Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

sYYK13hD0c.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sYYK13hD0c.exe_7a2ec986d66113e2d067862bc11f1d2f657f71fb_2a559816_b7688d3a-fb5d-4acb-a632-a4d0d297bdf3\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\DGHJEHJJ

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\FIEGCBKEGCFCBFIDBFII

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\GIEBGIIJDGHCBGCBFIEGDHDHCF

SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11

dropped

C:\ProgramData\HIIEBAFC

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\HJJEHJJKJEGHJJKEBFBG

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\HTAGVDFUIE.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\JKKECBGIIIEBGCBGIDHDGCAKJE

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\KEBKJDBAAKJDGCBFHCFC

ASCII text, with very long lines (1809), with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB19E.tmp.dmp

Mini DuMP crash report, 14 streams, Wed Oct 30 01:00:16 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB345.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB365.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\SQSJKEBWDT.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\UMMBDNEQBN.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\UMMBDNEQBN.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\VLZDGUKUTZ.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\WKXEWIOTXI.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\WKXEWIOTXI.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\YPSIACHYXW.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

data

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

data

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

There are 26 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\sYYK13hD0c.exe

"C:\Users\user\Desktop\sYYK13hD0c.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1344
Target ID:	0
Parent PID:	2580
Name:	sYYK13hD0c.exe
Path:	C:\Users\user\Desktop\sYYK13hD0c.exe
Commandline:	"C:\Users\user\Desktop\sYYK13hD0c.exe"
Size:	351744
MD5:	0D8527D14F11598A794EE2F28CC19CBE
Time:	20:59:55
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	41263104
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Detected unpacking (overwrites its own PE header)	Compliance, Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information	Data from Local System
Machine Learning detection for sample	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 2256

Details

Is windows:	true
Is dropped:	false
PID:	2000
Target ID:	4
Parent PID:	1344
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 2256
Size:	483680
MD5:	C31336C1EFC2CCB44B4326EA793040F2
Time:	21:00:15
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xac0000
Modulesize:	499712
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://62.122.184.144/f88d87a7e087e100.php

62.122.184.144

http://62.122.184.144/00122117a2c73c51/mozglue.dll

62.122.184.144

http://62.122.184.144/

62.122.184.144

http://62.122.184.144/00122117a2c73c51/freebl3.dll

62.122.184.144

http://62.122.184.144/00122117a2c73c51/vcruntime140.dll

62.122.184.144

http://62.122.184.144/00122117a2c73c51/softokn3.dll

62.122.184.144

http://62.122.184.144

unknown

http://62.122.184.144/00122117a2c73c51/sqlite3.dll

62.122.184.144

http://62.122.184.144/00122117a2c73c51/nss3.dll

62.122.184.144

http://62.122.184.144/00122117a2c73c51/msvcp140.dll

62.122.184.144

https://duckduckgo.com/chrome_newtab

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF

unknown

http://62.122.184.144/f88d87a7e087e100.phpndows

unknown

https://duckduckgo.com/ac/?q=

unknown

https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.

unknown

http://62.122.184.144/00122117a2c73c51/freebl3.dllKr

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://62.122.184.144lsx4bfbdf8a9266f00b3ca621a90e59d9a653b6197ba7db7e

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17

unknown

http://62.122.184.144BFII

unknown

http://62.122.184.144AEBA

unknown

http://62.122.184.144/00122117a2c73c51/vcruntime140.dlld

unknown

http://62.122.184.144/f88d87a7e087e100.phpI

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi

unknown

http://62.122.184.144/f88d87a7e087e100.phpca621a90e59d9a653b6197ba7db7e

unknown

http://62.122.184.1443ca74bfbdf8a9266f00b3ca621a90e59d9a653b6197ba7db7e

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://62.122.184.144/00122117a2c73c51/sqlite3.dllss

unknown

http://62.122.184.144/f88d87a7e087e100.phpre

unknown

http://62.122.184.144/f88d87a7e087e100.php1

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94

unknown

http://62.122.184.144/f88d87a7e087e100.phpca621a90e59d9a653b6197ba7db7eelease

unknown

http://www.sqlite.org/copyright.html.

unknown

https://cdn.epnacl

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

http://62.122.184.144/00122117a2c73c51/freebl3.dllarQ

unknown

https://mozilla.org0/

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY

unknown

https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://62.122.184.144/f88d87a7e087e100.php%

unknown

http://62.122.184.144/f88d87a7e087e100.phption:

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV

unknown

http://62.122.184.144/00122117a2c73c51/softokn3.dll-se

unknown

http://62.122.184.144lsxxlsxtent-Disposition:

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta

unknown

http://62.122.184.144/00122117a2c73c51/nss3.dll4

unknown

http://upx.sf.net

unknown

http://62.122.184.144/f88d87a7e087e100.phpCy

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm

unknown

https://www.ecosia.org/newtab/

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

http://62.122.184.1446L

unknown

https://cdn.ep

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17osoft

unknown

http://62.122.184.144/f88d87a7e087e100.phpus.wallet

unknown

https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg

unknown

http://62.122.184.144/00122117a2c73c51/nss3.dll~

unknown

http://62.122.184.144f88d87a7e087e100.phpe=

unknown

http://62.122.184.144/f88d87a7e087e100.phpser

unknown

http://62.122.184.144/00122117a2c73c51/softokn3.dllYr

unknown

https://support.mozilla.org

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://62.122.184.144/00122117a2c73c51/freebl3.dll7r

unknown

http://62.122.184.144/f88d87a7e087e100.phpts

unknown

There are 59 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

62.122.184.144

unknown

Details

IP:	62.122.184.144
TargetID:	0
Current Path:	C:\Users\user\Desktop\sYYK13hD0c.exe
ASN number:	49120
ASN name:	GORSET-ASRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

ProgramId

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

FileId

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

LowerCaseLongPath

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

LongPathHash

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

Name

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

OriginalFileName

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

Publisher

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

Version

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

BinFileVersion

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

BinaryType

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

ProductName

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

ProductVersion

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

LinkDate

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

BinProductVersion

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

AppxPackageFullName

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

AppxPackageRelativeId

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

Size

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

Language

\REGISTRY\A\{0a123242-b691-086c-a80f-618c609c6e3a}\Root\InventoryApplicationFile\syyk13hd0c.exe|9945c82cb03d77f4

Usn

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount

There are 11 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2BB3000

heap

page read and write

4830000

direct allocation

page read and write

4790000

direct allocation

page execute and read and write

400000

unkown

page execute and read and write

295B7000

heap

page read and write

43F000

unkown

page write copy

4840000

heap

page read and write

292F0000

heap

page read and write

2B7A000

heap

page read and write

23255000

heap

page read and write

61EB7000

direct allocation

page readonly

61ECD000

direct allocation

page readonly

23257000

heap

page read and write

1D1B0000

heap

page read and write

23232000

heap

page read and write

2B89000

heap

page execute and read and write

2324C000

heap

page read and write

29332000

heap

page read and write

1CEAD000

stack

page read and write

29310000

heap

page read and write

23255000

heap

page read and write

6C752000

unkown

page readonly

23266000

heap

page read and write

2324A000

heap

page read and write

23273000

heap

page read and write

23254000

heap

page read and write

2324C000

heap

page read and write

23273000

heap

page read and write

5A5000

unkown

page execute and read and write

23247000

heap

page read and write

65C000

unkown

page execute and read and write

4BD000

unkown

page execute and read and write

23257000

heap

page read and write

23266000

heap

page read and write

61E00000

direct allocation

page execute and read and write

2DAE000

stack

page read and write

2BE9000

heap

page read and write

2B60000

heap

page read and write

23255000

heap

page read and write

6C945000

unkown

page readonly

23273000

heap

page read and write

401000

unkown

page execute read

61ED0000

direct allocation

page read and write

23273000

heap

page read and write

23279000

heap

page read and write

23255000

heap

page read and write

23255000

heap

page read and write

23255000

heap

page read and write

2323B000

heap

page read and write

4B1000

unkown

page execute and read and write

23255000

heap

page read and write

6C93F000

unkown

page write copy

23257000

heap

page read and write

468E000

stack

page read and write

6C761000

unkown

page execute read

4820000

heap

page read and write

23252000

heap

page read and write

2EAF000

stack

page read and write

23273000

heap

page read and write

61EB4000

direct allocation

page read and write

1F0000

heap

page read and write

2324A000

heap

page read and write

2324F000

heap

page read and write

4EF000

unkown

page execute and read and write

23247000

heap

page read and write

1CC5F000

stack

page read and write

295BF000

heap

page read and write

295A7000

heap

page read and write

23273000

heap

page read and write

442000

unkown

page write copy

2323E000

heap

page read and write

6C760000

unkown

page readonly

51B000

unkown

page execute and read and write

61ECC000

direct allocation

page read and write

23247000

heap

page read and write

485000

unkown

page execute and read and write

29372000

heap

page read and write

23257000

heap

page read and write

2326B000

heap

page read and write

23255000

heap

page read and write

2323B000

heap

page read and write

61E01000

direct allocation

page execute read

23257000

heap

page read and write

48F000

unkown

page execute and read and write

23253000

heap

page read and write

5C5000

unkown

page execute and read and write

1CEEE000

stack

page read and write

23255000

heap

page read and write

295AF000

heap

page read and write

2327A000

heap

page read and write

23257000

heap

page read and write

6C8FF000

unkown

page readonly

4E2000

unkown

page execute and read and write

489E000

stack

page read and write

2324F000

heap

page read and write

2950F000

stack

page read and write

195000

stack

page read and write

6C73D000

unkown

page readonly

23230000

heap

page read and write

23254000

heap

page read and write

2327F000

heap

page read and write

23255000

heap

page read and write

61ED4000

direct allocation

page readonly

2324A000

heap

page read and write

64A000

unkown

page execute and read and write

23252000

heap

page read and write

23274000

heap

page read and write

23251000

heap

page read and write

23257000

heap

page read and write

50F000

unkown

page execute and read and write

2325A000

heap

page read and write

1CA5F000

stack

page read and write

23257000

heap

page read and write

2C80000

heap

page read and write

2324A000

heap

page read and write

1D2C5000

heap

page read and write

2C90000

heap

page read and write

23257000

heap

page read and write

23253000

heap

page read and write

23266000

heap

page read and write

23257000

heap

page read and write

61ED3000

direct allocation

page read and write

23255000

heap

page read and write

9C000

stack

page read and write

478F000

stack

page read and write

6C6C1000

unkown

page execute read

23258000

heap

page read and write

4980000

heap

page read and write

6C940000

unkown

page read and write

23257000

heap

page read and write

23279000

heap

page read and write

23333000

heap

page read and write

6C93E000

unkown

page read and write

23257000

heap

page read and write

2C95000

heap

page read and write

2323B000

heap

page read and write

6C74E000

unkown

page read and write

2324A000

heap

page read and write

23266000

heap

page read and write

1D04E000

stack

page read and write

23257000

heap

page read and write

1D14E000

stack

page read and write

2940E000

stack

page read and write

23257000

heap

page read and write

2B7E000

heap

page read and write

23257000

heap

page read and write

23253000

heap

page read and write

23257000

heap

page read and write

2B48000

unkown

page readonly

23257000

heap

page read and write

40F000

unkown

page execute read

2326B000

heap

page read and write

23257000

heap

page read and write

400000

unkown

page readonly

2C08000

heap

page read and write

23255000

heap

page read and write

2324A000

heap

page read and write

1D1C1000

heap

page read and write

2324A000

heap

page read and write

23255000

heap

page read and write

2323B000

heap

page read and write

48DE000

stack

page read and write

492000

unkown

page execute and read and write

23255000

heap

page read and write

2327A000

heap

page read and write

2324A000

heap

page read and write

1CFEE000

stack

page read and write

292A0000

heap

page read and write

23257000

heap

page read and write

2324F000

heap

page read and write

2326B000

heap

page read and write

23252000

heap

page read and write

23266000

heap

page read and write

1CD5F000

stack

page read and write

23257000

heap

page read and write

23273000

heap

page read and write

2C97000

heap

page read and write

292D0000

heap

page read and write

292B0000

heap

page read and write

2324E000

heap

page read and write

2324E000

heap

page read and write

23255000

heap

page read and write

23255000

heap

page read and write

23257000

heap

page read and write

6C6C0000

unkown

page readonly

23249000

heap

page read and write

29352000

heap

page read and write

23255000

heap

page read and write

1D2C0000

trusted library allocation

page read and write

2323B000

heap

page read and write

23257000

heap

page read and write

1D1C0000

heap

page read and write

23257000

heap

page read and write

23271000

heap

page read and write

5CB000

unkown

page execute and read and write

497E000

stack

page read and write

1CDAE000

stack

page read and write

2C8C000

heap

page read and write

295B5000

heap

page read and write

23255000

heap

page read and write

23273000

heap

page read and write

23257000

heap

page read and write

23252000

heap

page read and write

45A000

unkown

page execute and read and write

488000

unkown

page execute and read and write

23258000

heap

page read and write

23251000

heap

page read and write

43C000

unkown

page readonly

2B48000

unkown

page readonly

2B70000

heap

page read and write

2324F000

heap

page read and write

23266000

heap

page read and write

23273000

heap

page read and write

1CB5F000

stack

page read and write

491E000

stack

page read and write

2C83000

heap

page read and write

23257000

heap

page read and write

23257000

heap

page read and write

There are 208 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sYYK13hD0c.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportsYYK13hD0c.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
sYYK13hD0c.exe