Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Attendance list.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.145716661459288
Filename:	Attendance list.exe
Filesize:	1193472
MD5:	8a08778411f99d8db7790cb7f0a84e3b
SHA1:	374833b2a846feb5c015f0ffcf44320a62ffa697
SHA256:	fd8e19c88440f8e813686b5b91c2df082c0d319af7ff6a10056e27c5400228fe
SHA512:	1f0a8c3e3ec10b4f00a1a84493e75fdcde0f625577f8022e6f3045096e956407d282a6438e4f9a40519041a094384124866b4b9e23cf379d7a910a258f10a9f5
SSDEEP:	24576:lAHnh+eWsN3skA4RV1Hom2KXMmHawY3axThttc5:Uh+ZkldoPK8YawA8Tht8
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Native API Access Token Manipulation
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery Clipboard Data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found evasive API chain (date check)	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery System Information Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\23802I71

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\23802I71
Category:	dropped
Dump:	23802I71.4.dr
ID:	dr_4
Target ID:	4
Process:	C:\Windows\SysWOW64\clip.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Entropy:	1.121297215059106
Encrypted:	false
Ssdeep:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
Size:	196608
Whitelisted:	false
Reputation:	high

C:\Users\user\AppData\Local\Temp\Vevine

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\Vevine
Category:	dropped
Dump:	Vevine.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\Attendance list.exe
Type:	data
Entropy:	7.994162077855672
Encrypted:	true
Ssdeep:	6144:/g2NQUrgeNCOMb4UHwJewxix9RcqOsUSTQEs7OoAGD:/vBNr7UQJbxiiqxsKDa
Size:	270848
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\adstipulator

ASCII text, with very long lines (28756), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\adstipulator
Category:	dropped
Dump:	adstipulator.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\Attendance list.exe
Type:	ASCII text, with very long lines (28756), with no line terminators
Entropy:	3.5862559753336423
Encrypted:	false
Ssdeep:	768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbX+IZ6Gg4vfF3if6gyHs:miTZ+2QoioGRk6ZklputwjpjBkCiw2Ru
Size:	28756
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\aut6F8D.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut6F8D.tmp
Category:	dropped
Dump:	aut6F8D.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Attendance list.exe
Type:	data
Entropy:	7.994162077855672
Encrypted:	true
Ssdeep:	6144:/g2NQUrgeNCOMb4UHwJewxix9RcqOsUSTQEs7OoAGD:/vBNr7UQJbxiiqxsKDa
Size:	270848
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\aut6FBD.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut6FBD.tmp
Category:	dropped
Dump:	aut6FBD.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\Attendance list.exe
Type:	data
Entropy:	7.602618158290456
Encrypted:	false
Ssdeep:	192:65jwEiq+uHKrLM0IltC6jQqSa6fYHToxycOIyYpgijSWzKrBSi/1aF:I6q+Brw/gjYKycW0gUMB//1I
Size:	9814
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Attendance list.exe

"C:\Users\user\Desktop\Attendance list.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5496
Target ID:	0
Parent PID:	1028
Name:	Attendance list.exe
Path:	C:\Users\user\Desktop\Attendance list.exe
Commandline:	"C:\Users\user\Desktop\Attendance list.exe"
Size:	1193472
MD5:	8A08778411F99D8DB7790CB7F0A84E3B
Time:	01:14:48
Date:	02/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8c0000
Modulesize:	1216512
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\Attendance list.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7136
Target ID:	2
Parent PID:	5496
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\Attendance list.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	01:14:49
Date:	02/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x370000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\HNlYSctsxjusxqYQrESGhmOEfHJwtjndFahIKSrGDsdYtbZtOyTREdo\sSzWYtHqcRqHklFYcPzKpLlSXP.exe

"C:\Program Files (x86)\HNlYSctsxjusxqYQrESGhmOEfHJwtjndFahIKSrGDsdYtbZtOyTREdo\sSzWYtHqcRqHklFYcPzKpLlSXP.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6600
Target ID:	3
Parent PID:	7136
Name:	sSzWYtHqcRqHklFYcPzKpLlSXP.exe
Path:	C:\Program Files (x86)\HNlYSctsxjusxqYQrESGhmOEfHJwtjndFahIKSrGDsdYtbZtOyTREdo\sSzWYtHqcRqHklFYcPzKpLlSXP.exe
Commandline:	"C:\Program Files (x86)\HNlYSctsxjusxqYQrESGhmOEfHJwtjndFahIKSrGDsdYtbZtOyTREdo\sSzWYtHqcRqHklFYcPzKpLlSXP.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	01:14:59
Date:	02/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x120000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\clip.exe

"C:\Windows\SysWOW64\clip.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1488
Target ID:	4
Parent PID:	6600
Name:	clip.exe
Path:	C:\Windows\SysWOW64\clip.exe
Commandline:	"C:\Windows\SysWOW64\clip.exe"
Size:	24576
MD5:	E40CB198EBCD20CD16739F670D4D7B74
Time:	01:15:01
Date:	02/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x300000
Modulesize:	40960
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2944
Target ID:	6
Parent PID:	1488
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	01:15:26
Date:	02/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff79f9e0000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.telwisey.info/ei85/?66s0QHx=ORmqfURBt40sHMHN3K9lcqnOZkw5OMnI9iieY9Aomdlbsbne+w1Kch9DF1irZ5FVSFO0rJB3/OJZWwrRbdUXhR90PBHPgFvMy30KUVoXMjhVhw+zOJlVxwLOJt1WoLc5Mw==&Jjv=GpKhRVSHzLA8j4R

199.192.19.19

http://www.bfiworkerscomp.com/xzzi/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=9CTSfwlM5YWl8fva1LSaXKM8r2QUgbHW1FpC9VokAvwkUHOJycf2DDxLp9tWLELwEKEPfCC2oiLqmqE9jQi/U7l2GiVWxU2JTINSgPIAJ4NvupNBog1mPljiQYHOMEGLOA==

208.91.197.27

http://www.xn--fhq1c541j0zr.com/rm91/

43.252.167.188

http://www.bfiworkerscomp.com/xzzi/

208.91.197.27

http://www.catherineviskadi.com/qe66/?66s0QHx=dnvLceXALBk3Hr4/PEp98EYmblYqw8i+NG0MGchlNc+FfqCdFLzpUNQMmrv30qtrBi93uCjMcFA24SebHgOv5wKSlbq5H9RfpzlUfmq/1+2mTftJij2S2gWTPvHx6aM7mw==&Jjv=GpKhRVSHzLA8j4R

217.160.0.106

http://www.sandranoll.com/aroo/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=bKy7FSIHmKYFjPoPKsunUN9vBLYaDX52twFEynhtde+XdOqoRjh1sl1n+ba+sSXyFBuEELqLWRHnTW9JDkHGB3kb0OJ7ghG7VUOTSl8sxinDCxUKcrHKEU0DEmNR7hjgMQ==

213.145.228.16

http://www.anuts.top/li0t/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=cVY/NretpRV3pSqbAwFMzZODfIM0+2Z9S8puWnY234sUXEzh+T0fGizPv/1GJq+MSLyulFxDkLwqIofvrKUfhgzxX5A8Pgwb+i5XvTgZRBJb2EypYfKSb86Vxi/qsGcisw==

23.251.54.212

http://www.dmtxwuatbz.cc/lfkn/

172.67.210.102

http://www.sandranoll.com/aroo/

213.145.228.16

http://www.gipsytroya.com/tf44/

91.195.240.19

http://www.xn--matfrmn-jxa4m.se/4hda/

194.9.94.85

http://www.telwisey.info/ei85/

199.192.19.19

http://www.xn--fhq1c541j0zr.com/rm91/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=jSd7r+67+N1qAQkxX/tAwzcZagSYI1kZQchR8WhIexhCyQiFJMwmzlR6zVHzfOVMvsfcwBywDpFhuhrgfB+WA/0x0l7m7B814c3LweorfxiP0L71SZjJ1PPNKkJ0Qx2crw==

43.252.167.188

http://www.xn--matfrmn-jxa4m.se/4hda/?66s0QHx=+FYRabRorC7iiipcHmFJARkvcpdCy5kXHVGGEQvE/CSzp7OmTlR57ws6ggMdmmjgEK74RwiZfuW5KkdpyqG94cDJ5htquBO11HcjCOymydCfo0q1+e/CBcncmTCUQD5IVA==&Jjv=GpKhRVSHzLA8j4R

194.9.94.85

http://www.helpers-lion.online/mooq/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=6C5pq03gIUcCxycao4jVOd5j2ETtSk+CIQvh/K6jTje/eWOGI1u26kAEsQXtCs3elXAZegkYPdXqLAdc1WNGhsE2fBM2zTxwuji6F0Pbl1x/Uo4pPUilA6mApMPDsyvzdQ==

194.58.112.174

http://www.catherineviskadi.com/qe66/

217.160.0.106

http://www.anuts.top/li0t/

23.251.54.212

http://www.helpers-lion.online/mooq/

194.58.112.174

http://www.gipsytroya.com/tf44/?66s0QHx=zHiAY6EG+HxIxFu8Foth356DlimOdN8M+W8Rr/tGfSzDPDxggLk9FyyADeImH3/ZYgS5WMd+vNhhyXlbnciy2erzG94aXY3gKTO0tUNpFmCuOm5+YFWh8hIX5dCVSC+GNg==&Jjv=GpKhRVSHzLA8j4R

91.195.240.19

https://duckduckgo.com/chrome_newtab

unknown

https://www.reg.ru/whois/?check=&dname=www.helpers-lion.online&reg_source=parking_auto

unknown

https://duckduckgo.com/ac/?q=

unknown

https://reg.ru

unknown

http://www.hatercoin.online/wf3a/

142.250.181.243

https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd

unknown

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css

unknown

https://www.reg.ru/web-sites/website-builder/?utm_source=www.helpers-lion.online&utm_medium=parking&

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://static.loopia.se/responsive/images/iOS-72.png

unknown

https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking

unknown

http://www.domaintechnik.at/data/gfx/dt_logo_parking.png

unknown

https://www.reg.ru/domain/new/?utm_source=www.helpers-lion.online&utm_medium=parking&utm_campaign=s_

unknown

https://parking.reg.ru/script/get_domain_data?domain_name=www.helpers-lion.online&rand=

unknown

https://static.loopia.se/shared/logo/logo-loopia-white.svg

unknown

https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe

unknown

https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park

unknown

https://www.domaintechnik.at/fileadmin/gfx/icons/free-basic-hosting.png

unknown

https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css

unknown

https://www.hprlz.cz/w6qg/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=0lpTRQcDUH

unknown

http://www.hprlz.cz/w6qg/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=0lpTRQcDUH+iEsGzFrKDlEkxf0hSGbqe7Z/xuNmTgdli9rpOUGyXizj5cQ9XxC4so84FNpFR9txXxm0tq1Ca0ipuJKNLUJAUyvRep5v3DJLNu0m2HizCt4wFiNb5RCLtMg==

5.44.111.162

https://static.loopia.se/shared/images/additional-pages-hero-shape.webp

unknown

https://static.loopia.se/shared/style/2022-extra-pages.css

unknown

https://static.loopia.se/responsive/images/iOS-114.png

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://www.networksolutions.com/

unknown

https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://www.domaintechnik.at/fileadmin/pics/logos/icann.gif

unknown

https://www.reg.ru/hosting/?utm_source=www.helpers-lion.online&utm_medium=parking&utm_campaign=s_lan

unknown

http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut

unknown

https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-

unknown

https://www.ecosia.org/newtab/

unknown

https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf

unknown

https://static.loopia.se/responsive/styles/reset.css

unknown

https://www.reg.ru/web-sites/?utm_source=www.helpers-lion.online&utm_medium=parking&utm_campaign=s_l

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://static.loopia.se/responsive/images/iOS-57.png

unknown

https://www.hprlz.cz/w6qg/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=0lpTRQcDUH

unknown

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js

unknown

https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa

unknown

https://www.reg.ru/dedicated/?utm_source=www.helpers-lion.online&utm_medium=parking&utm_campaign=s_l

unknown

https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa

unknown

http://www.dmtxwuatbz.cc

unknown

https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin

unknown

https://www.hatercoin.online/wf3a/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=EKVDXBgImxJWeZhJNsklc3Q8dq4iVG0MTaJQI

unknown

http://www.hatercoin.online/wf3a/?Jjv=GpKhRVSHzLA8j4R&66s0QHx=EKVDXBgImxJWeZhJNsklc3Q8dq4iVG0MTaJQI9BJxmHKvH3SiDTatPSqYvMyoDFRoX1f1ApOAYKP2hecch8PPIbZZar3vE0ZmDGvAwUCcsFCeR/Dh+n2QaVtkWzZCs4EoA==

142.250.181.243

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://www.domaintechnik.at/fileadmin/gfx/logos/hostedsoft/typo3-2.png

unknown

https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa

unknown

https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb

unknown

https://www.domaintechnik.at/fileadmin/gfx/logos/hostedsoft/piwik.png

unknown

There are 63 hidden URLs, click here to show them.

Domains

Name

Malicious

www.sandranoll.com

213.145.228.16

www.dmtxwuatbz.cc

172.67.210.102

www.xn--matfrmn-jxa4m.se

194.9.94.85

www.catherineviskadi.com

217.160.0.106

www.anuts.top

23.251.54.212

www.helpers-lion.online

194.58.112.174

www.bfiworkerscomp.com

208.91.197.27

parkingpage.namecheap.com

91.195.240.19

www.telwisey.info

199.192.19.19

www.xn--fhq1c541j0zr.com

43.252.167.188

www.fourgrouw.cfd

unknown

www.hatercoin.online

unknown

www.tinmapco.com

unknown

www.gipsytroya.com

unknown

www.hprlz.cz

5.44.111.162

ghs.googlehosted.com

142.250.181.243

There are 6 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

23.251.54.212

www.anuts.top

United States

172.67.210.102

www.dmtxwuatbz.cc

United States

213.145.228.16

www.sandranoll.com

Austria

194.9.94.85

www.xn--matfrmn-jxa4m.se

Sweden

217.160.0.106

www.catherineviskadi.com

Germany

208.91.197.27

www.bfiworkerscomp.com

Virgin Islands (BRITISH)

91.195.240.19

parkingpage.namecheap.com

Germany

194.58.112.174

www.helpers-lion.online

Russian Federation

199.192.19.19

www.telwisey.info

United States

43.252.167.188

www.xn--fhq1c541j0zr.com

Hong Kong

5.44.111.162

www.hprlz.cz

Germany

142.250.181.243

ghs.googlehosted.com

United States

There are 2 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

42F0000

trusted library allocation

page read and write

2640000

system

page execute and read and write

34C0000

unclassified section

page execute and read and write

42B0000

trusted library allocation

page read and write

5A00000

unclassified section

page execute and read and write

400000

system

page execute and read and write

4980000

unkown

page execute and read and write

29E1000

heap

page read and write

27D7000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

8140000

unkown

page read and write

29E1000

heap

page read and write

DE0000

heap

page read and write

802F000

stack

page read and write

2391F6CE000

trusted library allocation

page read and write

301A000

heap

page read and write

27F3000

heap

page read and write

29E1000

heap

page read and write

2775000

heap

page read and write

5348000

unclassified section

page read and write

29E1000

heap

page read and write

38ED000

direct allocation

page read and write

79C3000

heap

page read and write

710A000

system

page read and write

29E1000

heap

page read and write

1140000

unkown

page readonly

97F000

unkown

page write copy

4601000

heap

page read and write

2391DABF000

heap

page read and write

26B0000

heap

page read and write

3620000

direct allocation

page read and write

E81A9FE000

stack

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

6410000

unclassified section

page execute and read and write

29E1000

heap

page read and write

120000

unkown

page readonly

29E1000

heap

page read and write

FE8000

heap

page read and write

29E1000

heap

page read and write

97F000

unkown

page read and write

3743000

direct allocation

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

452E000

stack

page read and write

11DD000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

3021000

heap

page read and write

29E1000

heap

page read and write

3005000

heap

page read and write

DC0000

unkown

page readonly

29E1000

heap

page read and write

29E1000

heap

page read and write

395E000

direct allocation

page read and write

62FC000

unclassified section

page read and write

29E1000

heap

page read and write

3580000

unkown

page execute and read and write

101B000

heap

page read and write

29E1000

heap

page read and write

37C0000

direct allocation

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2930000

unkown

page readonly

2825000

heap

page read and write

330000

heap

page read and write

1081000

heap

page read and write

113F000

stack

page read and write

3743000

direct allocation

page read and write

38E9000

direct allocation

page read and write

798C000

heap

page read and write

DD0000

unkown

page readonly

29E1000

heap

page read and write

27ED000

heap

page read and write

29E1000

heap

page read and write

795E000

heap

page read and write

8C1000

unkown

page execute read

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

70E000

stack

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

1DF14000

system

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

7986000

heap

page read and write

DBE000

stack

page read and write

5A1C000

system

page read and write

6156000

system

page read and write

38E9000

direct allocation

page read and write

8B0000

heap

page read and write

4470000

trusted library allocation

page read and write

1095000

heap

page read and write

59C2000

system

page read and write

38ED000

direct allocation

page read and write

DF0000

heap

page read and write

43D0000

trusted library allocation

page execute and read and write

8C0000

unkown

page readonly

29E1000

heap

page read and write

29E1000

heap

page read and write

2CE0000

heap

page read and write

29E1000

heap

page read and write

48DD000

direct allocation

page execute and read and write

79B0000

heap

page read and write

372D000

direct allocation

page execute and read and write

395E000

direct allocation

page read and write

2391D945000

system

page execute and read and write

2391F600000

trusted library allocation

page read and write

11CD000

heap

page read and write

2391F500000

trusted library allocation

page read and write

48E1000

direct allocation

page execute and read and write

80DC000

system

page execute and read and write

458C000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

E81A1FE000

stack

page read and write

4330000

trusted library allocation

page read and write

2E13000

heap

page read and write

29E1000

heap

page read and write

975000

unkown

page readonly

29E1000

heap

page read and write

29E1000

heap

page read and write

2638000

stack

page read and write

3743000

direct allocation

page read and write

29E1000

heap

page read and write

3620000

direct allocation

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

E20000

unkown

page read and write

2802000

heap

page read and write

3101000

heap

page read and write

1081000

heap

page read and write

29E1000

heap

page read and write

347F000

stack

page read and write

710000

heap

page read and write

2780000

heap

page read and write

29E1000

heap

page read and write

27C3000

heap

page read and write

2E13000

heap

page read and write

29E1000

heap

page read and write

37C0000

direct allocation

page read and write

2D10000

heap

page read and write

79C2000

heap

page read and write

F00000

heap

page read and write

14D1000

unkown

page readonly

29E1000

heap

page read and write

79A0000

heap

page read and write

5FC4000

system

page read and write

29E1000

heap

page read and write

4739000

direct allocation

page execute and read and write

29E1000

heap

page read and write

137000

unkown

page readonly

29E1000

heap

page read and write

34C0000

direct allocation

page read and write

2775000

heap

page read and write

76B0000

trusted library allocation

page read and write

29E1000

heap

page read and write

E81B1FF000

stack

page read and write

C00000

unkown

page readonly

E11000

unkown

page readonly

121000

unkown

page execute read

29E1000

heap

page read and write

29E1000

heap

page read and write

2391DAAC000

heap

page read and write

3620000

direct allocation

page read and write

29E1000

heap

page read and write

2391DA90000

heap

page read and write

2391DAC2000

heap

page read and write

79B5000

heap

page read and write

3942000

direct allocation

page execute and read and write

121000

unkown

page execute read

29E1000

heap

page read and write

29E1000

heap

page read and write

38E9000

direct allocation

page read and write

29E1000

heap

page read and write

79B7000

heap

page read and write

29E1000

heap

page read and write

3400000

heap

page read and write

4952000

direct allocation

page execute and read and write

7946000

heap

page read and write

797B000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2750000

heap

page read and write

38E9000

direct allocation

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2DF0000

heap

page read and write

DB0000

unkown

page readonly

5B22000

unclassified section

page read and write

1021000

heap

page read and write

2950000

unkown

page read and write

276F000

heap

page read and write

729C000

system

page read and write

7CA0000

heap

page read and write

29E1000

heap

page read and write

2391DA00000

heap

page read and write

27D0000

heap

page read and write

38ED000

direct allocation

page read and write

29E1000

heap

page read and write

79BF000

heap

page read and write

DAF000

stack

page read and write

E38000

heap

page read and write

2391F601000

trusted library allocation

page read and write

C7A000

stack

page read and write

2E13000

heap

page read and write

29E1000

heap

page read and write

7951000

heap

page read and write

7958000

heap

page read and write

2E13000

heap

page read and write

395E000

direct allocation

page read and write

E8199FB000

stack

page read and write

4470000

trusted library allocation

page read and write

3005000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

120000

unkown

page readonly

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

6AC2000

system

page read and write

3F80000

unkown

page execute and read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

1DB2C000

system

page read and write

2950000

unkown

page read and write

2A90000

unkown

page readonly

2960000

unkown

page read and write

2E13000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2391F6C4000

trusted library allocation

page read and write

29E1000

heap

page read and write

27CD000

heap

page read and write

29E1000

heap

page read and write

352D000

heap

page read and write

29E1000

heap

page read and write

4A22000

unclassified section

page read and write

2E13000

heap

page read and write

1083000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

3000000

heap

page read and write

1080000

heap

page read and write

3743000

direct allocation

page read and write

2391F340000

trusted library allocation

page read and write

395E000

direct allocation

page read and write

112C000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

4A7C000

unclassified section

page read and write

31EF000

stack

page read and write

29E1000

heap

page read and write

796A000

heap

page read and write

988000

unkown

page readonly

34C0000

direct allocation

page read and write

794B000

heap

page read and write

29E1000

heap

page read and write

9F0000

unkown

page readonly

473D000

direct allocation

page execute and read and write

37C0000

direct allocation

page read and write

1013000

heap

page read and write

29E1000

heap

page read and write

3D0000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

27BE000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

37E000

stack

page read and write

5902000

system

page read and write

975000

unkown

page readonly

12E000

unkown

page readonly

660C000

system

page read and write

E20000

unkown

page read and write

29E1000

heap

page read and write

E30000

heap

page read and write

51B6000

unclassified section

page read and write

29E1000

heap

page read and write

17DF000

stack

page read and write

38ED000

direct allocation

page read and write

37C0000

direct allocation

page read and write

2391F400000

trusted library allocation

page read and write

6DE6000

system

page read and write

79C7000

heap

page read and write

282F000

heap

page read and write

803E000

heap

page read and write

2391D9E0000

heap

page read and write

6F78000

system

page read and write

29E1000

heap

page read and write

2391F517000

trusted library allocation

page read and write

3620000

direct allocation

page read and write

380000

heap

page read and write

29E1000

heap

page read and write

276F000

heap

page read and write

E11000

unkown

page readonly

2835000

heap

page read and write

276F000

heap

page read and write

C7A000

stack

page read and write

2E13000

heap

page read and write

29E1000

heap

page read and write

7AE0000

trusted library allocation

page read and write

276F000

heap

page read and write

E4E000

heap

page read and write

323E000

stack

page read and write

3743000

direct allocation

page read and write

29E1000

heap

page read and write

DE0000

heap

page read and write

79A9000

heap

page read and write

E30000

heap

page read and write

29E1000

heap

page read and write

7956000

heap

page read and write

26FE000

stack

page read and write

29E1000

heap

page read and write

795B000

heap

page read and write

2391F521000

trusted library allocation

page read and write

4463000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

27F9000

heap

page read and write

12E000

unkown

page readonly

F04000

heap

page read and write

2B80000

unkown

page execute and read and write

80D0000

system

page execute and read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

37C0000

direct allocation

page read and write

11DB000

heap

page read and write

E00000

unkown

page read and write

42BA000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2740000

heap

page read and write

1021000

heap

page read and write

2974000

heap

page read and write

29E1000

heap

page read and write

616A000

unclassified section

page read and write

135000

unkown

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

27B2000

heap

page read and write

276F000

heap

page read and write

2391DA9F000

heap

page read and write

2391F503000

trusted library allocation

page read and write

29E1000

heap

page read and write

566C000

unclassified section

page read and write

337E000

stack

page read and write

38D1000

direct allocation

page execute and read and write

29E1000

heap

page read and write

44ED000

stack

page read and write

27D0000

heap

page read and write

E60000

heap

page read and write

29E1000

heap

page read and write

2E02000

heap

page read and write

9F0000

unkown

page readonly

29E1000

heap

page read and write

29E1000

heap

page read and write

E38000

heap

page read and write

29E1000

heap

page read and write

2E13000

heap

page read and write

29E1000

heap

page read and write

94F000

unkown

page readonly

3600000

direct allocation

page execute and read and write

4962000

unclassified section

page read and write

2920000

heap

page read and write

DCB000

stack

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2C5C000

stack

page read and write

795F000

heap

page read and write

29E1000

heap

page read and write

DB0000

unkown

page readonly

11BE000

heap

page read and write

D7C000

stack

page read and write

2E13000

heap

page read and write

5024000

unclassified section

page read and write

3620000

direct allocation

page read and write

29E1000

heap

page read and write

359E000

heap

page read and write

3019000

heap

page read and write

29E1000

heap

page read and write

3200000

heap

page read and write

47AE000

direct allocation

page execute and read and write

29E1000

heap

page read and write

3C00000

unclassified section

page execute and read and write

29E1000

heap

page read and write

2CA000

stack

page read and write

29E1000

heap

page read and write

5390000

unkown

page execute and read and write

38ED000

direct allocation

page read and write

29E1000

heap

page read and write

2A7F000

stack

page read and write

8010000

system

page execute and read and write

5000000

unclassified section

page execute and read and write

2391DA9A000

heap

page read and write

1094000

heap

page read and write

3480000

direct allocation

page read and write

29E1000

heap

page read and write

3012000

heap

page read and write

2391F6B3000

trusted library allocation

page read and write

2E00000

heap

page read and write

29E1000

heap

page read and write

1D852000

system

page read and write

79A3000

heap

page read and write

7981000

heap

page read and write

29E1000

heap

page read and write

1140000

unkown

page readonly

80C0000

system

page execute and read and write

29E1000

heap

page read and write

2766000

heap

page read and write

29E1000

heap

page read and write

27E3000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

38E9000

direct allocation

page read and write

29E1000

heap

page read and write

2970000

heap

page read and write

29E0000

heap

page read and write

FE0000

heap

page read and write

29E1000

heap

page read and write

79CE000

heap

page read and write

80B5000

system

page execute and read and write

DF0000

heap

page read and write

829C000

unkown

page read and write

29E1000

heap

page read and write

379E000

direct allocation

page execute and read and write

63A2000

unclassified section

page execute and read and write

135000

unkown

page read and write

2E13000

heap

page read and write

273F000

stack

page read and write

37C0000

direct allocation

page read and write

29E1000

heap

page read and write

D7C000

stack

page read and write

29E1000

heap

page read and write

1063000

heap

page read and write

2391F50E000

trusted library allocation

page read and write

29E1000

heap

page read and write

11CD000

heap

page read and write

29E1000

heap

page read and write

2E13000

heap

page read and write

E80000

direct allocation

page execute and read and write

29E1000

heap

page read and write

27CD000

heap

page read and write

1186000

heap

page read and write

C00000

unkown

page readonly

1D912000

system

page read and write

79C8000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

395E000

direct allocation

page read and write

3323000

heap

page read and write

5322000

unkown

page execute and read and write

2930000

unkown

page readonly

29E1000

heap

page read and write

4600000

unclassified section

page execute and read and write

29E1000

heap

page read and write

2391F510000

trusted library allocation

page read and write

2CC0000

heap

page read and write

113F000

stack

page read and write

8133000

system

page execute and read and write

29E1000

heap

page read and write

2391D8C0000

system

page execute and read and write

1094000

heap

page read and write

29E1000

heap

page read and write

983000

unkown

page write copy

2391DA70000

heap

page read and write

2C9A000

stack

page read and write

137000

unkown

page readonly

E00000

unkown

page read and write

29E1000

heap

page read and write

2974000

heap

page read and write

27FC000

heap

page read and write

38ED000

direct allocation

page read and write

79C5000

heap

page read and write

79B6000

heap

page read and write

3529000

heap

page read and write

29E1000

heap

page read and write

2778000

heap

page read and write

E90000

direct allocation

page read and write

7C6E000

stack

page read and write

27C3000

heap

page read and write

1012000

heap

page read and write

29E1000

heap

page read and write

62E8000

system

page read and write

29E1000

heap

page read and write

110A000

heap

page read and write

3729000

direct allocation

page execute and read and write

29E1000

heap

page read and write

2E13000

heap

page read and write

2AE0000

heap

page read and write

103E000

stack

page read and write

2744000

heap

page read and write

8C0000

unkown

page readonly

11DD000

heap

page read and write

2391DA30000

heap

page read and write

395E000

direct allocation

page read and write

29E1000

heap

page read and write

C10000

unkown

page readonly

2E13000

heap

page read and write

29E1000

heap

page read and write

103E000

stack

page read and write

7A41000

heap

page read and write

280F000

heap

page read and write

29E1000

heap

page read and write

2391DABB000

heap

page read and write

3620000

direct allocation

page read and write

2764000

heap

page read and write

2970000

heap

page read and write

7943000

heap

page read and write

27BE000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2391F6BE000

trusted library allocation

page read and write

3200000

direct allocation

page read and write

8C1000

unkown

page execute read

23CB000

stack

page read and write

14D1000

unkown

page readonly

2A80000

heap

page read and write

988000

unkown

page readonly

29E1000

heap

page read and write

43DD000

heap

page read and write

DEC000

stack

page read and write

11CD000

heap

page read and write

2A90000

unkown

page readonly

7930000

heap

page read and write

1021000

heap

page read and write

2E13000

heap

page read and write

4610000

direct allocation

page execute and read and write

5BDC000

system

page read and write

1012000

heap

page read and write

2764000

heap

page read and write

38E9000

direct allocation

page read and write

27D7000

heap

page read and write

2B00000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

2744000

heap

page read and write

1003000

heap

page read and write

3A01000

heap

page read and write

333F000

stack

page read and write

292E000

stack

page read and write

2E13000

heap

page read and write

DC0000

unkown

page readonly

29E1000

heap

page read and write

6930000

system

page read and write

79BA000

heap

page read and write

C10000

unkown

page readonly

2A80000

heap

page read and write

3743000

direct allocation

page read and write

27E9000

heap

page read and write

4C3C000

unclassified section

page read and write

29E1000

heap

page read and write

29E1000

heap

page read and write

42B0000

trusted library allocation

page read and write

819C000

unkown

page read and write

2391D942000

system

page execute and read and write

94F000

unkown

page readonly

2744000

heap

page read and write

7A30000

trusted library allocation

page read and write

29E1000

heap

page read and write

34C0000

direct allocation

page read and write

2E13000

heap

page read and write

10B4000

heap

page read and write

282B000

heap

page read and write

B66000

unkown

page read and write

5990000

unclassified section

page read and write

79BE000

heap

page read and write

29E1000

heap

page read and write

3017000

heap

page read and write

11AE000

heap

page read and write

11AE000

heap

page read and write

29E1000

heap

page read and write

5FD8000

unclassified section

page read and write

101B000

heap

page read and write

5E46000

unclassified section

page read and write

798A000

heap

page read and write

27E3000

heap

page read and write

2391F50A000

trusted library allocation

page read and write

29E1000

heap

page read and write

79BA000

heap

page read and write

2758000

heap

page read and write

29E1000

heap

page read and write

DF6000

heap

page read and write

DD0000

unkown

page readonly

3017000

heap

page read and write

276F000

heap

page read and write

2391F340000

trusted library allocation

page read and write

29E1000

heap

page read and write

4470000

trusted library allocation

page read and write

38CD000

direct allocation

page execute and read and write

1D96C000

system

page read and write

4590000

heap

page read and write

There are 592 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Attendance list.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAttendance list.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Attendance list.exe