IOC Report
odbc.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\odbc.exe
"C:\Users\user\Desktop\odbc.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Domains

Name
IP
Malicious
171.39.242.20.in-addr.arpa
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
2111AF34000
direct allocation
page read and write
C0000AE000
direct allocation
page read and write
FBB000
unkown
page readonly
1413000
unkown
page readonly
C000014000
direct allocation
page read and write
C000041000
direct allocation
page read and write
C0000DC000
direct allocation
page read and write
C0000AA000
direct allocation
page read and write
C000090000
direct allocation
page read and write
C000186000
direct allocation
page read and write
FBB000
unkown
page readonly
D7675FF000
stack
page read and write
2111AD6C000
heap
page read and write
2111AD30000
heap
page read and write
C000033000
direct allocation
page read and write
C000023000
direct allocation
page read and write
C00009A000
direct allocation
page read and write
C0000E6000
direct allocation
page read and write
C000188000
direct allocation
page read and write
C000100000
direct allocation
page read and write
2111AF94000
direct allocation
page read and write
C0000B2000
direct allocation
page read and write
C000096000
direct allocation
page read and write
2111AFB0000
direct allocation
page read and write
C000002000
direct allocation
page read and write
2111AF90000
direct allocation
page read and write
C000008000
direct allocation
page read and write
C00009F000
direct allocation
page read and write
123D000
unkown
page read and write
13F2000
unkown
page readonly
11DA000
unkown
page write copy
2111B010000
direct allocation
page read and write
C000012000
direct allocation
page read and write
C00010E000
direct allocation
page read and write
C0000EE000
direct allocation
page read and write
C000021000
direct allocation
page read and write
D7671FF000
stack
page read and write
C000000000
direct allocation
page read and write
C00001C000
direct allocation
page read and write
C0000D0000
direct allocation
page read and write
C00010A000
direct allocation
page read and write
2111AF3B000
direct allocation
page read and write
C000088000
direct allocation
page read and write
C000194000
direct allocation
page read and write
C0000D8000
direct allocation
page read and write
1265000
unkown
page read and write
1237000
unkown
page read and write
C000036000
direct allocation
page read and write
D80000
unkown
page readonly
12E1000
unkown
page readonly
D7679FD000
stack
page read and write
C000192000
direct allocation
page read and write
11D9000
unkown
page read and write
D81000
unkown
page execute read
2111AFD2000
direct allocation
page read and write
C00002C000
direct allocation
page read and write
11DB000
unkown
page read and write
2111AFD0000
direct allocation
page read and write
C0000CC000
direct allocation
page read and write
C00019C000
direct allocation
page read and write
C000018000
direct allocation
page read and write
C0000FC000
direct allocation
page read and write
120B000
unkown
page write copy
126E000
unkown
page readonly
C000031000
direct allocation
page read and write
C0000E0000
direct allocation
page read and write
2111B075000
heap
page read and write
11D1000
unkown
page write copy
12E1000
unkown
page readonly
C0000EC000
direct allocation
page read and write
C000016000
direct allocation
page read and write
C0000B0000
direct allocation
page read and write
1205000
unkown
page write copy
2111B070000
heap
page read and write
D766BFD000
stack
page read and write
2111AF39000
direct allocation
page read and write
C0000C0000
direct allocation
page read and write
1413000
unkown
page readonly
C00001E000
direct allocation
page read and write
2111AD60000
heap
page read and write
C0000A6000
direct allocation
page read and write
1412000
unkown
page write copy
2111AD10000
heap
page read and write
C000180000
direct allocation
page read and write
11D8000
unkown
page write copy
C0000A8000
direct allocation
page read and write
120A000
unkown
page read and write
C00008A000
direct allocation
page read and write
C0000A2000
direct allocation
page read and write
1204000
unkown
page read and write
126A000
unkown
page read and write
C0000DE000
direct allocation
page read and write
C000084000
direct allocation
page read and write
2111AD00000
heap
page read and write
C0000E8000
direct allocation
page read and write
11DC000
unkown
page write copy
C0000F6000
direct allocation
page read and write
2111AF30000
direct allocation
page read and write
120D000
unkown
page read and write
C000092000
direct allocation
page read and write
C0000C4000
direct allocation
page read and write
C000010000
direct allocation
page read and write
126E000
unkown
page readonly
D80000
unkown
page readonly
C00000C000
direct allocation
page read and write
11D1000
unkown
page read and write
C0000C8000
direct allocation
page read and write
C0000C2000
direct allocation
page read and write
C0000D4000
direct allocation
page read and write
C00000A000
direct allocation
page read and write
C00003D000
direct allocation
page read and write
D81000
unkown
page execute read
2111AD50000
direct allocation
page read and write
13F2000
unkown
page readonly
C00000E000
direct allocation
page read and write
D7677FD000
stack
page read and write
D7673FE000
stack
page read and write
1412000
unkown
page write copy
There are 108 hidden memdumps, click here to show them.