IOC Report
EZFN op cheats.exe

loading gif

Files

File Path
Type
Category
Malicious
EZFN op cheats.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EZFN op cheats.exe.log
CSV text
dropped
malicious
C:\Users\user\AppData\Roaming\SubDir\Client.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log
CSV text
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\EZFN op cheats.exe
"C:\Users\user\Desktop\EZFN op cheats.exe"
malicious
C:\Windows\System32\schtasks.exe
"schtasks" /create /tn "cheats" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
malicious
C:\Users\user\AppData\Roaming\SubDir\Client.exe
"C:\Users\user\AppData\Roaming\SubDir\Client.exe"
malicious
C:\Users\user\AppData\Roaming\SubDir\Client.exe
C:\Users\user\AppData\Roaming\SubDir\Client.exe
malicious
C:\Windows\System32\schtasks.exe
"schtasks" /create /tn "cheats" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
192.168.137.1
malicious
https://api.ipify.org/
unknown
https://stackoverflow.com/q/14436606/23354
unknown
https://stackoverflow.com/q/2152978/23354sCannot
unknown
https://ipwho.is/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://stackoverflow.com/q/11564914/23354;
unknown

IPs

IP
Domain
Country
Malicious
192.168.137.1
unknown
unknown
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
690000
unkown
page readonly
malicious
372000
unkown
page readonly
malicious
7FF46A130000
trusted library allocation
page execute and read and write
1B282000
heap
page read and write
7FFD9B790000
trusted library allocation
page execute and read and write
7FFD9B990000
trusted library allocation
page read and write
7FFD9B6D4000
trusted library allocation
page read and write
32BE000
stack
page read and write
7FFD9B780000
trusted library allocation
page read and write
F3E000
stack
page read and write
12873000
trusted library allocation
page read and write
7FFD9B960000
trusted library allocation
page read and write
7FFD9B6D6000
trusted library allocation
page read and write
1B793000
heap
page read and write
19ED45D0000
heap
page read and write
1840000
trusted library allocation
page read and write
13B0000
heap
page read and write
E10000
heap
page execute and read and write
1B72E000
stack
page read and write
7FFD9B78C000
trusted library allocation
page execute and read and write
7FFD9BAE2000
trusted library allocation
page read and write
133EE000
trusted library allocation
page read and write
7FFD9B6F4000
trusted library allocation
page read and write
1853000
trusted library allocation
page read and write
7FFD9B6F0000
trusted library allocation
page read and write
7FFD9B8A5000
trusted library allocation
page read and write
B70000
heap
page read and write
1287E000
trusted library allocation
page read and write
3190000
heap
page read and write
7FFD9B8F0000
trusted library allocation
page read and write
7FFD9BB07000
trusted library allocation
page read and write
1B35000
heap
page read and write
936B8FF000
unkown
page read and write
7FFD9B6E3000
trusted library allocation
page read and write
1BF40000
heap
page read and write
30B4000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
12871000
trusted library allocation
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
1B96D000
stack
page read and write
7FFD9B90B000
trusted library allocation
page read and write
B00000
heap
page read and write
7FFD9B6D4000
trusted library allocation
page read and write
7FFD9B6FD000
trusted library allocation
page execute and read and write
D90000
trusted library allocation
page read and write
37AB000
trusted library allocation
page read and write
1300000
heap
page read and write
7FFD9B6ED000
trusted library allocation
page execute and read and write
B40000
heap
page read and write
7FFD9B6B4000
trusted library allocation
page read and write
18AE000
stack
page read and write
7FFD9BA60000
trusted library allocation
page execute and read and write
7FFD9B875000
trusted library allocation
page read and write
1B52A000
heap
page read and write
1BD34000
heap
page read and write
1DED6780000
heap
page read and write
33E1000
trusted library allocation
page read and write
7FFD9B89B000
trusted library allocation
page read and write
1BE3F000
stack
page read and write
7FFD9BB50000
trusted library allocation
page read and write
1057000
heap
page read and write
1DED6760000
heap
page read and write
A20000
heap
page read and write
7FFD9B72C000
trusted library allocation
page execute and read and write
1C044000
heap
page read and write
D40000
heap
page read and write
7FFD9B6B2000
trusted library allocation
page read and write
7FFD9B8BB000
trusted library allocation
page read and write
1C04E000
heap
page read and write
7FFD9BB2C000
trusted library allocation
page read and write
7FFD9B6D3000
trusted library allocation
page execute and read and write
7FFD9B6D3000
trusted library allocation
page execute and read and write
C34000
heap
page read and write
1B319000
stack
page read and write
7FFD9B6D2000
trusted library allocation
page read and write
37A5000
trusted library allocation
page read and write
1BD30000
heap
page read and write
BD0000
heap
page read and write
1C23E000
stack
page read and write
1B760000
heap
page read and write
7FFD9B6F4000
trusted library allocation
page read and write
133E1000
trusted library allocation
page read and write
7FFD9BA50000
trusted library allocation
page read and write
7FFD9B8F0000
trusted library allocation
page read and write
1DED6920000
heap
page read and write
7FFD9B72C000
trusted library allocation
page execute and read and write
1C046000
heap
page read and write
7FFD9BA30000
trusted library allocation
page read and write
7FFD9B7F0000
trusted library allocation
page execute and read and write
7FFD9BAF0000
trusted library allocation
page read and write
12B0000
heap
page read and write
7FFD9B910000
trusted library allocation
page execute and read and write
1060000
heap
page execute and read and write
1BD0E000
stack
page read and write
2B9A000
trusted library allocation
page read and write
7FFD9BA20000
trusted library allocation
page read and write
BBF6B7F000
stack
page read and write
7FFD9B8C0000
trusted library allocation
page read and write
110C000
heap
page read and write
FD0000
heap
page read and write
12DA5000
trusted library allocation
page read and write
1B92F000
stack
page read and write
1860000
heap
page read and write
1305000
heap
page read and write
2871000
trusted library allocation
page read and write
1CB0E000
stack
page read and write
1A8A0000
trusted library allocation
page read and write
1055000
heap
page read and write
37A3000
trusted library allocation
page read and write
1BC3E000
stack
page read and write
7FFD9BB20000
trusted library allocation
page read and write
7FFD9B7B6000
trusted library allocation
page execute and read and write
2D91000
trusted library allocation
page read and write
E30000
heap
page read and write
1072000
heap
page read and write
BBF6AFF000
unkown
page read and write
7FFD9B8C5000
trusted library allocation
page read and write
7FFD9B7F0000
trusted library allocation
page execute and read and write
1725000
heap
page read and write
173B000
heap
page read and write
2B98000
trusted library allocation
page read and write
7FFD9BB02000
trusted library allocation
page read and write
7FFD9BB40000
trusted library allocation
page read and write
33DE000
stack
page read and write
DB0000
trusted library allocation
page read and write
1B82F000
stack
page read and write
370000
unkown
page readonly
1030000
heap
page read and write
7FFD9B870000
trusted library allocation
page read and write
7FFD9B6C3000
trusted library allocation
page read and write
7FFD9B7B6000
trusted library allocation
page execute and read and write
7FFD9BB60000
trusted library allocation
page execute and read and write
B69000
heap
page read and write
7FFD9B940000
trusted library allocation
page read and write
379F000
trusted library allocation
page read and write
106E000
heap
page read and write
12879000
trusted library allocation
page read and write
DC0000
heap
page read and write
10C5000
heap
page read and write
3421000
trusted library allocation
page read and write
1BFE4000
heap
page read and write
1080000
heap
page read and write
3419000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
1B30000
heap
page read and write
BE0000
heap
page read and write
7FFD9B760000
trusted library allocation
page read and write
33F0000
trusted library allocation
page read and write
2C00000
heap
page execute and read and write
7FFD9B9A0000
trusted library allocation
page read and write
7FFD9B8F0000
trusted library allocation
page execute and read and write
1BA2E000
stack
page read and write
E35000
heap
page read and write
B20000
heap
page read and write
7FFD9B6DD000
trusted library allocation
page execute and read and write
30B6000
trusted library allocation
page read and write
1C051000
heap
page read and write
1B258000
heap
page read and write
7FFD9B8A0000
trusted library allocation
page read and write
7FFD9B786000
trusted library allocation
page read and write
7FFD9B850000
trusted library allocation
page read and write
EF3000
stack
page read and write
7FFD9B904000
trusted library allocation
page read and write
7FFD9B85C000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
7FFD9B8E0000
trusted library allocation
page read and write
17C7000
heap
page read and write
1BF3F000
stack
page read and write
7FFD9B7D0000
trusted library allocation
page execute and read and write
19ED46AF000
heap
page read and write
1B750000
heap
page read and write
7FFD9B970000
trusted library allocation
page read and write
7FFD9B786000
trusted library allocation
page read and write
7FFD9B78C000
trusted library allocation
page execute and read and write
1CA09000
stack
page read and write
1270000
trusted library allocation
page read and write
7FFD9B6B3000
trusted library allocation
page execute and read and write
1700000
heap
page read and write
1B5DA000
heap
page read and write
13E0000
heap
page read and write
103E000
stack
page read and write
1820000
trusted library allocation
page read and write
1250000
trusted library allocation
page read and write
7FFD9B900000
trusted library allocation
page read and write
1DED67A8000
heap
page read and write
109C000
heap
page read and write
7FFD9B898000
trusted library allocation
page read and write
122F000
stack
page read and write
7FFD9B6DD000
trusted library allocation
page execute and read and write
12D99000
trusted library allocation
page read and write
7FFD9B6D4000
trusted library allocation
page read and write
19ED46A8000
heap
page read and write
1C536000
stack
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
2D8F000
stack
page read and write
19ED48C0000
heap
page read and write
7FFD9B8D0000
trusted library allocation
page read and write
1BE43000
heap
page read and write
7FFD9B881000
trusted library allocation
page read and write
1BD20000
heap
page read and write
B66000
heap
page read and write
7FFD9B870000
trusted library allocation
page read and write
106B000
heap
page read and write
1025000
heap
page read and write
936B97F000
stack
page read and write
B49000
heap
page read and write
1B303000
heap
page read and write
B6C000
heap
page read and write
19ED48C5000
heap
page read and write
1B410000
trusted library allocation
page read and write
2BC0000
heap
page read and write
19ED45F0000
heap
page read and write
7FFD9B8CA000
trusted library allocation
page read and write
7FFD9B8D0000
trusted library allocation
page read and write
1850000
trusted library allocation
page read and write
7D4000
stack
page read and write
7FFD9B6DD000
trusted library allocation
page execute and read and write
7FFD9B76C000
trusted library allocation
page execute and read and write
7FFD9B930000
trusted library allocation
page read and write
7FFD9B70C000
trusted library allocation
page execute and read and write
B7F000
heap
page read and write
7FFD9B766000
trusted library allocation
page read and write
7FFD9B855000
trusted library allocation
page read and write
7FFD9B6CD000
trusted library allocation
page execute and read and write
12D93000
trusted library allocation
page read and write
1BE40000
heap
page read and write
936B879000
stack
page read and write
1B940000
heap
page read and write
1BD62000
heap
page read and write
BEF000
heap
page read and write
32D0000
heap
page execute and read and write
BAC000
heap
page read and write
7FFD9B6D2000
trusted library allocation
page read and write
BBF6A79000
stack
page read and write
7FFD9B6E3000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
1BFF0000
heap
page read and write
1B740000
heap
page execute and read and write
7FFD9B6FD000
trusted library allocation
page execute and read and write
7FFD9B796000
trusted library allocation
page execute and read and write
12D9E000
trusted library allocation
page read and write
1865000
heap
page read and write
D3E000
stack
page read and write
19ED46A0000
heap
page read and write
7FFD9B6BD000
trusted library allocation
page execute and read and write
12B3000
heap
page read and write
1038000
heap
page read and write
7FFD9B8E4000
trusted library allocation
page read and write
FF0000
heap
page read and write
370000
unkown
page readonly
7FFD9B8B8000
trusted library allocation
page read and write
1B240000
heap
page read and write
1340D000
trusted library allocation
page read and write
1AE0A000
stack
page read and write
1BD3F000
stack
page read and write
1020000
heap
page read and write
1708000
heap
page read and write
7FFD9B8B0000
trusted library allocation
page read and write
7FFD9BA40000
trusted library allocation
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
1ADC0000
trusted library allocation
page read and write
1B761000
heap
page read and write
19ED44F0000
heap
page read and write
1B233000
heap
page read and write
7FFD9B6D0000
trusted library allocation
page read and write
7FFD9B8EF000
trusted library allocation
page read and write
3788000
trusted library allocation
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
12885000
trusted library allocation
page read and write
173D000
heap
page read and write
7FFD9BA10000
trusted library allocation
page read and write
BAE000
heap
page read and write
133F9000
trusted library allocation
page read and write
1DED67A0000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
BAA000
heap
page read and write
7FFD9B8B8000
trusted library allocation
page read and write
BD0000
heap
page read and write
1DED6925000
heap
page read and write
10C0000
heap
page read and write
B7C000
heap
page read and write
13C0000
heap
page read and write
1C80E000
stack
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
1361000
stack
page read and write
3416000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page execute and read and write
12D91000
trusted library allocation
page read and write
1ABFF000
heap
page read and write
1DED6680000
heap
page read and write
7FFD9B8C5000
trusted library allocation
page read and write
7FFD9B6F0000
trusted library allocation
page read and write
2C80000
heap
page read and write
7FFD9B8E0000
trusted library allocation
page read and write
1B5CE000
heap
page read and write
16D0000
heap
page read and write
7FFD9B900000
trusted library allocation
page read and write
7FFD9B6D0000
trusted library allocation
page read and write
1767000
heap
page read and write
1B230000
heap
page read and write
7FFD9B8C0000
trusted library allocation
page read and write
1C903000
stack
page read and write
7FFD9B904000
trusted library allocation
page read and write
2BAE000
stack
page read and write
7FFD9BB25000
trusted library allocation
page read and write
7FFD9B8A1000
trusted library allocation
page read and write
1B430000
heap
page read and write
7FFD9B770000
trusted library allocation
page execute and read and write
1B110000
heap
page read and write
7FFD9B910000
trusted library allocation
page execute and read and write
1BD10000
heap
page execute and read and write
7FFD9BA00000
trusted library allocation
page read and write
7FFD9B6FB000
trusted library allocation
page execute and read and write
31B0000
heap
page read and write
7FFD9B6ED000
trusted library allocation
page execute and read and write
1098000
heap
page read and write
There are 306 hidden memdumps, click here to show them.