IOC Report
xxLuwS60RS.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\xxLuwS60RS.exe
"C:\Users\user\Desktop\xxLuwS60RS.exe"
malicious

URLs

Name
IP
Malicious
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
unknown
https://player.vimeo.com
unknown
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
unknown
https://steamcommunity.com/?subsection=broadcasts
unknown
https://store.steampowered.com/subscriber_agreement/
unknown
https://www.gstatic.cn/recaptcha/
unknown
https://lev-tolstoi.com/apiHv
unknown
aspecteirs.lat
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
unknown
http://www.valvesoftware.com/legal.htm
unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
unknown
https://www.youtube.com
unknown
https://www.google.com
unknown
https://cdn.fastly.steamstatic.com/steamcommunit
unknown
sweepyribs.lat
http://www.microsoft.cM
unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
unknown
https://lev-tolstoi.com/R
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
unknown
sustainskelet.lat
rapeflowwj.lat
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
unknown
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
unknown
https://s.ytimg.com;
unknown
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
unknown
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
unknown
https://community.fastly.steamstatic.com/
unknown
https://steam.tv/
unknown
https://steamcommunity.com/profiles/76561199724331900
23.55.153.106
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
unknown
https://lev-tolstoi.com/
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://store.steampowered.com/points/shop/
unknown
energyaffai.lat
https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
unknown
https://sketchfab.com
unknown
https://lv.queniujq.cn
unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/
unknown
https://www.youtube.com/
unknown
https://store.steampowered.com/privacy_agreement/
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
unknown
https://lev-tolstoi.com/api
172.67.157.254
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
unknown
https://www.google.com/recaptcha/
unknown
https://checkout.steampowered.com/
unknown
grannyejh.lat
https://store.steampowered.com/;
unknown
https://store.steampowered.com/about/
unknown
https://steamcommunity.com/my/wishlist/
unknown
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
unknown
necklacebudi.lat
https://help.steampowered.com/en/
unknown
https://steamcommunity.com/market/
unknown
https://store.steampowered.com/news/
unknown
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
unknown
http://store.steampowered.com/subscriber_agreement/
unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
unknown
https://recaptcha.net/recaptcha/;
unknown
https://steamcommunity.com/discussions/
unknown
https://store.steampowered.com/stats/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
unknown
https://medal.tv
unknown
https://broadcast.st.dl.eccdnx.com
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
unknown
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
unknown
https://store.steampowered.com/steam_refunds/
unknown
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
unknown
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
unknown
crosshuaht.lat
https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
unknown
https://steamcommunity.com/workshop/
unknown
https://login.steampowered.com/
unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
unknown
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
unknown
https://store.steampowered.com/legal/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
unknown
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
unknown
https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
unknown
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
unknown
https://lev-tolstoi.com/2
unknown
https://recaptcha.net
unknown
https://store.steampowered.com/
unknown
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
unknown
http://127.0.0.1:27060
unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
unknown
https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
unknown
https://lev-tolstoi.com/apie
unknown
https://discokeyus.lat/
unknown
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
unknown
https://help.steampowered.com/
unknown
https://api.steampowered.com/
unknown
http://store.steampowered.com/account/cookiepreferences/
unknown
https://store.steampowered.com/mobile
unknown
https://steamcommunity.com/
unknown
discokeyus.lat
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
steamcommunity.com
23.55.153.106
lev-tolstoi.com
172.67.157.254
sustainskelet.lat
unknown
crosshuaht.lat
unknown
rapeflowwj.lat
unknown
grannyejh.lat
unknown
aspecteirs.lat
unknown
sweepyribs.lat
unknown
discokeyus.lat
unknown
energyaffai.lat
unknown
necklacebudi.lat
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.157.254
lev-tolstoi.com
United States
23.55.153.106
steamcommunity.com
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
4820000
direct allocation
page read and write
malicious
B88000
heap
page read and write
39BE000
stack
page read and write
BBD000
heap
page read and write
B1B000
stack
page read and write
D3F000
stack
page read and write
43A1000
heap
page read and write
BB3000
heap
page read and write
2D3E000
stack
page read and write
BC4000
heap
page read and write
31FF000
stack
page read and write
338000
unkown
page execute and read and write
C35000
heap
page read and write
40FF000
stack
page read and write
43A1000
heap
page read and write
50000
unkown
page read and write
B30000
direct allocation
page read and write
43A1000
heap
page read and write
43A1000
heap
page read and write
346000
unkown
page execute and write copy
3BFF000
stack
page read and write
35FE000
stack
page read and write
4D1F000
stack
page read and write
BD2000
heap
page read and write
3C3E000
stack
page read and write
A2000
unkown
page write copy
B30000
direct allocation
page read and write
49A0000
direct allocation
page execute and read and write
3FBF000
stack
page read and write
BD8000
heap
page read and write
4820000
direct allocation
page read and write
3E7F000
stack
page read and write
4ECD000
stack
page read and write
4E80000
remote allocation
page read and write
BD2000
heap
page read and write
333F000
stack
page read and write
26DF000
stack
page read and write
3EBE000
stack
page read and write
513F000
stack
page read and write
3FFE000
stack
page read and write
49A0000
direct allocation
page execute and read and write
4E5E000
stack
page read and write
2FBE000
stack
page read and write
2ABE000
stack
page read and write
26F0000
heap
page read and write
43A1000
heap
page read and write
387E000
stack
page read and write
330000
unkown
page execute and read and write
2E7E000
stack
page read and write
C05000
heap
page read and write
413E000
stack
page read and write
4BDD000
stack
page read and write
93000
unkown
page execute and read and write
3D3F000
stack
page read and write
30FE000
stack
page read and write
347000
unkown
page execute and write copy
495F000
stack
page read and write
B30000
direct allocation
page read and write
C2C000
heap
page read and write
B78000
heap
page read and write
49B0000
direct allocation
page execute and read and write
4E80000
remote allocation
page read and write
BAB000
heap
page read and write
43A1000
heap
page read and write
297E000
stack
page read and write
BC2000
heap
page read and write
27FF000
stack
page read and write
BA0000
heap
page read and write
347F000
stack
page read and write
BCE000
heap
page read and write
49A0000
direct allocation
page execute and read and write
4FCE000
stack
page read and write
43A1000
heap
page read and write
43A1000
heap
page read and write
B30000
direct allocation
page read and write
43A1000
heap
page read and write
B84000
heap
page read and write
2A7F000
stack
page read and write
BC4000
heap
page read and write
49A0000
direct allocation
page execute and read and write
B4A000
heap
page read and write
4E80000
remote allocation
page read and write
43A1000
heap
page read and write
B8A000
heap
page read and write
397F000
stack
page read and write
C1F000
heap
page read and write
8FC000
stack
page read and write
C05000
heap
page read and write
B30000
direct allocation
page read and write
2E3F000
stack
page read and write
ADE000
stack
page read and write
BD8000
heap
page read and write
4ADE000
stack
page read and write
4C1E000
stack
page read and write
43A1000
heap
page read and write
BCE000
heap
page read and write
427E000
stack
page read and write
4D5E000
stack
page read and write
49A0000
direct allocation
page execute and read and write
43A1000
heap
page read and write
283E000
stack
page read and write
C05000
heap
page read and write
49A0000
direct allocation
page execute and read and write
30A000
unkown
page execute and read and write
50000
unkown
page readonly
BC2000
heap
page read and write
373E000
stack
page read and write
C05000
heap
page read and write
4862000
direct allocation
page read and write
36FF000
stack
page read and write
503E000
stack
page read and write
C20000
heap
page read and write
346000
unkown
page execute and read and write
3D7E000
stack
page read and write
B30000
direct allocation
page read and write
B4E000
heap
page read and write
B93000
heap
page read and write
485B000
stack
page read and write
43A1000
heap
page read and write
4980000
direct allocation
page execute and read and write
C23000
heap
page read and write
437F000
stack
page read and write
34BE000
stack
page read and write
337E000
stack
page read and write
43A0000
heap
page read and write
BB3000
heap
page read and write
BCE000
heap
page read and write
A8E000
stack
page read and write
43A1000
heap
page read and write
49EF000
trusted library allocation
page read and write
57B000
stack
page read and write
BC3000
heap
page read and write
43A1000
heap
page read and write
47E0000
trusted library allocation
page read and write
B30000
direct allocation
page read and write
5E0000
heap
page read and write
30BF000
stack
page read and write
43A1000
heap
page read and write
BE6000
heap
page read and write
B30000
direct allocation
page read and write
4990000
direct allocation
page execute and read and write
B30000
direct allocation
page read and write
43A1000
heap
page read and write
2BFE000
stack
page read and write
4820000
direct allocation
page read and write
B30000
direct allocation
page read and write
C1C000
heap
page read and write
B30000
direct allocation
page read and write
43A1000
heap
page read and write
A40000
heap
page read and write
A2E000
stack
page read and write
4380000
heap
page read and write
5F0000
heap
page read and write
B20000
heap
page read and write
BC2000
heap
page read and write
423F000
stack
page read and write
B30000
direct allocation
page read and write
A2000
unkown
page write copy
481E000
stack
page read and write
BE6000
heap
page read and write
43A1000
heap
page read and write
51000
unkown
page execute and read and write
E3E000
stack
page read and write
A4000
unkown
page execute and read and write
BD8000
heap
page read and write
43A1000
heap
page read and write
4E0000
unkown
page execute and read and write
3ABE000
stack
page read and write
49C0000
direct allocation
page execute and read and write
2BBF000
stack
page read and write
22B000
unkown
page execute and read and write
B30000
direct allocation
page read and write
35BF000
stack
page read and write
293F000
stack
page read and write
3AFE000
stack
page read and write
C20000
heap
page read and write
A45000
heap
page read and write
4970000
direct allocation
page execute and read and write
383F000
stack
page read and write
52E0000
heap
page read and write
49D0000
direct allocation
page execute and read and write
B40000
heap
page read and write
C35000
heap
page read and write
51000
unkown
page execute and write copy
2CFF000
stack
page read and write
B30000
direct allocation
page read and write
C05000
heap
page read and write
2F7F000
stack
page read and write
BE5000
heap
page read and write
49AD000
stack
page read and write
26F7000
heap
page read and write
BAA000
heap
page read and write
43A1000
heap
page read and write
BA8000
heap
page read and write
323E000
stack
page read and write
43A1000
heap
page read and write
There are 186 hidden memdumps, click here to show them.