Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.146630373274625
Filename:	Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Filesize:	1193984
MD5:	70a68499e37399ec6c26e7ab48f75bfd
SHA1:	740ddbe5fa46cb3ef032e328e0f95c40f4a3230f
SHA256:	32750b54a373f04b1b34a3b21e91140e842d21b8008b0d627e1e89e3e62571fd
SHA512:	e855a3e8e97b5118c83f2a03216deaa64ac4f212202ebbe12d0d873878e4d924dbecf7f104074dbcefb5f0d5500819105b40aa6ba7e5a6b0061cf407bdc48225
SSDEEP:	24576:EAHnh+eWsN3skA4RV1Hom2KXMmHa2kGl3NW2i2tpLr5:Th+ZkldoPK8Ya2km3COpZ
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Native API Access Token Manipulation
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery Clipboard Data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Creates processes with suspicious names	Persistence and Installation Behavior
Detected potential crypto function	System Summary	System Time Discovery Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found large amount of non-executed APIs	Malware Analysis System Evasion	System Time Discovery
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary	System Information Discovery
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\1-673479

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\1-673479
Category:	dropped
Dump:	1-673479.3.dr
ID:	dr_4
Target ID:	3
Process:	C:\Windows\SysWOW64\RMActivate_ssp.exe
Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Entropy:	0.9746603542602881
Encrypted:	false
Ssdeep:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
Size:	114688
Whitelisted:	true
Reputation:	high

C:\Users\user\AppData\Local\Temp\aut1BE5.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut1BE5.tmp
Category:	dropped
Dump:	aut1BE5.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Type:	data
Entropy:	7.993427920996113
Encrypted:	true
Ssdeep:	6144:h7QqWOvRsmY9lqT7mKHxAfcZdmkkQSQsM2/lSMADn:+csrwT7mKWfcZVqbfgNn
Size:	270848
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\aut1C15.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut1C15.tmp
Category:	dropped
Dump:	aut1C15.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Type:	data
Entropy:	7.594976842134209
Encrypted:	false
Ssdeep:	192:65jwEiqiSLLhK6mXmHAMo0XrFZbHuAAAGVp200bAsmIr+C3VfRzntFupioHktU6y:I6qin6OZ70XrFZbsp200csmIr+C3BwpB
Size:	9858
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\cerecloths

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\cerecloths
Category:	dropped
Dump:	cerecloths.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Type:	data
Entropy:	7.993427920996113
Encrypted:	true
Ssdeep:	6144:h7QqWOvRsmY9lqT7mKHxAfcZdmkkQSQsM2/lSMADn:+csrwT7mKWfcZVqbfgNn
Size:	270848
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\exhilaratingly

ASCII text, with very long lines (28756), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\exhilaratingly
Category:	dropped
Dump:	exhilaratingly.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Type:	ASCII text, with very long lines (28756), with no line terminators
Entropy:	3.5925202375437784
Encrypted:	false
Ssdeep:	768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbCO+IFh6q84vfF3if6g3:miTZ+2QoioGRk6ZklputwjpjBkCiw2Rg
Size:	28756
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe

"C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7108
Target ID:	0
Parent PID:	2580
Name:	Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Path:	C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe
Commandline:	"C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe"
Size:	1193984
MD5:	70A68499E37399EC6C26E7AB48F75BFD
Time:	00:34:56
Date:	02/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x4c0000
Modulesize:	1220608
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Initial sample is a PE file and has a suspicious name	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6168
Target ID:	1
Parent PID:	7108
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	00:34:57
Date:	02/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x6c0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe

"C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4928
Target ID:	2
Parent PID:	6168
Name:	iMkYSrQTtTrGyHYf.exe
Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Commandline:	"C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	00:35:00
Date:	02/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x8d0000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\RMActivate_ssp.exe

"C:\Windows\SysWOW64\RMActivate_ssp.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6504
Target ID:	3
Parent PID:	4928
Name:	RMActivate_ssp.exe
Path:	C:\Windows\SysWOW64\RMActivate_ssp.exe
Commandline:	"C:\Windows\SysWOW64\RMActivate_ssp.exe"
Size:	478720
MD5:	6599A09C160036131E4A933168DA245F
Time:	00:35:01
Date:	02/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x590000
Modulesize:	495616
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe

"C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5236
Target ID:	4
Parent PID:	6504
Name:	iMkYSrQTtTrGyHYf.exe
Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Commandline:	"C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	00:35:15
Date:	02/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x8d0000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6888
Target ID:	8
Parent PID:	6504
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	00:35:28
Date:	02/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6bf500000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.a9jcpf.top/1kbe/

45.126.181.243

http://www.webuyfontana.com/cns4/?3prdkVqx=b+X9HsydX2EZhoFbHWDGWLn8qSDjJiBvgg2FVhcLABkhzzs0ucmBPDMRqtKe3XUMFDw5FS9Ji9Imkcb4M+SgV1CrLIKWT8R/LC2e+AlJEb/hHwO3uGNSJEs=&RvYDw=90B0ZBu0r6iPPND0

3.64.163.50

http://www.778981.com/p1dd/?RvYDw=90B0ZBu0r6iPPND0&3prdkVqx=G7DDmCfNGXy3uJCEgcIIU1iXFvarFYWbvsRS9sxoYaNScQyM2A1goKEbo8KV9mX8trrejs5AH6YGa7AwDEXag2zD7gw0a+PZJfygUURv+5LCwJWR5NAeUOI=

165.154.0.120

http://www.augaqfp.lol/l8a4/?3prdkVqx=CPL7YN3vcnDyuUFtA6pv3uMhLFbLrJb1JE9LZisFmiEQ0vYrwOGtj9QBvlTfLzXcbjIACE/TYt0vO88JJ7+OI7LCsTQn12dDmlA0tsWVEcE74AqN9n1fFjE=&RvYDw=90B0ZBu0r6iPPND0

116.213.43.190

http://www.ytw6.top/rmef/?3prdkVqx=UdI5Nug9LeCq3QKyZxAFTuhDHYNaCA3T0/tR5L8b4jWaA2fUCVH3fLw1ebDEBIsiTWaLxfrgjTz4bD/84RJrNmZZ6yqPN++//ptV/K/4BOxQ2TPEoKO+wL0=&RvYDw=90B0ZBu0r6iPPND0

38.47.232.224

http://www.lexiecos.top/ff8d/

203.161.55.102

http://www.lexiecos.top/ff8d/?3prdkVqx=ohJD03igrpR8lwlwc1M4EqZrzingiHicFb+y4T5GGfrPyp+0FgUaOIwicDYxE9IqyQjr9lfiRuNbkNF7eyT6Zergy2OfkJkLywWhdn0W3d/t29Aith2p64g=&RvYDw=90B0ZBu0r6iPPND0

203.161.55.102

http://www.webuyfontana.com/cns4/

3.64.163.50

http://www.binpvae.lol/kfqo/

116.213.43.190

http://www.mhtnvro.lol/il19/?3prdkVqx=2W0Inf+zka60rkge6x3gGQQeo1iuz6hi+bPXuzv4I1vHSGtqZzoorLZZnoCmwyX2i4rMR0gWWwZYBzao7rAttPu5367SyozTICrQ88OWOZt9joXCP1iWm4I=&RvYDw=90B0ZBu0r6iPPND0

116.213.43.190

http://www.ytw6.top/rmef/

38.47.232.224

http://www.mhtnvro.lol/il19/

116.213.43.190

http://www.hsck520.com

unknown

http://www.binpvae.lol/kfqo/?3prdkVqx=NiOdQOuMLD2zHgMWwKws4JzuutDmLpx3tWxYTf2s7ZGupi3Uz5m5Dts89dE7D44P7JMDqAvEJ+8u+Llyo4b9pPx+fjdmUm+qFImntH+EZRPwIZM2dcS4AHM=&RvYDw=90B0ZBu0r6iPPND0

116.213.43.190

http://www.augaqfp.lol/l8a4/

116.213.43.190

https://cdn.livechatinc.com/tracking.js

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark

unknown

https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js

unknown

https://duckduckgo.com/ac/?q=

unknown

https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js

unknown

http://www.webuyfontana.com/

unknown

https://track.uc.cn/collect

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://www.hsck520.com/2e2r/

35.190.52.58

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://www.ecosia.org/newtab/

unknown

https://v-cn.vaptcha.com/v3.js

unknown

https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://hm.baidu.com/hm.js?

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js

unknown

https://www.livechat.com/chat-with/14282961/

unknown

https://www.livechat.com/?welcome

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css

unknown

There are 27 hidden URLs, click here to show them.

Domains

Name

Malicious

ytw6.top

38.47.232.224

aj.ajunsdfancsda.com

45.126.181.243

www.binpvae.lol

116.213.43.190

www.lexiecos.top

203.161.55.102

www.augaqfp.lol

116.213.43.190

www.mhtnvro.lol

116.213.43.190

7a4ca695fd164z.greycdn.net

165.154.0.120

www.webuyfontana.com

3.64.163.50

www.778981.com

unknown

www.byteffederal.com

unknown

www.jjkelker.com

unknown

www.ytw6.top

unknown

www.caroinapottery.com

unknown

www.a9jcpf.top

unknown

www.mebutnotme.store

unknown

www.hsck520.com

35.190.52.58

There are 6 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

45.126.181.243

aj.ajunsdfancsda.com

Hong Kong

Details

IP:	45.126.181.243
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	Hong Kong
Countrycode:	HKG
ASN number:	59371
ASN name:	DNC-ASDimensionNetworkCommunicationLimitedHK
Private:	false
Domain:	aj.ajunsdfancsda.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

203.161.55.102

www.lexiecos.top

Malaysia

Details

IP:	203.161.55.102
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	Malaysia
Countrycode:	MYS
ASN number:	45899
ASN name:	VNPT-AS-VNVNPTCorpVN
Private:	false
Domain:	www.lexiecos.top

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

165.154.0.120

7a4ca695fd164z.greycdn.net

Canada

Details

IP:	165.154.0.120
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	Canada
Countrycode:	CAN
ASN number:	7456
ASN name:	INTERHOPCA
Private:	false
Domain:	7a4ca695fd164z.greycdn.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

3.64.163.50

www.webuyfontana.com

United States

Details

IP:	3.64.163.50
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	www.webuyfontana.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

38.47.232.224

ytw6.top

United States

Details

IP:	38.47.232.224
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false
Domain:	ytw6.top

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

116.213.43.190

www.binpvae.lol

Hong Kong

Details

IP:	116.213.43.190
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	Hong Kong
Countrycode:	HKG
ASN number:	63889
ASN name:	CLOUDIVLIMITED-ASCloudIvLimitedHK
Private:	false
Domain:	www.binpvae.lol

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

35.190.52.58

www.hsck520.com

United States

Details

IP:	35.190.52.58
TargetID:	4
Current Path:	C:\Program Files (x86)\iKNmzFfFgrrPOeSHltSpZMrQNKJTmclXpOPcoazBWvRlIjHILwtNsamegFO\iMkYSrQTtTrGyHYf.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	www.hsck520.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

5130000

system

page execute and read and write

400000

system

page execute and read and write

2CD0000

trusted library allocation

page read and write

2D10000

trusted library allocation

page read and write

2610000

system

page execute and read and write

32D0000

unclassified section

page execute and read and write

36E0000

unkown

page execute and read and write

4600000

unclassified section

page execute and read and write

3AC9000

direct allocation

page read and write

2A91000

heap

page read and write

343E3FF000

stack

page read and write

3B1D000

direct allocation

page read and write

1620000

unkown

page readonly

3850000

direct allocation

page read and write

408C000

unclassified section

page read and write

BE1000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

3A50000

unkown

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A9A000

stack

page read and write

2BE0000

heap

page read and write

2A91000

heap

page read and write

1212000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1BED91E0000

trusted library allocation

page read and write

AB0000

unkown

page readonly

46D4000

unclassified section

page read and write

2A91000

heap

page read and write

79A3000

heap

page read and write

2A91000

heap

page read and write

2B90000

heap

page read and write

E00000

heap

page read and write

11FF000

heap

page read and write

2A91000

heap

page read and write

1020000

heap

page read and write

39A0000

direct allocation

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

39A0000

direct allocation

page read and write

4E9C000

unclassified section

page execute and read and write

3B19000

direct allocation

page read and write

2C13000

heap

page read and write

30E4000

unkown

page read and write

1098000

heap

page read and write

2A91000

heap

page read and write

10E6000

heap

page read and write

80AF000

stack

page read and write

1004000

heap

page read and write

1054000

heap

page read and write

DE0000

unkown

page readonly

1063000

heap

page read and write

2E1A000

heap

page read and write

970000

heap

page read and write

8E7000

unkown

page readonly

2A91000

heap

page read and write

AA0000

unkown

page readonly

2E90000

trusted library allocation

page read and write

2A91000

heap

page read and write

10E6000

heap

page read and write

E90000

heap

page read and write

106C000

heap

page read and write

79B7000

heap

page read and write

B70000

unkown

page readonly

EE4000

heap

page read and write

2C61000

heap

page read and write

2A91000

heap

page read and write

AB0000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

8DE000

unkown

page readonly

EE0000

heap

page read and write

2A91000

heap

page read and write

7971000

heap

page read and write

292F000

stack

page read and write

960000

unkown

page readonly

2C54000

heap

page read and write

93A000

stack

page read and write

2A91000

heap

page read and write

B1A000

stack

page read and write

BD0000

unkown

page read and write

BF0000

unkown

page read and write

2A91000

heap

page read and write

DFE000

stack

page read and write

1794C000

system

page read and write

1420000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1090000

heap

page read and write

37CD000

direct allocation

page execute and read and write

10CF000

heap

page read and write

2A91000

heap

page read and write

1010000

unkown

page read and write

1BED76E0000

system

page execute and read and write

F00000

direct allocation

page read and write

79A5000

heap

page read and write

27F0000

heap

page read and write

5226000

system

page execute and read and write

2A91000

heap

page read and write

2C4A000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

4560000

unkown

page read and write

2A91000

heap

page read and write

2CD3000

heap

page read and write

2BE2000

heap

page read and write

2C4E000

heap

page read and write

2CFC000

unkown

page read and write

3C00000

unclassified section

page execute and read and write

1063000

heap

page read and write

2C40000

heap

page read and write

2A91000

heap

page read and write

2C13000

heap

page read and write

870000

unkown

page readonly

9E1000

unkown

page readonly

DE0000

unkown

page readonly

588000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

B80000

heap

page read and write

4C0000

unkown

page readonly

9D0000

heap

page read and write

39F0000

direct allocation

page read and write

2A91000

heap

page read and write

3290000

direct allocation

page read and write

1090000

unkown

page readonly

9E1000

unkown

page readonly

1189000

heap

page read and write

2C13000

heap

page read and write

2C13000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

3B76000

heap

page read and write

50B000

stack

page read and write

2E05000

heap

page read and write

1090000

unkown

page readonly

2680000

heap

page read and write

3F06000

unkown

page read and write

1290000

unkown

page readonly

C5B000

stack

page read and write

3000000

heap

page read and write

2A91000

heap

page read and write

970000

heap

page read and write

9F0000

unkown

page read and write

2A91000

heap

page read and write

1C2F000

stack

page read and write

2C7D000

heap

page read and write

548000

stack

page read and write

2B90000

trusted library allocation

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

4C1000

unkown

page execute read

2A91000

heap

page read and write

797B000

heap

page read and write

39F0000

direct allocation

page read and write

2A91000

heap

page read and write

9C0000

unkown

page read and write

3B01000

heap

page read and write

B60000

unkown

page readonly

1BED9310000

trusted library allocation

page read and write

3923000

direct allocation

page read and write

10CE000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

10CF000

heap

page read and write

8E5000

unkown

page read and write

2A91000

heap

page read and write

8E7000

unkown

page readonly

2A91000

heap

page read and write

17732000

system

page read and write

1038000

heap

page read and write

2A91000

heap

page read and write

BD0000

unkown

page read and write

52AC000

unkown

page read and write

2A91000

heap

page read and write

4866000

unclassified section

page read and write

279E000

stack

page read and write

1BED777A000

system

page execute and read and write

1064000

heap

page read and write

2E90000

trusted library allocation

page read and write

7981000

heap

page read and write

2BF0000

unkown

page readonly

2F0E000

stack

page read and write

10E7000

heap

page read and write

2A91000

heap

page read and write

3300000

heap

page read and write

EFD000

stack

page read and write

2A22000

unkown

page read and write

3B8E000

direct allocation

page read and write

3800000

direct allocation

page read and write

10E0000

heap

page read and write

1010000

unkown

page read and write

2674000

heap

page read and write

1222000

heap

page read and write

9D0000

heap

page read and write

2A91000

heap

page read and write

362D000

direct allocation

page execute and read and write

3382000

unclassified section

page read and write

45D9000

unkown

page read and write

2A91000

heap

page read and write

1220000

heap

page read and write

106F000

heap

page read and write

860000

unkown

page readonly

39A0000

direct allocation

page read and write

2A91000

heap

page read and write

3B1D000

direct allocation

page read and write

2A91000

heap

page read and write

10E6000

heap

page read and write

2A91000

heap

page read and write

1BED7890000

heap

page read and write

2A90000

heap

page read and write

2A91000

heap

page read and write

EF0000

direct allocation

page execute and read and write

1020000

heap

page read and write

1BED777C000

system

page execute and read and write

BF0000

unkown

page read and write

3223000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

10B4000

heap

page read and write

3F7C000

unkown

page execute and read and write

3ACD000

direct allocation

page read and write

2A91000

heap

page read and write

2BDB000

heap

page read and write

2A91000

heap

page read and write

3B1D000

direct allocation

page read and write

2C3C000

heap

page read and write

9BE000

stack

page read and write

FE0000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

301E000

heap

page read and write

7999000

heap

page read and write

8E5000

unkown

page read and write

8D1000

unkown

page execute read

2A91000

heap

page read and write

1004000

heap

page read and write

583000

unkown

page write copy

1BED789F000

heap

page read and write

950000

unkown

page readonly

2A91000

heap

page read and write

10E6000

heap

page read and write

108F000

stack

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

37D1000

direct allocation

page execute and read and write

2A5C000

stack

page read and write

2A91000

heap

page read and write

328F000

stack

page read and write

3842000

direct allocation

page execute and read and write

7A60000

trusted library allocation

page read and write

2FA9000

heap

page read and write

3B19000

direct allocation

page read and write

7993000

heap

page read and write

1090000

heap

page read and write

51A9000

system

page execute and read and write

43B0000

unclassified section

page read and write

4C0000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2C13000

heap

page read and write

2DF0000

trusted library allocation

page execute and read and write

2A91000

heap

page read and write

2C9B000

heap

page read and write

2C67000

heap

page read and write

4C1000

unkown

page execute read

2A91000

heap

page read and write

2C13000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1BED94C4000

trusted library allocation

page read and write

2A91000

heap

page read and write

2930000

unkown

page readonly

342D000

heap

page read and write

2A91000

heap

page read and write

422A000

unkown

page read and write

8DE000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

5F40000

trusted library allocation

page read and write

8D0000

unkown

page readonly

1290000

unkown

page readonly

54F000

unkown

page readonly

2A91000

heap

page read and write

11DA000

heap

page read and write

2A91000

heap

page read and write

8E7000

unkown

page readonly

2C00000

heap

page read and write

2674000

heap

page read and write

1BED9401000

trusted library allocation

page read and write

1BED94CE000

trusted library allocation

page read and write

2E05000

heap

page read and write

1420000

unkown

page readonly

318E000

stack

page read and write

A90000

unkown

page readonly

17672000

system

page read and write

2A91000

heap

page read and write

8DE000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2C13000

heap

page read and write

2A91000

heap

page read and write

45D5000

unkown

page read and write

940000

unkown

page readonly

32FD000

direct allocation

page execute and read and write

9F0000

unkown

page read and write

10E0000

heap

page read and write

2A91000

heap

page read and write

798E000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

CFC000

stack

page read and write

8E7000

unkown

page readonly

2A91000

heap

page read and write

2B20000

heap

page read and write

B50000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

343CBFD000

stack

page read and write

E50000

unkown

page read and write

2674000

heap

page read and write

3ACD000

direct allocation

page read and write

1BED9317000

trusted library allocation

page read and write

182E000

stack

page read and write

2A91000

heap

page read and write

3923000

direct allocation

page read and write

2A91000

heap

page read and write

C3F000

stack

page read and write

2A91000

heap

page read and write

3B3E000

direct allocation

page read and write

1BED930D000

trusted library allocation

page read and write

2A91000

heap

page read and write

2C00000

heap

page read and write

7988000

heap

page read and write

E74000

heap

page read and write

54F000

unkown

page readonly

575000

unkown

page readonly

2A91000

heap

page read and write

1BED9300000

trusted library allocation

page read and write

2A91000

heap

page read and write

2C83000

heap

page read and write

308E000

stack

page read and write

2CE0000

unkown

page execute and read and write

2BE0000

heap

page read and write

106E000

stack

page read and write

2A91000

heap

page read and write

343DBFE000

stack

page read and write

2A91000

heap

page read and write

2AE2000

unkown

page read and write

2A91000

heap

page read and write

1BED7810000

heap

page read and write

2C13000

heap

page read and write

BCE000

stack

page read and write

2A91000

heap

page read and write

3010000

direct allocation

page read and write

3973000

direct allocation

page read and write

E74000

heap

page read and write

BBD000

unkown

page read and write

372C000

unkown

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

E40000

heap

page read and write

39F0000

direct allocation

page read and write

3973000

direct allocation

page read and write

3D74000

unkown

page read and write

2BE0000

heap

page read and write

53AC000

unkown

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1BED9321000

trusted library allocation

page read and write

1BED91D0000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

32D0000

direct allocation

page read and write

2A91000

heap

page read and write

93A000

stack

page read and write

2A91000

heap

page read and write

2BD0000

heap

page read and write

3B19000

direct allocation

page read and write

2A91000

heap

page read and write

10D1000

heap

page read and write

2A91000

heap

page read and write

2C7A000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

960000

unkown

page readonly

27E0000

heap

page read and write

3800000

direct allocation

page read and write

2A91000

heap

page read and write

8E5000

unkown

page read and write

304E000

stack

page read and write

3ACD000

direct allocation

page read and write

2DF6000

heap

page read and write

57F000

unkown

page write copy

A90000

unkown

page readonly

8D1000

unkown

page execute read

7960000

heap

page read and write

3301000

direct allocation

page execute and read and write

1BED78BF000

heap

page read and write

79AC000

heap

page read and write

7986000

heap

page read and write

2C13000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1106000

heap

page read and write

2A91000

heap

page read and write

57F000

unkown

page read and write

CE0000

heap

page read and write

2B2F000

stack

page read and write

3923000

direct allocation

page read and write

4B8A000

unclassified section

page read and write

117C000

heap

page read and write

2A91000

heap

page read and write

B1A000

stack

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1098000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

349C000

unclassified section

page read and write

E4E000

stack

page read and write

2A91000

heap

page read and write

E60000

unkown

page read and write

3429000

heap

page read and write

2A91000

heap

page read and write

3B3E000

direct allocation

page read and write

2E90000

trusted library allocation

page read and write

3AC9000

direct allocation

page read and write

2A91000

heap

page read and write

3800000

direct allocation

page read and write

2A91000

heap

page read and write

1BED94BE000

trusted library allocation

page read and write

3B8E000

direct allocation

page read and write

315D000

direct allocation

page execute and read and write

2670000

heap

page read and write

2C54000

heap

page read and write

1BED78AC000

heap

page read and write

B80000

heap

page read and write

2C61000

heap

page read and write

106F000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

B60000

unkown

page readonly

3B3E000

direct allocation

page read and write

2A22000

unkown

page read and write

1BED94A5000

trusted library allocation

page read and write

10E1000

heap

page read and write

3B00000

heap

page read and write

2A91000

heap

page read and write

2E00000

heap

page read and write

2E12000

heap

page read and write

1000000

heap

page read and write

8D1000

unkown

page execute read

3850000

direct allocation

page read and write

850000

unkown

page readonly

2BE0000

heap

page read and write

1BED7860000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

8D1000

unkown

page execute read

2A91000

heap

page read and write

2FAD000

heap

page read and write

E50000

unkown

page read and write

1BED91E0000

trusted library allocation

page read and write

950000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

10CF000

heap

page read and write

2A91000

heap

page read and write

4E2F000

unclassified section

page execute and read and write

575000

unkown

page readonly

10E0000

heap

page read and write

32D0000

direct allocation

page read and write

2CA4000

heap

page read and write

2C02000

heap

page read and write

2C90000

heap

page read and write

17D34000

system

page read and write

2A91000

heap

page read and write

7CA0000

heap

page read and write

10E1000

heap

page read and write

2C4A000

heap

page read and write

1BED789A000

heap

page read and write

2A91000

heap

page read and write

1030000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2BEB000

heap

page read and write

128F000

stack

page read and write

8D0000

unkown

page readonly

C4F000

stack

page read and write

2A91000

heap

page read and write

79A0000

heap

page read and write

2C3C000

heap

page read and write

2D50000

trusted library allocation

page read and write

2B3C000

unkown

page read and write

2A91000

heap

page read and write

2E19000

heap

page read and write

3030000

direct allocation

page execute and read and write

CFC000

stack

page read and write

3AC9000

direct allocation

page read and write

E90000

heap

page read and write

8E5000

unkown

page read and write

2A91000

heap

page read and write

10E6000

heap

page read and write

2A91000

heap

page read and write

3500000

direct allocation

page execute and read and write

2A91000

heap

page read and write

1620000

unkown

page readonly

2A91000

heap

page read and write

10E6000

heap

page read and write

365C000

unclassified section

page read and write

2C13000

heap

page read and write

2A91000

heap

page read and write

2E80000

heap

page read and write

32D0000

direct allocation

page read and write

2930000

unkown

page readonly

31CE000

direct allocation

page execute and read and write

3100000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

1222000

heap

page read and write

AA0000

unkown

page readonly

FE0000

unkown

page readonly

3A01000

heap

page read and write

1BED78C2000

heap

page read and write

2C4E000

heap

page read and write

2A91000

heap

page read and write

1BED9303000

trusted library allocation

page read and write

2C13000

heap

page read and write

2CAA000

heap

page read and write

E70000

heap

page read and write

EC0000

heap

page read and write

2A91000

heap

page read and write

1BED9315000

trusted library allocation

page read and write

343C3FB000

stack

page read and write

C7C000

stack

page read and write

2A91000

heap

page read and write

2CB5000

heap

page read and write

EA0000

heap

page read and write

106C000

heap

page read and write

2CB3000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

8DE000

unkown

page readonly

E70000

heap

page read and write

3372000

direct allocation

page execute and read and write

B50000

unkown

page readonly

2A91000

heap

page read and write

E00000

heap

page read and write

79A8000

heap

page read and write

2C87000

heap

page read and write

2A91000

heap

page read and write

9BE000

stack

page read and write

798B000

heap

page read and write

F60000

heap

page read and write

2A91000

heap

page read and write

BE1000

unkown

page readonly

3159000

direct allocation

page execute and read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2AF0000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

343D3FE000

stack

page read and write

27DF000

stack

page read and write

2A91000

heap

page read and write

3629000

direct allocation

page execute and read and write

1203000

heap

page read and write

2C6C000

heap

page read and write

1BED7830000

heap

page read and write

2F01000

heap

page read and write

1203000

heap

page read and write

EB0000

heap

page read and write

E98000

heap

page read and write

940000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2C13000

heap

page read and write

806E000

stack

page read and write

2A91000

heap

page read and write

3A44000

unclassified section

page read and write

2A91000

heap

page read and write

9C0000

unkown

page read and write

2A91000

heap

page read and write

879000

stack

page read and write

2C13000

heap

page read and write

108F000

stack

page read and write

2A91000

heap

page read and write

1151000

heap

page read and write

10E6000

heap

page read and write

51CF000

system

page execute and read and write

E98000

heap

page read and write

2A91000

heap

page read and write

2C13000

heap

page read and write

2E17000

heap

page read and write

850000

unkown

page readonly

2AD0000

heap

page read and write

2BEB000

heap

page read and write

1BED9400000

trusted library allocation

page read and write

3850000

direct allocation

page read and write

1063000

heap

page read and write

2A91000

heap

page read and write

2CAF000

heap

page read and write

8D0000

unkown

page readonly

2A91000

heap

page read and write

1BED9200000

trusted library allocation

page read and write

2A91000

heap

page read and write

369E000

direct allocation

page execute and read and write

EFD000

stack

page read and write

2A91000

heap

page read and write

3B8E000

direct allocation

page read and write

B70000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

2C13000

heap

page read and write

2C13000

heap

page read and write

870000

unkown

page readonly

51D2000

system

page execute and read and write

106F000

heap

page read and write

2BF0000

unkown

page readonly

E3E000

stack

page read and write

7A70000

trusted library allocation

page read and write

1000000

heap

page read and write

860000

unkown

page readonly

10CF000

heap

page read and write

2A91000

heap

page read and write

2A91000

heap

page read and write

2CFC000

unkown

page read and write

588000

unkown

page readonly

10BF000

heap

page read and write

2A91000

heap

page read and write

349E000

heap

page read and write

2E17000

heap

page read and write

8D0000

unkown

page readonly

2A91000

heap

page read and write

2A91000

heap

page read and write

3442000

unclassified section

page read and write

2A91000

heap

page read and write

2F4E000

stack

page read and write

51B3000

system

page execute and read and write

3F0F000

unkown

page execute and read and write

51C3000

system

page execute and read and write

2A91000

heap

page read and write

2C40000

heap

page read and write

1BED78BA000

heap

page read and write

3973000

direct allocation

page read and write

2A91000

heap

page read and write

There are 654 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportRequest for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Request for Quotation for PTTEP - EPCC for SISGES Development Project 2.exe