IOC Report
9pyUjy2elE.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\9pyUjy2elE.exe
"C:\Users\user\Desktop\9pyUjy2elE.exe"
malicious

URLs

Name
IP
Malicious
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
unknown
https://player.vimeo.com
unknown
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
unknown
https://steamcommunity.com/?subsection=broadcasts
unknown
https://store.steampowered.com/subscriber_agreement/
unknown
https://www.gstatic.cn/recaptcha/
unknown
aspecteirs.lat
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
unknown
http://www.valvesoftware.com/legal.htm
unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
unknown
https://www.youtube.com
unknown
https://www.google.com
unknown
https://lev-tolstoi.com/Y
unknown
sweepyribs.lat
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
unknown
sustainskelet.lat
rapeflowwj.lat
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
unknown
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
unknown
https://s.ytimg.com;
unknown
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
unknown
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
unknown
https://community.fastly.steamstatic.com/
unknown
https://steam.tv/
unknown
https://steamcommunity.com/profiles/76561199724331900
23.55.153.106
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
unknown
https://lev-tolstoi.com/pi2%
unknown
https://lev-tolstoi.com/
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://store.steampowered.com/points/shop/
unknown
https://lev-tolstoi.com/BV
unknown
energyaffai.lat
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
unknown
https://sketchfab.com
unknown
https://lv.queniujq.cn
unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/
unknown
https://www.youtube.com/
unknown
https://store.steampowered.com/privacy_agreement/
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
unknown
https://lev-tolstoi.com/api
172.67.157.254
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
unknown
https://www.google.com/recaptcha/
unknown
https://checkout.steampowered.com/
unknown
grannyejh.lat
https://store.steampowered.com/;
unknown
https://store.steampowered.com/about/
unknown
https://steamcommunity.com/my/wishlist/
unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
unknown
necklacebudi.lat
https://help.steampowered.com/en/
unknown
https://steamcommunity.com/market/
unknown
https://store.steampowered.com/news/
unknown
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
unknown
https://lev-tolstoi.com/apip
unknown
http://store.steampowered.com/subscriber_agreement/
unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
unknown
https://recaptcha.net/recaptcha/;
unknown
https://steamcommunity.com/discussions/
unknown
https://store.steampowered.com/stats/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
unknown
https://medal.tv
unknown
https://broadcast.st.dl.eccdnx.com
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
unknown
https://store.steampowered.com/steam_refunds/
unknown
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
unknown
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
unknown
crosshuaht.lat
https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
unknown
https://steamcommunity.com/workshop/
unknown
https://login.steampowered.com/
unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
unknown
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
unknown
https://steamcommunity.com/7
unknown
https://store.steampowered.com/legal/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
unknown
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
unknown
https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
unknown
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
unknown
https://recaptcha.net
unknown
https://store.steampowered.com/
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
unknown
http://127.0.0.1:27060
unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
unknown
https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
unknown
https://help.steampowered.com/
unknown
https://api.steampowered.com/
unknown
http://store.steampowered.com/account/cookiepreferences/
unknown
https://lev-tolstoi.com/apiN
unknown
https://store.steampowered.com/mobile
unknown
https://lev-tolstoi.com/r%
unknown
https://steamcommunity.com/
unknown
discokeyus.lat
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
steamcommunity.com
23.55.153.106
lev-tolstoi.com
172.67.157.254
sustainskelet.lat
unknown
crosshuaht.lat
unknown
rapeflowwj.lat
unknown
grannyejh.lat
unknown
aspecteirs.lat
unknown
sweepyribs.lat
unknown
discokeyus.lat
unknown
energyaffai.lat
unknown
necklacebudi.lat
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.157.254
lev-tolstoi.com
United States
23.55.153.106
steamcommunity.com
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
5200000
direct allocation
page read and write
malicious
15B7000
heap
page read and write
4D71000
heap
page read and write
499F000
stack
page read and write
4D60000
direct allocation
page read and write
244000
unkown
page execute and read and write
335E000
stack
page read and write
4D60000
direct allocation
page read and write
533F000
stack
page read and write
44DE000
stack
page read and write
523B000
stack
page read and write
3ADE000
stack
page read and write
4D80000
heap
page read and write
5242000
direct allocation
page read and write
233000
unkown
page execute and read and write
471F000
stack
page read and write
4D71000
heap
page read and write
15B9000
heap
page read and write
15AB000
heap
page read and write
15CF000
heap
page read and write
13F4000
heap
page read and write
577E000
stack
page read and write
161E000
heap
page read and write
5350000
direct allocation
page execute and read and write
15D3000
heap
page read and write
3090000
heap
page read and write
5C50000
heap
page read and write
573F000
stack
page read and write
4E1000
unkown
page execute and read and write
53B0000
direct allocation
page execute and read and write
15CF000
heap
page read and write
4A5000
unkown
page execute and read and write
5380000
direct allocation
page execute and read and write
15CA000
heap
page read and write
4D60000
direct allocation
page read and write
5380000
direct allocation
page execute and read and write
13F4000
heap
page read and write
5880000
remote allocation
page read and write
143E000
stack
page read and write
15B9000
heap
page read and write
4D3000
unkown
page execute and read and write
4D71000
heap
page read and write
4D71000
heap
page read and write
15A2000
heap
page read and write
4D71000
heap
page read and write
4D60000
direct allocation
page read and write
4D71000
heap
page read and write
15DD000
heap
page read and write
161E000
heap
page read and write
54BE000
stack
page read and write
3F9F000
stack
page read and write
15CA000
heap
page read and write
15DD000
heap
page read and write
3D5E000
stack
page read and write
35DE000
stack
page read and write
1594000
heap
page read and write
161C000
heap
page read and write
15ED000
heap
page read and write
1550000
heap
page read and write
4D71000
heap
page read and write
15DD000
heap
page read and write
15AB000
heap
page read and write
4E70000
trusted library allocation
page read and write
4D60000
direct allocation
page read and write
4E1000
unkown
page execute and write copy
40DF000
stack
page read and write
15DD000
heap
page read and write
5380000
direct allocation
page execute and read and write
13F4000
heap
page read and write
15CF000
heap
page read and write
5380000
direct allocation
page execute and read and write
36DF000
stack
page read and write
3C1E000
stack
page read and write
1F0000
unkown
page read and write
13F4000
heap
page read and write
160F000
heap
page read and write
4D60000
direct allocation
page read and write
161E000
heap
page read and write
425E000
stack
page read and write
4D71000
heap
page read and write
15A2000
heap
page read and write
160F000
heap
page read and write
15A2000
heap
page read and write
178E000
stack
page read and write
15D3000
heap
page read and write
4D71000
heap
page read and write
563E000
stack
page read and write
5200000
direct allocation
page read and write
3C7000
unkown
page execute and read and write
15CF000
heap
page read and write
160F000
heap
page read and write
13F4000
heap
page read and write
4D71000
heap
page read and write
155E000
heap
page read and write
15CF000
heap
page read and write
1F0000
unkown
page readonly
53CC000
trusted library allocation
page read and write
159C000
heap
page read and write
2F7E000
stack
page read and write
5380000
direct allocation
page execute and read and write
53A0000
direct allocation
page execute and read and write
4D71000
heap
page read and write
13F4000
heap
page read and write
161B000
heap
page read and write
421F000
stack
page read and write
4D71000
heap
page read and write
13F4000
heap
page read and write
371E000
stack
page read and write
242000
unkown
page write copy
3BDF000
stack
page read and write
399E000
stack
page read and write
15B7000
heap
page read and write
475E000
stack
page read and write
13F4000
heap
page read and write
1587000
heap
page read and write
4D71000
heap
page read and write
161E000
heap
page read and write
15CA000
heap
page read and write
13F4000
heap
page read and write
15CA000
heap
page read and write
15ED000
heap
page read and write
13F4000
heap
page read and write
587E000
stack
page read and write
15CA000
heap
page read and write
5880000
remote allocation
page read and write
395F000
stack
page read and write
4ADF000
stack
page read and write
161F000
heap
page read and write
5370000
direct allocation
page execute and read and write
4D60000
direct allocation
page read and write
159D000
heap
page read and write
15CF000
heap
page read and write
461E000
stack
page read and write
15CA000
heap
page read and write
162C000
heap
page read and write
153F000
stack
page read and write
435F000
stack
page read and write
679000
unkown
page execute and read and write
5390000
direct allocation
page execute and read and write
4D71000
heap
page read and write
13F4000
heap
page read and write
4D60000
direct allocation
page read and write
15CF000
heap
page read and write
345F000
stack
page read and write
15DD000
heap
page read and write
12FD000
stack
page read and write
5200000
direct allocation
page read and write
4D71000
heap
page read and write
15B7000
heap
page read and write
13F4000
heap
page read and write
5880000
remote allocation
page read and write
5380000
direct allocation
page execute and read and write
45DF000
stack
page read and write
4C1F000
stack
page read and write
30DB000
stack
page read and write
489E000
stack
page read and write
4D60000
direct allocation
page read and write
161E000
heap
page read and write
13F4000
heap
page read and write
15DD000
heap
page read and write
4D60000
direct allocation
page read and write
4E2000
unkown
page execute and write copy
13F4000
heap
page read and write
5360000
direct allocation
page execute and read and write
4D60000
direct allocation
page read and write
168E000
stack
page read and write
49DE000
stack
page read and write
242000
unkown
page write copy
13F0000
heap
page read and write
13F4000
heap
page read and write
449F000
stack
page read and write
13F4000
heap
page read and write
15D3000
heap
page read and write
FF0000
heap
page read and write
54FD000
stack
page read and write
4D60000
direct allocation
page read and write
4D71000
heap
page read and write
411E000
stack
page read and write
1599000
heap
page read and write
15AB000
heap
page read and write
5B3F000
stack
page read and write
1622000
heap
page read and write
159D000
heap
page read and write
3FDE000
stack
page read and write
381F000
stack
page read and write
3A9F000
stack
page read and write
331F000
stack
page read and write
3D1F000
stack
page read and write
3E9E000
stack
page read and write
4D60000
direct allocation
page read and write
159E000
heap
page read and write
15CA000
heap
page read and write
15ED000
heap
page read and write
359F000
stack
page read and write
15ED000
heap
page read and write
161C000
heap
page read and write
15AB000
heap
page read and write
160F000
heap
page read and write
55FD000
stack
page read and write
4D71000
heap
page read and write
321E000
stack
page read and write
155A000
heap
page read and write
4CB000
unkown
page execute and read and write
4D70000
heap
page read and write
4D71000
heap
page read and write
1F1000
unkown
page execute and read and write
439E000
stack
page read and write
F7B000
stack
page read and write
58CD000
stack
page read and write
13F4000
heap
page read and write
15A2000
heap
page read and write
4D71000
heap
page read and write
160F000
heap
page read and write
4D60000
direct allocation
page read and write
1F1000
unkown
page execute and write copy
15B7000
heap
page read and write
1621000
heap
page read and write
160F000
heap
page read and write
59CE000
stack
page read and write
307F000
stack
page read and write
3080000
heap
page read and write
4D71000
heap
page read and write
13F4000
heap
page read and write
13F4000
heap
page read and write
4C5E000
stack
page read and write
FE0000
heap
page read and write
15DD000
heap
page read and write
15D3000
heap
page read and write
13F4000
heap
page read and write
31DF000
stack
page read and write
3E5F000
stack
page read and write
67A000
unkown
page execute and write copy
15B9000
heap
page read and write
15BA000
heap
page read and write
349E000
stack
page read and write
162B000
heap
page read and write
3097000
heap
page read and write
485F000
stack
page read and write
4D5F000
stack
page read and write
538D000
stack
page read and write
51C0000
heap
page read and write
4B1E000
stack
page read and write
385E000
stack
page read and write
160F000
heap
page read and write
5A3E000
stack
page read and write
There are 235 hidden memdumps, click here to show them.