt/8e1muReOX5esxW5+HpDKanOvxLVS9&b2PX=hZXl7VFPKl04

142.250.186.51

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js

unknown

https://www.ecosia.org/newtab/

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://www.auronhouse.com/opfh/?R40L6=7Wua4PKYKhchrV0dSktA0JoUSva1JJLdwMIZklFmHGZRtcxczCNUWysLgxYx/

unknown

https://www.google.com

unknown

http://www.y94hr.top

unknown

https://fasthosts.co.uk/

unknown

https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://static.fasthosts.co.uk/icons/favicon.ico

unknown

https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par

unknown

There are 38 hidden URLs, click here to show them.

Domains

Name

Malicious

www.pharmacielorraine.fr

91.195.240.92

www.gamemaster.at

199.59.243.225

www.annahaywardva.co.uk

213.171.195.105

www.busypro.net

160.251.148.118

www.fruitique.co.uk

212.227.172.253

pricekaboom.com

185.31.240.240

autonomyai.xyz

3.33.130.190

www.performacetoyota.ca

199.59.243.225

y94hr.top

38.47.207.149

94950.bodis.com

199.59.243.225

www.swordshoop.ca

199.59.243.225

www.ziontool.xyz

203.161.43.227

www.batchscraper.com

172.67.190.203

ukscan.co.uk

3.33.130.190

www.autonomyai.xyz

unknown

www.auronhouse.com

unknown

www.pricekaboom.com

unknown

www.digishieldu.online

unknown

www.ukscan.co.uk

unknown

www.drapples.club

unknown

www.y94hr.top

unknown

ghs.googlehosted.com

142.250.186.51

There are 12 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

91.195.240.92

www.pharmacielorraine.fr

Germany

185.31.240.240

pricekaboom.com

Estonia

203.161.43.227

www.ziontool.xyz

Malaysia

160.251.148.118

www.busypro.net

Japan

212.227.172.253

www.fruitique.co.uk

Germany

3.33.130.190

autonomyai.xyz

United States

199.59.243.225

www.gamemaster.at

United States

172.67.190.203

www.batchscraper.com

United States

213.171.195.105

www.annahaywardva.co.uk

United Kingdom

38.47.207.149

y94hr.top

United States

142.250.186.51

ghs.googlehosted.com

United States

There are 1 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

5800000

unkown

page execute and read and write

3650000

trusted library allocation

page read and write

400000

system

page execute and read and write

5B50000

unclassified section

page execute and read and write

33E0000

trusted library allocation

page read and write

27B0000

unclassified section

page execute and read and write

5650000

system

page execute and read and write

2F20000

system

page execute and read and write

3551000

heap

page read and write

2A12000

heap

page read and write

1290000

unkown

page read and write

867D000

heap

page read and write

3551000

heap

page read and write

1083000

unkown

page write copy

61F000

stack

page read and write

E50000

unkown

page readonly

12A0000

stack

page read and write

1264000

heap

page read and write

86E4000

heap

page read and write

3551000

heap

page read and write

63DA000

unclassified section

page read and write

100000

unkown

page readonly

2F04000

heap

page read and write

3928000

unkown

page read and write

3551000

heap

page read and write

11C0000

heap

page read and write

17A98220000

trusted library allocation

page read and write

3551000

heap

page read and write

8760000

trusted library allocation

page read and write

3A00000

unkown

page execute and read and write

866B000

heap

page read and write

1100000

unkown

page readonly

3551000

heap

page read and write

3551000

heap

page read and write

1294000

heap

page read and write

125D000

heap

page read and write

3604000

unkown

page read and write

3551000

heap

page read and write

3DE9000

direct allocation

page read and write

3551000

heap

page read and write

3D9D000

direct allocation

page read and write

56AE000

direct allocation

page execute and read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

D50000

unkown

page readonly

3CC0000

direct allocation

page read and write

3B6E1FE000

stack

page read and write

3DE9000

direct allocation

page read and write

E70000

unkown

page readonly

347A000

heap

page read and write

1A0000

heap

page read and write

3551000

heap

page read and write

34D3000

heap

page read and write

3B6D9FF000

stack

page read and write

13B0000

unkown

page read and write

1203000

heap

page read and write

E60000

unkown

page readonly

1230000

unkown

page readonly

2A86000

heap

page read and write

3DE9000

direct allocation

page read and write

3000000

unkown

page execute and read and write

3551000

heap

page read and write

13A1000

unkown

page readonly

3480000

heap

page read and write

1389000

heap

page read and write

2E4F000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3550000

heap

page read and write

615A000

unkown

page execute and read and write

8663000

heap

page read and write

12E0000

unkown

page readonly

536E000

stack

page read and write

11E9000

heap

page read and write

D60000

unkown

page readonly

1890000

unkown

page readonly

2B01000

heap

page read and write

11A0000

unkown

page read and write

3551000

heap

page read and write

4102000

unkown

page read and write

86C2000

heap

page read and write

3551000

heap

page read and write

128E000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

86C5000

heap

page read and write

3551000

heap

page read and write

17A9676C000

system

page execute and read and write

3551000

heap

page read and write

3C43000

direct allocation

page read and write

12A0000

heap

page read and write

3551000

heap

page read and write

2D04000

heap

page read and write

1180000

unkown

page read and write

D50000

unkown

page readonly

3BF3000

direct allocation

page read and write

2CFC000

unkown

page read and write

597C000

unclassified section

page read and write

66FE000

unclassified section

page read and write

3551000

heap

page read and write

48DC000

unkown

page read and write

17A98501000

trusted library allocation

page read and write

2F00000

heap

page read and write

1E60000

direct allocation

page read and write

3551000

heap

page read and write

353D000

heap

page read and write

353B000

heap

page read and write

34D6000

heap

page read and write

57E1000

direct allocation

page execute and read and write

2A17000

heap

page read and write

6890000

unclassified section

page read and write

5F24000

unclassified section

page read and write

61C7000

unkown

page execute and read and write

3551000

heap

page read and write

3551000

heap

page read and write

11F4000

heap

page read and write

3551000

heap

page read and write

27B0000

direct allocation

page read and write

32CD000

direct allocation

page execute and read and write

3551000

heap

page read and write

54FF000

heap

page read and write

586C000

unkown

page read and write

1273000

heap

page read and write

11F4000

heap

page read and write

2813000

heap

page read and write

3AD0000

direct allocation

page read and write

347A000

heap

page read and write

10FC000

stack

page read and write

27B0000

direct allocation

page read and write

2D40000

heap

page read and write

EEE000

stack

page read and write

3551000

heap

page read and write

1320000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3537000

heap

page read and write

17A9840E000

trusted library allocation

page read and write

3551000

heap

page read and write

2813000

heap

page read and write

36C0000

heap

page read and write

1088000

unkown

page readonly

6BC7000

unkown

page execute and read and write

1308000

heap

page read and write

319E000

direct allocation

page execute and read and write

2CA0000

unkown

page read and write

56D8000

system

page execute and read and write

3551000

heap

page read and write

1500000

unkown

page readonly

1211000

heap

page read and write

34D6000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

16D34000

system

page read and write

17A9687A000

heap

page read and write

E1B000

stack

page read and write

32D1000

direct allocation

page execute and read and write

3551000

heap

page read and write

1DBF000

stack

page read and write

1300000

heap

page read and write

117000

unkown

page readonly

3551000

heap

page read and write

3551000

heap

page read and write

2F42000

unkown

page read and write

101000

unkown

page execute read

3551000

heap

page read and write

2E50000

unkown

page readonly

548E000

heap

page read and write

16732000

system

page read and write

123A000

heap

page read and write

3D9D000

direct allocation

page read and write

12A4000

heap

page read and write

101000

unkown

page execute read

1273000

heap

page read and write

3551000

heap

page read and write

EA0000

heap

page read and write

100000

unkown

page readonly

1240000

heap

page read and write

6F17000

unclassified section

page execute and read and write

138F000

heap

page read and write

2EC0000

unkown

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

11E9000

heap

page read and write

DCA000

stack

page read and write

3C43000

direct allocation

page read and write

3551000

heap

page read and write

115000

unkown

page read and write

3551000

heap

page read and write

125D000

heap

page read and write

656C000

unclassified section

page read and write

3E0E000

direct allocation

page read and write

3551000

heap

page read and write

3B6E9FE000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

2F42000

unkown

page read and write

F30000

heap

page read and write

17A98220000

trusted library allocation

page read and write

34DC000

heap

page read and write

13E0000

unkown

page readonly

3551000

heap

page read and write

3476000

heap

page read and write

FDC000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

2800000

heap

page read and write

3551000

heap

page read and write

EDA000

stack

page read and write

3551000

heap

page read and write

100000

unkown

page readonly

3551000

heap

page read and write

3DED000

direct allocation

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

6248000

unclassified section

page read and write

4D92000

unkown

page read and write

3551000

heap

page read and write

1100000

unkown

page readonly

3551000

heap

page read and write

71FC000

unclassified section

page read and write

3551000

heap

page read and write

104F000

unkown

page readonly

3551000

heap

page read and write

2813000

heap

page read and write

3000000

direct allocation

page execute and read and write

34D3000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

660000

direct allocation

page read and write

17A98403000

trusted library allocation

page read and write

13C0000

heap

page read and write

1220000

heap

page read and write

57DD000

direct allocation

page execute and read and write

56E8000

system

page execute and read and write

1891000

unkown

page readonly

3551000

heap

page read and write

34E9000

heap

page read and write

4E00000

unkown

page execute and read and write

1220000

heap

page read and write

12A4000

heap

page read and write

7520000

unclassified section

page read and write

19BE000

stack

page read and write

3551000

heap

page read and write

17A966E0000

system

page execute and read and write

4400000

unkown

page execute and read and write

34F4000

heap

page read and write

117E000

stack

page read and write

32A4000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

6D46000

unclassified section

page read and write

3C43000

direct allocation

page read and write

33C0000

trusted library allocation

page read and write

1110000

unkown

page readonly

3551000

heap

page read and write

11A0000

unkown

page read and write

150000

heap

page read and write

347A000

heap

page read and write

125D000

heap

page read and write

3D50000

unclassified section

page execute and read and write

890F000

stack

page read and write

5250000

trusted library allocation

page execute and read and write

1120000

unkown

page readonly

3551000

heap

page read and write

3551000

heap

page read and write

3C70000

direct allocation

page read and write

86DE000

heap

page read and write

123A000

heap

page read and write

3471000

heap

page read and write

1088000

unkown

page readonly

1120000

unkown

page readonly

3E0E000

direct allocation

page read and write

3551000

heap

page read and write

12DE000

stack

page read and write

3551000

heap

page read and write

2AEA000

heap

page read and write

117000

unkown

page readonly

3551000

heap

page read and write

3551000

heap

page read and write

12A8000

heap

page read and write

2813000

heap

page read and write

123A000

heap

page read and write

3551000

heap

page read and write

5510000

direct allocation

page execute and read and write

3551000

heap

page read and write

3551000

heap

page read and write

64AA000

unclassified section

page execute and read and write

3450000

heap

page read and write

3551000

heap

page read and write

32A4000

heap

page read and write

3DED000

direct allocation

page read and write

2813000

heap

page read and write

2A05000

heap

page read and write

125D000

heap

page read and write

3C70000

direct allocation

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

12E0000

unkown

page readonly

3350000

unclassified section

page execute and read and write

3AD0000

direct allocation

page read and write

17A98410000

trusted library allocation

page read and write

3E5E000

direct allocation

page read and write

2813000

heap

page read and write

2802000

heap

page read and write

350A000

heap

page read and write

11B0000

heap

page read and write

123B000

heap

page read and write

A3A000

stack

page read and write

352C000

heap

page read and write

13A1000

unkown

page readonly

3551000

heap

page read and write

3551000

heap

page read and write

8750000

trusted library allocation

page read and write

3551000

heap

page read and write

17A985C4000

trusted library allocation

page read and write

DFF000

stack

page read and write

3551000

heap

page read and write

17A985A5000

trusted library allocation

page read and write

FC0000

unkown

page readonly

3551000

heap

page read and write

12B4000

heap

page read and write

3551000

heap

page read and write

DCA000

stack

page read and write

12A0000

heap

page read and write

76B2000

unclassified section

page read and write

1B0000

heap

page read and write

88CE000

stack

page read and write

FB0000

heap

page read and write

3517000

heap

page read and write

2D00000

heap

page read and write

86D9000

heap

page read and write

1294000

heap

page read and write

867F000

heap

page read and write

32A0000

heap

page read and write

3471000

heap

page read and write

1E50000

direct allocation

page execute and read and write

2A17000

heap

page read and write

117000

unkown

page readonly

86E7000

heap

page read and write

83D0000

trusted library allocation

page read and write

2EBF000

stack

page read and write

3B6D1FC000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

2EE9000

stack

page read and write

86D8000

heap

page read and write

2813000

heap

page read and write

11F4000

heap

page read and write

3551000

heap

page read and write

1274000

heap

page read and write

51B0000

trusted library allocation

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

1274000

heap

page read and write

51BA000

heap

page read and write

3ABA000

unkown

page read and write

125D000

heap

page read and write

2D04000

heap

page read and write

107F000

unkown

page write copy

12B4000

heap

page read and write

3501000

heap

page read and write

347A000

heap

page read and write

3545000

heap

page read and write

11E4000

heap

page read and write

3551000

heap

page read and write

11B000

stack

page read and write

107F000

unkown

page read and write

3551000

heap

page read and write

1274000

heap

page read and write

3458000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

1694C000

system

page read and write

2813000

heap

page read and write

3551000

heap

page read and write

86E9000

heap

page read and write

3551000

heap

page read and write

14FF000

stack

page read and write

3532000

heap

page read and write

2F2D000

heap

page read and write

5B3C000

unclassified section

page read and write

D40000

unkown

page readonly

D40000

unkown

page readonly

3551000

heap

page read and write

115000

unkown

page read and write

17A96800000

heap

page read and write

305C000

unkown

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

1273000

heap

page read and write

2CA0000

unkown

page read and write

5150000

unclassified section

page execute and read and write

34C8000

heap

page read and write

2F10000

unkown

page readonly

346F000

heap

page read and write

2AEA000

heap

page read and write

3E5E000

direct allocation

page read and write

3AD0000

direct allocation

page read and write

1180000

unkown

page read and write

2F9E000

heap

page read and write

86EF000

heap

page read and write

3551000

heap

page read and write

321C000

unkown

page read and write

13B0000

unkown

page read and write

2F10000

unkown

page readonly

32A4000

heap

page read and write

1EF0000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

1130000

heap

page read and write

574B000

system

page execute and read and write

2813000

heap

page read and write

FC1000

unkown

page execute read

2813000

heap

page read and write

3551000

heap

page read and write

101000

unkown

page execute read

346F000

heap

page read and write

3551000

heap

page read and write

1130000

heap

page read and write

2E50000

unkown

page readonly

86E6000

heap

page read and write

11F4000

heap

page read and write

34FA000

heap

page read and write

17A968A2000

heap

page read and write

706A000

unclassified section

page read and write

ECF000

unkown

page read and write

3C4C000

unkown

page read and write

3551000

heap

page read and write

8666000

heap

page read and write

1678C000

system

page read and write

34C4000

heap

page read and write

33C0000

heap

page read and write

1C0000

direct allocation

page read and write

312D000

direct allocation

page execute and read and write

2A00000

heap

page read and write

2A1A000

heap

page read and write

2EC0000

unkown

page read and write

3E5E000

direct allocation

page read and write

2813000

heap

page read and write

3551000

heap

page read and write

FDC000

stack

page read and write

347A000

heap

page read and write

13C0000

heap

page read and write

3551000

heap

page read and write

17A9689A000

heap

page read and write

52F0000

trusted library allocation

page read and write

2813000

heap

page read and write

3551000

heap

page read and write

3002000

unkown

page read and write

3551000

heap

page read and write

17A98500000

trusted library allocation

page read and write

F40000

heap

page read and write

17A985CE000

trusted library allocation

page read and write

3551000

heap

page read and write

3D9D000

direct allocation

page read and write

15E0000

unkown

page readonly

3C70000

direct allocation

page read and write

4A6E000

unkown

page read and write

1191000

unkown

page readonly

1210000

unkown

page readonly

1970000

unkown

page readonly

3129000

direct allocation

page execute and read and write

1075000

unkown

page readonly

3796000

unkown

page read and write

11F4000

heap

page read and write

86D4000

heap

page read and write

6517000

unclassified section

page execute and read and write

3551000

heap

page read and write

FC1000

unkown

page execute read

17A98300000

trusted library allocation

page read and write

13E0000

unkown

page readonly

3551000

heap

page read and write

3D99000

direct allocation

page read and write

3BF3000

direct allocation

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

1971000

unkown

page readonly

2813000

heap

page read and write

868A000

heap

page read and write

17A98210000

heap

page read and write

17A96870000

heap

page read and write

3D99000

direct allocation

page read and write

34E9000

heap

page read and write

348B000

heap

page read and write

101000

unkown

page execute read

5361000

heap

page read and write

65E000

stack

page read and write

2F90000

heap

page read and write

3B20000

direct allocation

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

10E000

unkown

page readonly

2EAB000

stack

page read and write

8678000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

10E000

unkown

page readonly

104F000

unkown

page readonly

3551000

heap

page read and write

1290000

unkown

page read and write

1274000

heap

page read and write

2D00000

heap

page read and write

2FE0000

heap

page read and write

2E00000

heap

page read and write

3551000

heap

page read and write

E70000

unkown

page readonly

3551000

heap

page read and write

14FF000

stack

page read and write

1400000

heap

page read and write

56F4000

system

page execute and read and write

1075000

unkown

page readonly

123A000

heap

page read and write

1220000

unkown

page readonly

1308000

heap

page read and write

86A8000

heap

page read and write

5862000

unclassified section

page read and write

1240000

heap

page read and write

2D40000

heap

page read and write

3551000

heap

page read and write

52F0000

trusted library allocation

page read and write

3551000

heap

page read and write

12B4000

heap

page read and write

3BF3000

direct allocation

page read and write

17A9840B000

trusted library allocation

page read and write

2D23000

heap

page read and write

125D000

heap

page read and write

53AF000

stack

page read and write

3551000

heap

page read and write

4C00000

unkown

page read and write

4426000

unkown

page read and write

3551000

heap

page read and write

F2E000

stack

page read and write

3F70000

unkown

page read and write

8A20000

heap

page read and write

3E0E000

direct allocation

page read and write

2C01000

heap

page read and write

86AE000

heap

page read and write

3551000

heap

page read and write

1300000

heap

page read and write

27AF000

stack

page read and write

12BB000

heap

page read and write

4294000

unkown

page read and write

3551000

heap

page read and write

17A9688D000

heap

page read and write

1220000

unkown

page readonly

1273000

heap

page read and write

52DD000

heap

page read and write

117000

unkown

page readonly

3551000

heap

page read and write

11F4000

heap

page read and write

16672000

system

page read and write

350E000

heap

page read and write

3551000

heap

page read and write

17A985BE000

trusted library allocation

page read and write

3551000

heap

page read and write

1500000

unkown

page readonly

3551000

heap

page read and write

1395000

unkown

page read and write

3551000

heap

page read and write

2813000

heap

page read and write

2DBE000

stack

page read and write

115000

unkown

page read and write

E0F000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

5639000

direct allocation

page execute and read and write

1110000

unkown

page readonly

3B20000

direct allocation

page read and write

10E000

unkown

page readonly

8655000

heap

page read and write

3CC0000

direct allocation

page read and write

1274000

heap

page read and write

6A22000

unclassified section

page read and write

8671000

heap

page read and write

34B8000

heap

page read and write

EDA000

stack

page read and write

3475000

heap

page read and write

115000

unkown

page read and write

12A4000

heap

page read and write

3CC0000

direct allocation

page read and write

3551000

heap

page read and write

2813000

heap

page read and write

1400000

heap

page read and write

3551000

heap

page read and write

E50000

unkown

page readonly

17A96850000

heap

page read and write

FB4000

heap

page read and write

FC0000

unkown

page readonly

3551000

heap

page read and write

3DED000

direct allocation

page read and write

474A000

unkown

page read and write

867B000

heap

page read and write

3551000

heap

page read and write

1FE000

stack

page read and write

3551000

heap

page read and write

86E1000

heap

page read and write

3551000

heap

page read and write

1264000

heap

page read and write

123A000

heap

page read and write

3551000

heap

page read and write

125D000

heap

page read and write

11B0000

heap

page read and write

3551000

heap

page read and write

2A05000

heap

page read and write

3551000

heap

page read and write

738E000

unclassified section

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

2813000

heap

page read and write

548A000

heap

page read and write

15E0000

unkown

page readonly

D60000

unkown

page readonly

86D1000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

5922000

unclassified section

page read and write

5852000

direct allocation

page execute and read and write

122F000

heap

page read and write

12B4000

heap

page read and write

1210000

unkown

page readonly

11C8000

heap

page read and write

86A4000

heap

page read and write

2C00000

heap

page read and write

17A9676A000

system

page execute and read and write

3551000

heap

page read and write

3475000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

DC000

stack

page read and write

1274000

heap

page read and write

3551000

heap

page read and write

347A000

heap

page read and write

3504000

heap

page read and write

3480000

heap

page read and write

3D99000

direct allocation

page read and write

10E000

unkown

page readonly

17A96820000

heap

page read and write

3551000

heap

page read and write

2F04000

heap

page read and write

3551000

heap

page read and write

17A9689F000

heap

page read and write

3551000

heap

page read and write

86CB000

heap

page read and write

8676000

heap

page read and write

170000

heap

page read and write

3551000

heap

page read and write

11B0000

heap

page read and write

2CB0000

unkown

page read and write

1273000

heap

page read and write

117E000

stack

page read and write

86DB000

heap

page read and write

E3C000

stack

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3DDE000

unkown

page read and write

3551000

heap

page read and write

2F00000

heap

page read and write

321C000

unkown

page read and write

12A8000

heap

page read and write

3342000

direct allocation

page execute and read and write

3551000

heap

page read and write

10FC000

stack

page read and write

1273000

heap

page read and write

3551000

heap

page read and write

6BB4000

unclassified section

page read and write

563D000

direct allocation

page execute and read and write

1191000

unkown

page readonly

3551000

heap

page read and write

3551000

heap

page read and write

E60000

unkown

page readonly

27B0000

direct allocation

page read and write

1230000

unkown

page readonly

3551000

heap

page read and write

2FDF000

stack

page read and write

3551000

heap

page read and write

1275000

heap

page read and write

17A98400000

trusted library allocation

page read and write

2F29000

heap

page read and write

869E000

heap

page read and write

3551000

heap

page read and write

52F0000

trusted library allocation

page read and write

125D000

heap

page read and write

3551000

heap

page read and write

1275000

heap

page read and write

3551000

heap

page read and write

34DC000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

3551000

heap

page read and write

11F4000

heap

page read and write

100000

unkown

page readonly

15DF000

stack

page read and write

3551000

heap

page read and write

4750000

unclassified section

page execute and read and write

123A000

heap

page read and write

3B20000

direct allocation

page read and write

1203000

heap

page read and write

60B6000

unclassified section

page read and write

17A98421000

trusted library allocation

page read and write

There are 699 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Shipping Document.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportShipping Document.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Shipping Document.exe