IOC Report
215.exe

loading gif

Files

File Path
Type
Category
Malicious
215.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\Desktop\QQWER.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\648508.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\6485a4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\64c0e8.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\64c146.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 88 x 30 x 24, image size 7920, cbSize 7974, bits offset 54
dropped
C:\Users\user\Desktop\ 1.bmp
PC bitmap, Windows 3.x format, 43 x 25 x 24, image size 3300, cbSize 3354, bits offset 54
dropped
C:\Users\user\Desktop\ 2.bmp
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
dropped
C:\Users\user\Desktop\ .bmp
PC bitmap, Windows 3.x format, 124 x 21 x 24, image size 7812, cbSize 7866, bits offset 54
dropped
C:\Users\user\Desktop\ 4.bmp
PC bitmap, Windows 3.x format, 132 x 32 x 24, image size 12672, cbSize 12726, bits offset 54
dropped
C:\Users\user\Desktop\ 404.bmp
PC bitmap, Windows 3.x format, 312 x 196 x 24, image size 183456, cbSize 183510, bits offset 54
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\215.exe
"C:\Users\user\Desktop\215.exe"
malicious
C:\Users\user\Desktop\215.exe
"C:\Users\user\Desktop\215.exe"
malicious

URLs

Name
IP
Malicious
http://www.eyuyan.com)DVarFileInfo$
unknown
http://ocsp.t
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt._cache_
unknown
http://.httpsset-cookie:;;
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtm
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtgrams
unknown
http://ts-ocsp.ws.s
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtn
unknown
https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt1
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt-
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt3
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtS
unknown
http://ts-ocsp.ws.symantec.
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtST
unknown
http://sf.symc
unknown
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
42.193.100.57
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtJ
unknown
https://ww(w.v
unknown
https://User-Agent:Mozilla/4.0
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
42.193.100.57
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
unknown
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtAs
unknown
There are 13 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0017.t-0009.t-msedge.net
13.107.246.45

IPs

IP
Domain
Country
Malicious
42.193.100.57
unknown
China

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

Memdumps

Base Address
Regiontype
Protect
Malicious
2793000
heap
page read and write
272E000
heap
page read and write
2700000
heap
page execute and read and write
3EBB000
stack
page read and write
929000
unkown
page readonly
38BE000
stack
page read and write
7E4000
unkown
page write copy
7B6000
unkown
page readonly
932000
unkown
page readonly
837000
unkown
page readonly
7AD000
unkown
page readonly
313A000
heap
page read and write
B2A000
heap
page read and write
39FC000
stack
page read and write
39CE000
stack
page read and write
28B3000
heap
page read and write
3AFE000
stack
page read and write
3112000
heap
page read and write
2A00000
heap
page execute and read and write
302A000
heap
page read and write
980000
heap
page read and write
401000
unkown
page execute read
B14000
heap
page read and write
3C1B000
stack
page read and write
30F1000
heap
page read and write
3049000
heap
page read and write
82C000
unkown
page read and write
2B50000
heap
page read and write
2720000
heap
page read and write
929000
unkown
page readonly
31FA000
heap
page read and write
2EA3000
heap
page execute and read and write
E70000
heap
page read and write
19C000
stack
page read and write
5810000
heap
page read and write
2ED1000
heap
page execute and read and write
3203000
heap
page read and write
313B000
heap
page read and write
2B75000
heap
page read and write
7D6000
unkown
page write copy
2B21000
heap
page read and write
2EB3000
heap
page execute and read and write
2AE4000
heap
page read and write
A05000
heap
page read and write
29B3000
heap
page read and write
2E2B000
heap
page execute and read and write
7D6000
unkown
page write copy
550000
unkown
page readonly
387E000
stack
page read and write
929000
unkown
page readonly
82F000
unkown
page readonly
6BB000
unkown
page readonly
82C000
unkown
page read and write
288E000
heap
page read and write
82F000
unkown
page readonly
2C28000
heap
page read and write
277E000
heap
page read and write
2ED5000
heap
page execute and read and write
A19000
heap
page read and write
807000
unkown
page read and write
9D2000
heap
page read and write
7D8000
unkown
page read and write
2C01000
heap
page read and write
2B68000
heap
page read and write
827000
unkown
page read and write
BA6000
heap
page read and write
2F2F000
heap
page read and write
B95000
heap
page read and write
7AD000
unkown
page readonly
807000
unkown
page read and write
B3D000
heap
page read and write
3C7E000
stack
page read and write
2760000
heap
page read and write
401000
unkown
page execute read
9D6000
heap
page read and write
7D6000
unkown
page write copy
383F000
stack
page read and write
7ED000
unkown
page read and write
28A0000
heap
page read and write
940000
heap
page read and write
1003A000
direct allocation
page execute and read and write
2BDF000
heap
page read and write
3C3E000
stack
page read and write
2910000
heap
page read and write
400000
unkown
page readonly
2ADE000
heap
page read and write
2B2A000
heap
page read and write
2A2F000
heap
page read and write
2EB0000
heap
page execute and read and write
7EC000
unkown
page write copy
2B47000
heap
page read and write
A52000
heap
page read and write
7EC000
unkown
page write copy
7B6000
unkown
page readonly
6BB000
unkown
page readonly
2A2A000
heap
page read and write
1003A000
direct allocation
page execute and read and write
7EC000
unkown
page write copy
2C8D000
heap
page execute and read and write
3046000
heap
page read and write
550000
unkown
page readonly
7E9000
unkown
page read and write
400000
unkown
page readonly
5821000
heap
page read and write
3141000
heap
page read and write
7B6000
unkown
page readonly
2BD6000
heap
page read and write
7B6000
unkown
page readonly
1030000
heap
page read and write
7DA000
unkown
page write copy
2B78000
heap
page read and write
2DBA000
heap
page execute and read and write
98A000
heap
page read and write
2A2C000
heap
page read and write
A00000
heap
page read and write
3144000
heap
page read and write
827000
unkown
page read and write
7D8000
unkown
page read and write
3201000
heap
page read and write
2B54000
heap
page read and write
B3F000
heap
page read and write
A42000
heap
page read and write
B97000
heap
page read and write
7E3000
unkown
page read and write
7E4000
unkown
page write copy
2ADF000
heap
page read and write
7AD000
unkown
page readonly
2ADF000
heap
page read and write
6BB000
unkown
page readonly
3C5E000
stack
page read and write
2B4D000
heap
page read and write
2C2E000
stack
page read and write
400000
unkown
page readonly
39BF000
stack
page read and write
3DBE000
stack
page read and write
2AC0000
heap
page read and write
3048000
heap
page read and write
2C07000
heap
page read and write
1010000
heap
page read and write
B1B000
heap
page read and write
10000000
direct allocation
page execute and read and write
19C000
stack
page read and write
AB8000
heap
page read and write
7EC000
unkown
page write copy
2BFA000
heap
page read and write
2BD1000
heap
page execute and read and write
B6D000
heap
page read and write
550000
unkown
page readonly
B05000
heap
page read and write
7D6000
unkown
page write copy
3204000
heap
page read and write
563E000
stack
page read and write
2724000
heap
page read and write
29AA000
heap
page read and write
932000
unkown
page readonly
990000
heap
page read and write
320D000
heap
page read and write
97000
stack
page read and write
82F000
unkown
page readonly
3B3E000
stack
page read and write
29EE000
stack
page read and write
B5E000
heap
page read and write
2C2B000
heap
page read and write
26B0000
heap
page read and write
2F9A000
heap
page execute and read and write
387F000
stack
page read and write
9B8000
heap
page read and write
2DB6000
heap
page execute and read and write
B64000
heap
page read and write
6BB000
unkown
page readonly
970000
heap
page read and write
3138000
heap
page read and write
2D6F000
heap
page execute and read and write
401000
unkown
page execute read
2885000
heap
page read and write
7F9000
unkown
page read and write
278E000
heap
page read and write
940000
heap
page read and write
3108000
heap
page read and write
837000
unkown
page readonly
B6A000
heap
page read and write
28B8000
heap
page read and write
2F6C000
heap
page execute and read and write
97000
stack
page read and write
10000000
direct allocation
page execute and read and write
EA6000
heap
page read and write
1036000
heap
page read and write
7E9000
unkown
page read and write
932000
unkown
page readonly
837000
unkown
page readonly
A41000
heap
page read and write
950000
heap
page read and write
3D5F000
stack
page read and write
2F79000
heap
page execute and read and write
B97000
heap
page read and write
373F000
stack
page read and write
310F000
heap
page read and write
2914000
heap
page read and write
397F000
stack
page read and write
932000
unkown
page readonly
30E8000
heap
page read and write
3B1E000
stack
page read and write
2C0A000
heap
page read and write
2E2B000
heap
page execute and read and write
2C03000
heap
page read and write
B00000
heap
page read and write
929000
unkown
page readonly
7E3000
unkown
page read and write
2E4C000
heap
page execute and read and write
7ED000
unkown
page read and write
3021000
heap
page read and write
363F000
stack
page read and write
2B7E000
stack
page read and write
5820000
heap
page read and write
98E000
heap
page read and write
A03000
heap
page read and write
2C1B000
heap
page read and write
B5E000
heap
page read and write
2B57000
heap
page read and write
400000
unkown
page readonly
3ACD000
stack
page read and write
A17000
heap
page read and write
7AD000
unkown
page readonly
AD9000
heap
page read and write
2CFE000
heap
page execute and read and write
29C0000
heap
page read and write
A4F000
heap
page read and write
2C6E000
stack
page read and write
AB0000
heap
page read and write
2FF6000
heap
page read and write
28A4000
heap
page read and write
401000
unkown
page execute read
2F7C000
heap
page execute and read and write
289E000
stack
page read and write
837000
unkown
page readonly
550000
unkown
page readonly
2D83000
heap
page execute and read and write
7F9000
unkown
page read and write
553C000
stack
page read and write
EA0000
heap
page read and write
2EF4000
heap
page execute and read and write
AF0000
heap
page read and write
ADA000
heap
page read and write
2A10000
heap
page read and write
2774000
heap
page read and write
2A2A000
heap
page read and write
2F9E000
heap
page execute and read and write
9F0000
heap
page read and write
2CFA000
heap
page execute and read and write
377F000
stack
page read and write
7DA000
unkown
page write copy
2770000
heap
page read and write
82F000
unkown
page readonly
5810000
heap
page read and write
3D7D000
stack
page read and write
3380000
heap
page read and write
B5B000
heap
page read and write
There are 247 hidden memdumps, click here to show them.