IOC Report
213.exe

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps642010010Label

Files

File Path
Type
Category
Malicious
Download
213.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\6191a9.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\619216.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\61d161.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\61d1bf.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\Desktop\QQWER.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 88 x 30 x 24, image size 7920, cbSize 7974, bits offset 54
dropped
C:\Users\user\Desktop\ 1.bmp
PC bitmap, Windows 3.x format, 43 x 25 x 24, image size 3300, cbSize 3354, bits offset 54
dropped
C:\Users\user\Desktop\ 2.bmp
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 124 x 21 x 24, image size 7812, cbSize 7866, bits offset 54
dropped
C:\Users\user\Desktop\ 4.bmp
PC bitmap, Windows 3.x format, 132 x 32 x 24, image size 12672, cbSize 12726, bits offset 54
dropped
C:\Users\user\Desktop\ 404.bmp
PC bitmap, Windows 3.x format, 312 x 196 x 24, image size 183456, cbSize 183510, bits offset 54
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\213.exe
"C:\Users\user\Desktop\213.exe"
malicious
C:\Users\user\Desktop\213.exe
"C:\Users\user\Desktop\213.exe"
malicious

URLs

Name
IP
Malicious
http://www.eyuyan.com)DVarFileInfo$
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt(
unknown
http://ocsp.t
unknown
http://42.193.100.57/
unknown
http://.httpsset-cookie:;;
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt2
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtl
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9Or&8
unknown
http://ts-ocsp.ws.s
unknown
https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt3
unknown
http://ts-ocsp.ws.symantec.
unknown
http://sf.symc
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
42.193.100.57
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtD:
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtH
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtW
unknown
https://ww(w.v
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
42.193.100.57
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
unknown
There are 10 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0017.t-0009.t-msedge.net
13.107.246.45

IPs

IP
Domain
Country
Malicious
42.193.100.57
unknown
China

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
837000
unkown
page readonly
7EC000
unkown
page write copy
7B6000
unkown
page readonly
3024000
heap
page execute and read and write
562C000
stack
page read and write
319D000
heap
page read and write
2C8D000
heap
page read and write
F30000
heap
page read and write
307F000
heap
page read and write
2EF2000
heap
page execute and read and write
929000
unkown
page readonly
6BB000
unkown
page readonly
10000000
direct allocation
page execute and read and write
1E5000
heap
page read and write
BC5000
heap
page read and write
F0E000
heap
page read and write
2BAD000
heap
page read and write
A92000
heap
page read and write
400000
unkown
page readonly
E90000
heap
page read and write
401000
unkown
page execute read
A9A000
heap
page read and write
2B80000
heap
page read and write
289B000
heap
page read and write
9AE000
heap
page read and write
837000
unkown
page readonly
7B6000
unkown
page readonly
2EFF000
heap
page execute and read and write
A97000
heap
page read and write
2E6F000
heap
page execute and read and write
7EC000
unkown
page write copy
7AD000
unkown
page readonly
3B0E000
stack
page read and write
A7C000
heap
page read and write
550000
unkown
page readonly
932000
unkown
page readonly
3194000
heap
page read and write
31A2000
heap
page read and write
3197000
heap
page read and write
7AD000
unkown
page readonly
30AF000
heap
page read and write
2BEE000
stack
page read and write
A92000
heap
page read and write
7ED000
unkown
page read and write
7D8000
unkown
page read and write
B49000
heap
page read and write
401000
unkown
page execute read
A4F000
heap
page read and write
AC0000
heap
page read and write
9D0000
heap
page read and write
30A2000
heap
page read and write
10000
heap
page read and write
29E2000
heap
page read and write
2BAE000
stack
page read and write
3E98000
heap
page read and write
381F000
stack
page read and write
82F000
unkown
page readonly
A45000
heap
page read and write
2D1E000
stack
page read and write
19C000
stack
page read and write
550000
unkown
page readonly
29D9000
heap
page read and write
7E4000
unkown
page write copy
A7C000
heap
page read and write
3E5B000
stack
page read and write
7E3000
unkown
page read and write
7AD000
unkown
page readonly
2CE1000
heap
page read and write
7E3000
unkown
page read and write
7D6000
unkown
page write copy
2CB6000
heap
page read and write
1E0000
heap
page read and write
82F000
unkown
page readonly
F80000
heap
page read and write
BA5000
heap
page read and write
29EE000
stack
page read and write
318D000
heap
page read and write
837000
unkown
page readonly
BA5000
heap
page read and write
929000
unkown
page readonly
2F24000
heap
page execute and read and write
2B9B000
heap
page read and write
827000
unkown
page read and write
2A67000
heap
page read and write
E40000
heap
page read and write
9F5000
heap
page read and write
6BB000
unkown
page readonly
2D22000
heap
page read and write
F00000
heap
page read and write
E60000
heap
page read and write
2A50000
heap
page execute and read and write
2AF3000
heap
page read and write
2880000
heap
page read and write
10000000
direct allocation
page execute and read and write
1003A000
direct allocation
page execute and read and write
7E9000
unkown
page read and write
1003A000
direct allocation
page execute and read and write
A75000
heap
page read and write
3196000
heap
page read and write
F37000
heap
page read and write
3194000
heap
page read and write
827000
unkown
page read and write
400000
unkown
page readonly
27D0000
heap
page read and write
7D6000
unkown
page write copy
BBC000
heap
page read and write
3021000
heap
page execute and read and write
BC8000
heap
page read and write
31A1000
heap
page read and write
97000
stack
page read and write
7F9000
unkown
page read and write
30A5000
heap
page read and write
7D8000
unkown
page read and write
2BB4000
heap
page read and write
10000
heap
page read and write
B00000
heap
page read and write
9AA000
heap
page read and write
EE0000
heap
page execute and read and write
2CBC000
heap
page read and write
2B8F000
heap
page read and write
9F7000
heap
page read and write
2E6B000
heap
page execute and read and write
3042000
heap
page execute and read and write
7E4000
unkown
page write copy
39CF000
stack
page read and write
29F8000
heap
page read and write
A6F000
heap
page read and write
550000
unkown
page readonly
9F2000
heap
page read and write
B08000
heap
page read and write
3C0E000
stack
page read and write
3E93000
heap
page read and write
82C000
unkown
page read and write
7DA000
unkown
page write copy
BAC000
heap
page read and write
807000
unkown
page read and write
82F000
unkown
page readonly
572E000
stack
page read and write
932000
unkown
page readonly
3ACB000
stack
page read and write
7B6000
unkown
page readonly
385E000
stack
page read and write
2F84000
heap
page read and write
9ED000
heap
page read and write
6BB000
unkown
page readonly
7AD000
unkown
page readonly
36CF000
stack
page read and write
7E9000
unkown
page read and write
38CF000
stack
page read and write
3EA3000
heap
page read and write
2DD1000
heap
page execute and read and write
929000
unkown
page readonly
B44000
heap
page read and write
9A0000
heap
page read and write
2A67000
heap
page read and write
2F20000
heap
page execute and read and write
3046000
heap
page execute and read and write
BB9000
heap
page read and write
2BA4000
heap
page read and write
2CD1000
heap
page read and write
2E7A000
heap
page execute and read and write
7EC000
unkown
page write copy
82F000
unkown
page readonly
F05000
heap
page read and write
3E91000
heap
page read and write
807000
unkown
page read and write
2BB1000
heap
page read and write
28D5000
heap
page read and write
BB5000
heap
page read and write
3C1E000
stack
page read and write
2D4B000
heap
page execute and read and write
BBC000
heap
page read and write
B96000
heap
page read and write
7DA000
unkown
page write copy
B96000
heap
page read and write
9D5000
heap
page read and write
A80000
heap
page read and write
932000
unkown
page readonly
929000
unkown
page readonly
3D1E000
stack
page read and write
401000
unkown
page execute read
BB9000
heap
page read and write
19C000
stack
page read and write
285E000
stack
page read and write
3ADE000
stack
page read and write
2F02000
heap
page execute and read and write
53CC000
stack
page read and write
7EC000
unkown
page write copy
550000
unkown
page readonly
2A68000
heap
page read and write
2D42000
heap
page execute and read and write
F86000
heap
page read and write
2AEA000
heap
page read and write
1F0000
heap
page read and write
2B8B000
heap
page read and write
2C96000
heap
page read and write
2896000
heap
page read and write
2BF5000
heap
page read and write
2B62000
heap
page read and write
371E000
stack
page read and write
A5B000
heap
page read and write
2996000
heap
page read and write
EB0000
heap
page read and write
28E7000
heap
page read and write
6BB000
unkown
page readonly
7F9000
unkown
page read and write
31AA000
heap
page read and write
2C1E000
heap
page execute and read and write
2CDA000
heap
page read and write
2EF3000
heap
page execute and read and write
3076000
heap
page read and write
400000
unkown
page readonly
36DF000
stack
page read and write
2A62000
heap
page read and write
3D5E000
stack
page read and write
298D000
heap
page read and write
28E2000
heap
page read and write
A23000
heap
page read and write
3E95000
heap
page read and write
A77000
heap
page read and write
2B94000
heap
page read and write
309B000
heap
page read and write
1E0000
heap
page read and write
3BDE000
stack
page read and write
BC5000
heap
page read and write
37CF000
stack
page read and write
3014000
heap
page execute and read and write
33D0000
heap
page read and write
7D6000
unkown
page write copy
837000
unkown
page readonly
3199000
heap
page read and write
A3A000
heap
page read and write
B90000
heap
page read and write
7D6000
unkown
page write copy
2B59000
heap
page read and write
2F9C000
heap
page execute and read and write
30A2000
heap
page read and write
56A0000
heap
page read and write
30A7000
heap
page read and write
97000
stack
page read and write
2884000
heap
page read and write
2B92000
heap
page read and write
54CE000
stack
page read and write
A80000
heap
page read and write
2CBF000
heap
page read and write
BBD000
heap
page read and write
395F000
stack
page read and write
3E90000
heap
page read and write
2CDE000
heap
page read and write
932000
unkown
page readonly
7ED000
unkown
page read and write
990000
heap
page read and write
28D0000
heap
page read and write
82C000
unkown
page read and write
9C0000
heap
page read and write
A15000
heap
page read and write
EF0000
heap
page read and write
B7D000
heap
page read and write
5900000
heap
page read and write
2A2E000
stack
page read and write
2D47000
heap
page execute and read and write
28DE000
heap
page read and write
E64000
heap
page read and write
29F3000
heap
page read and write
2B93000
heap
page read and write
401000
unkown
page execute read
7B6000
unkown
page readonly
400000
unkown
page readonly
There are 258 hidden memdumps, click here to show them.