IOC Report
7jgFDJY46m.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\7jgFDJY46m.exe
"C:\Users\user\Desktop\7jgFDJY46m.exe"
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /delete /tn CleanSweepCheck /f
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn CleanSweepCheck /tr C:\Users\user\Desktop\7jgFDJY46m.exe
 malicious
C:\Windows\SysWOW64\reg.exe
reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
 malicious
C:\Users\user\Desktop\7jgFDJY46m.exe
C:\Users\user\Desktop\7jgFDJY46m.exe
 malicious
C:\Users\user\Desktop\7jgFDJY46m.exe
C:\Users\user\Desktop\7jgFDJY46m.exe
 malicious
C:\Users\user\Desktop\7jgFDJY46m.exe
C:\Users\user\Desktop\7jgFDJY46m.exe
 malicious
C:\Users\user\Desktop\7jgFDJY46m.exe
C:\Users\user\Desktop\7jgFDJY46m.exe
 malicious
C:\Users\user\Desktop\7jgFDJY46m.exe
C:\Users\user\Desktop\7jgFDJY46m.exe
 malicious
C:\Windows\SysWOW64\attrib.exe
attrib +h "C:\Users\user\Desktop\7jgFDJY46m.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd /c reg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://go.microsoft.
unknown
http://go.microsoft.LinkId=42127
unknown
https://pastebin.com/raw/???
unknown

Domains

Name
IP
Malicious
area-paid.gl.at.ply.gg
147.185.221.23
 malicious

IPs

IP
Domain
Country
Malicious
147.185.221.23
area-paid.gl.at.ply.gg
United States
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER
di
 malicious
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
 malicious
HKEY_CURRENT_USER\SOFTWARE\59211d537036a82f5e7ec159326cddf1
[kl]

Memdumps

Base Address
Regiontype
Protect
Malicious
EC2000
unkown
page readonly
 malicious
17EA000
trusted library allocation
page execute and read and write
590E000
stack
page read and write
FE0000
heap
page read and write
184E000
stack
page read and write
17DA000
trusted library allocation
page execute and read and write
2988000
heap
page read and write
17E7000
trusted library allocation
page execute and read and write
57C3000
heap
page read and write
3245000
heap
page read and write
56A0000
trusted library allocation
page read and write
602A000
stack
page read and write
12F6000
stack
page read and write
285F000
stack
page read and write
23BD000
stack
page read and write
322C000
heap
page read and write
15CA000
heap
page read and write
2A5A000
heap
page read and write
16AF000
heap
page read and write
31DF000
stack
page read and write
34A000
stack
page read and write
2E5D000
stack
page read and write
3242000
heap
page read and write
30D000
stack
page read and write
165D000
heap
page read and write
17FA000
trusted library allocation
page execute and read and write
57A0000
trusted library allocation
page execute and read and write
5680000
trusted library allocation
page read and write
6318000
heap
page read and write
17D0000
trusted library allocation
page read and write
1440000
heap
page read and write
341F000
unkown
page read and write
555C000
stack
page read and write
17D2000
trusted library allocation
page execute and read and write
5C0000
heap
page read and write
30CE000
unkown
page read and write
3578000
trusted library allocation
page read and write
15FE000
heap
page read and write
58B0000
unclassified section
page read and write
3580000
heap
page read and write
1802000
trusted library allocation
page read and write
3735000
trusted library allocation
page read and write
EC0000
unkown
page readonly
25F0000
heap
page read and write
62FD000
heap
page read and write
580C000
stack
page read and write
1661000
heap
page read and write
57C0000
heap
page read and write
1800000
trusted library allocation
page read and write
27BF000
stack
page read and write
2810000
heap
page read and write
150000
heap
page read and write
55C000
stack
page read and write
15B3000
trusted library allocation
page read and write
15C0000
heap
page read and write
256F000
unkown
page read and write
2970000
heap
page read and write
1460000
heap
page read and write
F6A000
stack
page read and write
3130000
heap
page read and write
17C2000
trusted library allocation
page execute and read and write
3220000
heap
page read and write
5D0000
heap
page read and write
169C000
heap
page read and write
17E0000
trusted library allocation
page read and write
5A0F000
stack
page read and write
28EE000
stack
page read and write
5E00000
heap
page read and write
283F000
stack
page read and write
25AE000
stack
page read and write
351F000
stack
page read and write
1920000
heap
page read and write
5849000
stack
page read and write
25F7000
heap
page read and write
1807000
trusted library allocation
page execute and read and write
3243000
heap
page read and write
2F5D000
stack
page read and write
16B6000
heap
page read and write
277E000
stack
page read and write
180000
heap
page read and write
5690000
trusted library allocation
page execute and read and write
1888000
trusted library allocation
page read and write
400000
heap
page read and write
27C0000
heap
page read and write
1420000
heap
page execute and read and write
2980000
heap
page read and write
574C000
stack
page read and write
5C90000
trusted library allocation
page execute and read and write
180B000
trusted library allocation
page execute and read and write
62D0000
trusted library allocation
page execute and read and write
5EE0000
heap
page read and write
1860000
heap
page read and write
1CE000
unkown
page read and write
16A8000
heap
page read and write
7F5D0000
trusted library allocation
page execute and read and write
15CE000
heap
page read and write
616E000
stack
page read and write
2A50000
heap
page read and write
9D000
stack
page read and write
51D000
stack
page read and write
83E000
unkown
page read and write
5F2B000
stack
page read and write
140000
heap
page read and write
2A57000
heap
page read and write
4521000
trusted library allocation
page read and write
311E000
stack
page read and write
62F0000
heap
page read and write
565E000
stack
page read and write
17CA000
trusted library allocation
page execute and read and write
1926000
heap
page read and write
6325000
heap
page read and write
16BE000
heap
page read and write
DC000
stack
page read and write
23FD000
stack
page read and write
28B0000
heap
page read and write
280E000
stack
page read and write
1550000
heap
page read and write
15B0000
trusted library allocation
page read and write
3B0000
heap
page read and write
578A000
stack
page read and write
1AC0000
heap
page read and write
290A000
heap
page read and write
FD0000
heap
page read and write
28D0000
heap
page read and write
2900000
heap
page read and write
2CC0000
heap
page read and write
25EF000
stack
page read and write
2540000
heap
page read and write
2660000
heap
page read and write
258F000
unkown
page read and write
30D0000
heap
page read and write
3521000
trusted library allocation
page read and write
292F000
stack
page read and write
2890000
heap
page read and write
606E000
stack
page read and write
17F2000
trusted library allocation
page execute and read and write
5E10000
heap
page read and write
1445000
heap
page read and write
3FE000
unkown
page read and write
2FB0000
heap
page read and write
25CE000
stack
page read and write
1450000
heap
page read and write
5790000
trusted library allocation
page read and write
87F000
unkown
page read and write
There are 134 hidden memdumps, click here to show them.