Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

agHzhs8gQd.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\Temp\ndctuqmlimdssk

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\glib-2.0.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\gmodule-2.0.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\gobject-2.0.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\gthread-2.0.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\iconv.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\intl.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\vmtools.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\vmtoolsd.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Setup_UI.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe:Zone.Identifier

ASCII text, with CRLF line terminators

modified

C:\Users\user\AppData\Local\Temp\5738d66a

data

dropped

C:\Users\user\AppData\Local\Temp\foahttyvpup

MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Application.png

PNG image data, 47 x 51, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\crinoid.jpeg

PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Custom.png

PNG image data, 59 x 51, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Folder.png

PNG image data, 37 x 46, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\ISLogoBig.png

PNG image data, 100 x 101, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\ISLogoSmall.png

PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_Close_dark.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_Close_light.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_Min_dark.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_Min_light.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_ProductIcon_dark.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_ProductIcon_light.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_RightArrow.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_click_dark.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_click_light.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_error_dark.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_error_light.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_icon_remove.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_icon_repair.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_icon_update.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_success_dark.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\IS_Minimal_success_light.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\LicenseAgreement.rtf

Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Remove.png

PNG image data, 58 x 51, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Repair.png

PNG image data, 59 x 51, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Setup_UI.xml

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Typical.png

PNG image data, 59 x 51, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\_is8110

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\Application.png

PNG image data, 61 x 69, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\Custom.png

PNG image data, 78 x 69, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\Folder.png

PNG image data, 46 x 39, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\ISLogoBig.png

PNG image data, 100 x 101, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\ISLogoSmall.png

PNG image data, 75 x 75, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_Close_dark.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_Close_light.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_Min_dark.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_Min_light.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_ProductIcon_dark.png

PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_ProductIcon_light.png

PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_RightArrow.png

PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_click_dark.png

PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_click_light.png

PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_error_dark.png

PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_error_light.png

PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_icon_remove.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_icon_repair.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_icon_update.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_success_dark.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\IS_Minimal_success_light.png

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\Remove.png

PNG image data, 50 x 70, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\Repair.png

PNG image data, 79 x 69, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-150\Typical.png

PNG image data, 78 x 69, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\Application.png

PNG image data, 81 x 92, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\Custom.png

PNG image data, 104 x 92, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\Folder.png

PNG image data, 62 x 52, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\ISLogoBig.png

PNG image data, 200 x 203, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\ISLogoSmall.png

PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_Close_dark.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_Close_light.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_Min_dark.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_Min_light.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_ProductIcon_dark.png

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_ProductIcon_light.png

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_RightArrow.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_click_dark.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_click_light.png

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_error_dark.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_error_light.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_icon_remove.png

PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_icon_repair.png

PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_icon_update.png

PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_success_dark.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\IS_Minimal_success_light.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\Remove.png

PNG image data, 67 x 93, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\Repair.png

PNG image data, 105 x 92, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\scale-200\Typical.png

PNG image data, 116 x 102, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\setup.xml

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\SuiteSetup.ini

ASCII text, with CRLF, CR, LF line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.lnk

MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide

dropped

There are 84 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\agHzhs8gQd.exe

"C:\Users\user\Desktop\agHzhs8gQd.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4440
Target ID:	0
Parent PID:	4004
Name:	agHzhs8gQd.exe
Path:	C:\Users\user\Desktop\agHzhs8gQd.exe
Commandline:	"C:\Users\user\Desktop\agHzhs8gQd.exe"
Size:	11471704
MD5:	C836C14219CA56536439CC008608740F
Time:	07:04:10
Date:	13/02/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xfd0000
Modulesize:	1380352
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE / OLE file has an invalid certificate	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Execution From GUID Like Folder Names	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe

"C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe" -IS_temp ORIGINALSETUPEXEDIR="C:\Users\user\Desktop" ORIGINALSETUPEXENAME="agHzhs8gQd.exe"

Details

Is windows:	false
Is dropped:	true
PID:	5272
Target ID:	2
Parent PID:	4440
Name:	_is7F4B.exe
Path:	C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe" -IS_temp ORIGINALSETUPEXEDIR="C:\Users\user\Desktop" ORIGINALSETUPEXENAME="agHzhs8gQd.exe"
Size:	11471704
MD5:	C836C14219CA56536439CC008608740F
Time:	07:04:11
Date:	13/02/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xa20000
Modulesize:	1380352
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Sigma detected: Suspicious Execution From GUID Like Folder Names	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\vmtoolsd.exe

"C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\vmtoolsd.exe"

Details

Is windows:	false
Is dropped:	true
PID:	3704
Target ID:	3
Parent PID:	5272
Name:	vmtoolsd.exe
Path:	C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\vmtoolsd.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\{55B9FA71-57BD-4A52-8476-E475BE1A4E2E}\Coba\vmtoolsd.exe"
Size:	64704
MD5:	AE224C5E196FF381836C9E95DEEBB7D5
Time:	07:04:13
Date:	13/02/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xad0000
Modulesize:	69632
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\netsh.exe

Details

Is windows:	true
Is dropped:	false
PID:	6288
Target ID:	4
Parent PID:	3704
Name:	netsh.exe
Path:	C:\Windows\SysWOW64\netsh.exe
Commandline:	C:\Windows\SysWOW64\netsh.exe
Size:	82432
MD5:	4E89A1A088BE715D6C946E55AB07C7DF
Time:	07:04:13
Date:	13/02/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xa60000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Amadeys stealer DLL	Stealing of Sensitive Information
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses netsh to modify the Windows network and firewall settings	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Startup Folder File Write	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\explorer.exe

Details

Is windows:	true
Is dropped:	false
PID:	4412
Target ID:	9
Parent PID:	6288
Name:	explorer.exe
Class:	explorer
Path:	C:\Windows\SysWOW64\explorer.exe
Commandline:	C:\Windows\SysWOW64\explorer.exe
Size:	4514184
MD5:	DD6597597673F72E10C9DE7901FBA0A8
Time:	07:04:31
Date:	13/02/2025
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xf40000
Modulesize:	4493312
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Amadeys stealer DLL	Stealing of Sensitive Information
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Launches a second explorer.exe instance	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	4832
Target ID:	5
Parent PID:	6288
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	07:04:13
Date:	13/02/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del "C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5392
Target ID:	6
Parent PID:	5272
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	"C:\Windows\system32\cmd.exe" /c del "C:\Users\user\AppData\Local\Temp\{8FE30872-7B9B-4574-8A17-C33E6CAA59E3}\_is7F4B.exe"
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	07:04:18
Date:	13/02/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1c0000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious Execution From GUID Like Folder Names	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	1548
Target ID:	7
Parent PID:	5392
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	07:04:18
Date:	13/02/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

kataraus.info/mbSDvj3/index.php

http://kataraus.info/mbSDvj3/index.phpY

unknown

http://www.vmware.com/0

unknown

http://kataraus.info/mbS5;b

unknown

http://kataraus.info/mbSDvj3/index.phpl

unknown

http://kataraus.info/mbSDvj3/index.php0u0u0u0u

unknown

http://www.freedesktop.org/standards/desktop-bookmarksgrouphttp://www.freedesktop.org/standards/desk

unknown

http://kataraus.info/mbSDvj3/index.php7DCB630485CBDB629D2BF4599BCCAAC1DF

unknown

http://kataraus.info/mbSDvj3/index.phpp

unknown

http://kataraus.info/mbSDvj3/index.phpdh:

unknown

http://kataraus.info/mbS#Xh

unknown

http://kataraus.info/mbSDvj3/index.phpe7j

unknown

http://kataraus.info/mbSDvj3/index.phpa

unknown

http://kataraus.info/mbSDvj3/index.phpoU8

unknown

http://kataraus.info/mbS

unknown

http://kataraus.info/mbSDvj3/index.phpf

unknown

http://kataraus.info/mbSDvj3/index.php044F36178EDCAC3F2B5156A61157B94B76E032CC1B

unknown

http://kataraus.info/mbSDvj3/index.php:

unknown

http://kataraus.info/mbSDvj3/index.phpka

unknown

http://kataraus.info/mbSDvj3/index.php=

unknown

http://kataraus.info/mbSDvj3/index.phpAm8

unknown

http://kataraus.info/mbSDvj3/index.php3

unknown

http://kataraus.info/mbSDvj3/index.php7GV

unknown

http://kataraus.info/mbSDvj3/index.php0u0u

unknown

http://www.freedesktop.org/standards/shared-mime-info

unknown

http://kataraus.info/mbSDvj3/index.php7

unknown

http://kataraus.info/mbSDvj3/index.php5

unknown

http://kataraus.info/mbSDvj3/index.phpK

unknown

http://kataraus.info/mbSDvj3/index.phpBh

unknown

http://kataraus.info/mbSDvj3/index.phpJ

unknown

http://kataraus.info/mbSDvj3/index.phpSY

unknown

http://kataraus.info/mbSDvj3/index.phpkataraus.info5

unknown

http://kataraus.info/mbSDvj3/index.phpM

unknown

http://kataraus.info/mbSDvj3/index.phpaus.infP

unknown

http://kataraus.info/mbSDvj3Zm%

unknown

http://www.flexerasoftware.com0

unknown

http://kataraus.info/mbSDvj3/index.phpB

unknown

http://kataraus.infoR;

unknown

http://kataraus.info/mbSDvj3/index.phpF

unknown

http://kataraus.info/mbSDvj3/index.php_x-

unknown

http://kataraus.info/mbSDvj3/index.phpE

unknown

http://kataraus.info/mbSDvj3/index.phpqG

unknown

http://kataraus.info/mbSDvj3hU%

unknown

http://kataraus.info/mbSDvj3/index.phpqM

unknown

http://kataraus.info/mbSDvj3/ind(

unknown

http://kataraus.info/mbSKU

unknown

http://kataraus.info/mbSDvj3/index.phpxy

unknown

http://www.symauth.com/cps0(

unknown

http://kataraus.info/mbSDvj38

unknown

http://kataraus.info/mbSDvj3/index.phpGo

unknown

http://www.symauth.com/rpa00

unknown

http://kataraus.info/mbSDvj3/index.php

unknown

http://kataraus.info/mbSDvj3/index.phpr

unknown

http://kataraus.info/mbSDvj3x=%

unknown

http://kataraus.info/mbSDvj3/index.phpx

unknown

http://kataraus.info/mbSDvj3/index.phpw

unknown

http://www.info-zip.org/

unknown

http://kataraus.info/mbSDvj3/index.phpQ7f

unknown

http://kataraus.info/mbSS_8

unknown

http://freedesktop.org

unknown

http://kataraus.info/mbSDvj3

unknown

http://kataraus.info/mbSIC

unknown

http://kataraus.info/mbSDvj3/index.php091B166991FFDDFB7DCB630485

unknown

http://kataraus.info/mbSDvj3/index.phpet

unknown

http://kataraus.info/mbSDvj3/index.phpm=6

unknown

http://www.freedesktop.org/standards/desktop-bookmarks

unknown

http://kataraus.info/mbSDvj3/index.php25A71A87A30C0A46282704C5044F36178EDCAC3F2B

unknown

http://kataraus.info/mbSDvj3/index.phpjG6

unknown

http://kataraus.info/mbS2

unknown

http://kataraus.info/mbSDvj3/index.php2hh

unknown

http://kataraus.info/mbSDvj3/index.php85CBDB629D2BF4599B

unknown

http://kataraus.info/mbSDvj3/index.phpkataraus.info

unknown

http://kataraus.#;p

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://kataraus.info/mbSDvj3/index.phpWU

unknown

http://kataraus.info/mbSDvj3/index.phpy7

unknown

http://kataraus.info/mbS;Ub

unknown

http://kataraus.:n

unknown

http://kataraus.info/mbSDvj3/index.php76

unknown

http://kataraus.info/mbSDvj3/index.phpon

unknown

http://kataraus.info/mbSDvj3/index.phprasadhlp.dllx

unknown

https://winscp.net/eng/docs/installation0

unknown

http://kataraus.info/mbSDvj3/index.php?I

unknown

http://www.vmware.com/info?id=99

unknown

http://www.freedesktop.org/standards/desktop-bookmarksgroupshttp://www.freedesktop.org/standards/des

unknown

http://ocsp.thawte.com0

unknown

http://kataraus.info/mbSDvj3/index.phplA6

unknown

http://kataraus.info/mbSDvj3/index.phpPc6

unknown

http://kataraus.info/mbSDvj3/index.phpi;6

unknown

http://www.vmware.com/0/

unknown

http://kataraus.info/mbSDvj3/index.php-Cv

unknown

http://kataraus.&T

unknown

http://kataraus.info

unknown

http://c0rl.m%L

unknown

http://kataraus.info/mbSDvj3/index.p

unknown

http://kataraus.info/mbS6Gb

unknown

http://kataraus.info/mbSDvj3/index.php&

unknown

http://kataraus.info/mbSDvj3/index.php%

unknown

http://kataraus.info/mbSDvj3/index.phpTh

unknown

http://kataraus.info/mbSDvj3/index.phpzoRs6

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

kataraus.info

unknown

Details

Name:	kataraus.info
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\InstallShield\SuiteInstallers\{047144DF-37CC-4421-930E-8F25AD640756}

InfoPath

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

371000

unkown

page execute read

5C70000

direct allocation

page read and write

3BD000

unkown

page write copy

8EE000

heap

page read and write

8DD000

heap

page read and write

13FC000

heap

page read and write

13FC000

heap

page read and write

8FE000

heap

page read and write

1461000

heap

page read and write

8EA000

heap

page read and write

2B70000

stack

page read and write

4C70000

direct allocation

page read and write

6C934000

unkown

page readonly

8F7000

heap

page read and write

8DB000

heap

page read and write

8F6000

heap

page read and write

8F7000

heap

page read and write

140E000

stack

page read and write

8D3000

heap

page read and write

10FA000

unkown

page read and write

8EE000

heap

page read and write

145C000

heap

page read and write

8D8000

heap

page read and write

1103000

unkown

page readonly

FD1000

unkown

page execute read

6E555000

unkown

page read and write

850000

heap

page read and write

10AD000

unkown

page readonly

17AE000

stack

page read and write

8F1000

heap

page read and write

8DC000

heap

page read and write

924000

heap

page read and write

8CA000

heap

page read and write

8D9000

heap

page read and write

8F7000

heap

page read and write

8E1000

heap

page read and write

903000

heap

page read and write

F2C000

stack

page read and write

6C833000

unkown

page write copy

EAE000

stack

page read and write

B4C000

unkown

page write copy

493B000

heap

page read and write

903000

heap

page read and write

91C000

heap

page read and write

903000

heap

page read and write

10AD000

unkown

page readonly

B9B000

trusted library allocation

page read and write

6C80D000

unkown

page readonly

8D7000

heap

page read and write

496C000

stack

page read and write

8F1000

heap

page read and write

8EA000

heap

page read and write

589D000

direct allocation

page read and write

91D000

heap

page read and write

8EA000

heap

page read and write

4A5E000

heap

page read and write

A20000

unkown

page readonly

521F000

stack

page read and write

8EE000

heap

page read and write

918000

heap

page read and write

8BC000

heap

page read and write

8E9000

heap

page read and write

14D0000

heap

page read and write

3BE000

stack

page read and write

8EA000

heap

page read and write

8D7000

heap

page read and write

8F7000

heap

page read and write

8E1000

heap

page read and write

8F5000

heap

page read and write

6F7000

stack

page read and write

903000

heap

page read and write

6C87D000

unkown

page write copy

32DE000

heap

page read and write

15D7000

heap

page read and write

8E7000

heap

page read and write

8D3000

heap

page read and write

8E6000

heap

page read and write

4DB9000

direct allocation

page read and write

4AB0000

direct allocation

page read and write

EEF000

stack

page read and write

17E0000

heap

page read and write

91C000

heap

page read and write

8E5000

heap

page read and write

7D0000

heap

page read and write

488B000

stack

page read and write

903000

heap

page read and write

8F8000

heap

page read and write

8DC000

heap

page read and write

922000

heap

page read and write

2FC000

stack

page read and write

4E2E000

direct allocation

page read and write

F8B000

stack

page read and write

ADB000

unkown

page write copy

2C27000

heap

page read and write

1464000

heap

page read and write

8DC000

heap

page read and write

13DC000

heap

page read and write

8E9000

heap

page read and write

8EA000

heap

page read and write

922000

heap

page read and write

8CA000

heap

page read and write

6C7B0000

unkown

page readonly

1101000

unkown

page readonly

920000

heap

page read and write

6EAF4000

unkown

page read and write

8FC000

heap

page read and write

922000

heap

page read and write

531E000

stack

page read and write

8EA000

heap

page read and write

903000

heap

page read and write

3DD0000

trusted library allocation

page read and write

6EAF5000

unkown

page readonly

8EA000

heap

page read and write

C60000

heap

page read and write

1465000

heap

page read and write

3050000

heap

page read and write

8DD000

heap

page read and write

8FD000

heap

page read and write

91E000

heap

page read and write

8F1000

heap

page read and write

8FC000

heap

page read and write

178E000

stack

page read and write

903000

heap

page read and write

10111000

unkown

page readonly

1010F000

unkown

page read and write

4AD0000

heap

page read and write

A21000

unkown

page execute read

8E9000

heap

page read and write

8E9000

heap

page read and write

903000

heap

page read and write

903000

heap

page read and write

5684000

trusted library allocation

page read and write

1380000

heap

page read and write

8D3000

heap

page read and write

91A000

heap

page read and write

8FD000

heap

page read and write

8EA000

heap

page read and write

8DC000

heap

page read and write

8FE000

heap

page read and write

91D000

heap

page read and write

6C974000

unkown

page write copy

940000

heap

page read and write

8EE000

heap

page read and write

8F4000

heap

page read and write

918000

heap

page read and write

ADB000

unkown

page read and write

8E9000

heap

page read and write

8D7000

heap

page read and write

8D4000

heap

page read and write

918000

heap

page read and write

8E9000

heap

page read and write

918000

heap

page read and write

4C5E000

stack

page read and write

8DD000

heap

page read and write

AD0000

unkown

page readonly

8F7000

heap

page read and write

903000

heap

page read and write

918000

heap

page read and write

922000

heap

page read and write

820000

heap

page read and write

903000

heap

page read and write

8FD000

heap

page read and write

8FC000

heap

page read and write

903000

heap

page read and write

10FA000

unkown

page write copy

8D7000

heap

page read and write

8DE000

heap

page read and write

8FB000

heap

page read and write

8E1000

heap

page read and write

8FC000

heap

page read and write

918000

heap

page read and write

8E6000

heap

page read and write

1459000

heap

page read and write

8E0000

heap

page read and write

8D9000

heap

page read and write

8FD000

heap

page read and write

361F000

stack

page read and write

5B21000

unkown

page read and write

6DE84000

unkown

page read and write

918000

heap

page read and write

1404000

heap

page read and write

1101000

unkown

page readonly

8DC000

heap

page read and write

8EE000

heap

page read and write

8F8000

heap

page read and write

2BDA000

heap

page read and write

6C99F000

unkown

page readonly

8E9000

heap

page read and write

AFD000

unkown

page readonly

8FD000

heap

page read and write

6EAF3000

unkown

page readonly

6C878000

unkown

page readonly

13FB000

heap

page read and write

918000

heap

page read and write

922000

heap

page read and write

1479000

heap

page read and write

8D3000

heap

page read and write

8DB000

heap

page read and write

8EE000

heap

page read and write

903000

heap

page read and write

91E000

heap

page read and write

31D0000

heap

page read and write

903000

heap

page read and write

2BB0000

heap

page read and write

8EA000

heap

page read and write

8EA000

heap

page read and write

91B000

heap

page read and write

532E000

heap

page read and write

8E9000

heap

page read and write

8EE000

heap

page read and write

918000

heap

page read and write

156E000

stack

page read and write

918000

heap

page read and write

918000

heap

page read and write

8D3000

heap

page read and write

1464000

heap

page read and write

924000

heap

page read and write

8EA000

heap

page read and write

8F8000

heap

page read and write

3B9000

unkown

page readonly

164B000

heap

page read and write

6C7B1000

unkown

page execute read

145C000

heap

page read and write

8D3000

heap

page read and write

8DE000

heap

page read and write

903000

heap

page read and write

16AE000

stack

page read and write

8DB000

heap

page read and write

8EA000

heap

page read and write

903000

heap

page read and write

6C83C000

unkown

page read and write

FE0000

heap

page read and write

8E1000

heap

page read and write

6EAF0000

unkown

page readonly

8FC000

heap

page read and write

8DD000

heap

page read and write

14D6000

heap

page read and write

948000

heap

page read and write

8C3000

heap

page read and write

145B000

heap

page read and write

8DD000

heap

page read and write

91F000

heap

page read and write

8F6000

heap

page read and write

8FD000

heap

page read and write

145C000

heap

page read and write

8CA000

heap

page read and write

6C8A1000

unkown

page execute read

903000

heap

page read and write

FDD000

stack

page read and write

8F8000

heap

page read and write

4CE0000

heap

page read and write

8DC000

heap

page read and write

8EC000

heap

page read and write

8D4000

heap

page read and write

12FB000

stack

page read and write

8CA000

heap

page read and write

8BA000

heap

page read and write

8FE000

heap

page read and write

8DF000

heap

page read and write

142E000

heap

page read and write

1469000

heap

page read and write

8D7000

heap

page read and write

8F1000

heap

page read and write

4DBD000

direct allocation

page read and write

8DE000

heap

page read and write

8FD000

heap

page read and write

8EE000

heap

page read and write

903000

heap

page read and write

8E9000

heap

page read and write

8FD000

heap

page read and write

AD1000

unkown

page execute read

8E1000

heap

page read and write

8D3000

heap

page read and write

8D3000

heap

page read and write

8FD000

heap

page read and write

901000

heap

page read and write

1590000

heap

page read and write

AD1000

unkown

page execute read

3783000

trusted library allocation

page read and write

B53000

unkown

page readonly

8E5000

heap

page read and write

B51000

unkown

page readonly

903000

heap

page read and write

8CA000

heap

page read and write

3401000

heap

page read and write

3C40000

heap

page read and write

2C23000

heap

page read and write

8F6000

heap

page read and write

1468000

heap

page read and write

4CD0000

heap

page read and write

8FD000

heap

page read and write

8C0000

heap

page read and write

8CA000

heap

page read and write

8D3000

heap

page read and write

918000

heap

page read and write

8DC000

heap

page read and write

312E000

stack

page read and write

8DC000

heap

page read and write

903000

heap

page read and write

8E9000

heap

page read and write

8D7000

heap

page read and write

1103000

unkown

page readonly

3630000

heap

page read and write

6E557000

unkown

page readonly

924000

heap

page read and write

8DD000

heap

page read and write

6C811000

unkown

page readonly

141D000

heap

page read and write

1465000

heap

page read and write

8CB000

heap

page read and write

903000

heap

page read and write

8DC000

heap

page read and write

6DE80000

unkown

page readonly

3056000

heap

page read and write

8BF000

heap

page read and write

8D6000

heap

page read and write

8FE000

heap

page read and write

133E000

stack

page read and write

903000

heap

page read and write

918000

heap

page read and write

30B000

stack

page read and write

B4A000

unkown

page read and write

8EA000

heap

page read and write

922000

heap

page read and write

34EF000

stack

page read and write

FD1000

unkown

page execute read

4AAD000

stack

page read and write

1420000

heap

page read and write

3A6000

unkown

page readonly

918000

heap

page read and write

903000

heap

page read and write

8EA000

heap

page read and write

8FE000

heap

page read and write

4A6D000

stack

page read and write

8F8000

heap

page read and write

8E6000

heap

page read and write

141D000

heap

page read and write

903000

heap

page read and write

903000

heap

page read and write

8EF000

heap

page read and write

5770000

direct allocation

page read and write

8E1000

heap

page read and write

2F2F000

unkown

page read and write

903000

heap

page read and write

918000

heap

page read and write

8E9000

heap

page read and write

8CC000

heap

page read and write

8EB000

heap

page read and write

8E7000

heap

page read and write

8EB000

heap

page read and write

13D9000

heap

page read and write

91C000

heap

page read and write

8EA000

heap

page read and write

924000

heap

page read and write

91E000

heap

page read and write

8E9000

heap

page read and write

3C20000

heap

page read and write

8CA000

heap

page read and write

5451000

heap

page read and write

8FE000

heap

page read and write

8F3000

heap

page read and write

8EA000

heap

page read and write

918000

heap

page read and write

8EA000

heap

page read and write

918000

heap

page read and write

8F1000

heap

page read and write

370000

unkown

page readonly

8EA000

heap

page read and write

91E000

heap

page read and write

903000

heap

page read and write

141D000

heap

page read and write

8FD000

heap

page read and write

901000

heap

page read and write

13B8000

heap

page read and write

8DC000

heap

page read and write

2D0E000

unkown

page read and write

1464000

heap

page read and write

922000

heap

page read and write

147A000

heap

page read and write

FD0000

unkown

page readonly

B53000

unkown

page readonly

8DC000

heap

page read and write

91E000

heap

page read and write

B53000

trusted library allocation

page read and write

1001E000

unkown

page readonly

8F6000

heap

page read and write

8FE000

heap

page read and write

8DC000

heap

page read and write

8DD000

heap

page read and write

8F7000

heap

page read and write

924000

heap

page read and write

33D000

stack

page read and write

18EF000

stack

page read and write

13D7000

heap

page read and write

91D000

heap

page read and write

6DE71000

unkown

page execute read

858000

heap

page read and write

B51000

unkown

page readonly

8D8000

heap

page read and write

8DE000

heap

page read and write

8FD000

heap

page read and write

8F1000

heap

page read and write

498C000

stack

page read and write

579E000

stack

page read and write

8CA000

heap

page read and write

3CC0000

heap

page read and write

6E556000

unkown

page write copy

1464000

heap

page read and write

8B4000

heap

page read and write

30EA000

heap

page read and write

8E0000

heap

page read and write

8FD000

heap

page read and write

8ED000

heap

page read and write

371E000

stack

page read and write

8CC000

heap

page read and write

8E9000

heap

page read and write

370000

heap

page read and write

322D000

heap

page read and write

6C851000

unkown

page execute read

13B0000

heap

page read and write

6E554000

unkown

page readonly

8FE000

heap

page read and write

8DA000

heap

page read and write

921000

heap

page read and write

8FD000

heap

page read and write

91D000

heap

page read and write

920000

heap

page read and write

918000

heap

page read and write

8F8000

heap

page read and write

1464000

heap

page read and write

8E4000

heap

page read and write

8EB000

heap

page read and write

6E551000

unkown

page execute read

8FE000

heap

page read and write

2BF0000

heap

page read and write

142A000

heap

page read and write

6C894000

unkown

page readonly

8D7000

heap

page read and write

8F8000

heap

page read and write

8E9000

heap

page read and write

56CC000

trusted library allocation

page read and write

91E000

heap

page read and write

922000

heap

page read and write

B4F000

unkown

page read and write

4990000

heap

page read and write

8EE000

heap

page read and write

8FE000

heap

page read and write

8FC000

heap

page read and write

8EA000

heap

page read and write

8EE000

heap

page read and write

91E000

heap

page read and write

8FC000

heap

page read and write

8ED000

heap

page read and write

1464000

heap

page read and write

8E9000

heap

page read and write

B4A000

unkown

page write copy

560E000

stack

page read and write

900000

heap

page read and write

8DA000

heap

page read and write

4C90000

direct allocation

page read and write

6C973000

unkown

page read and write

2F6E000

stack

page read and write

922000

heap

page read and write

8E9000

heap

page read and write

10FC000

unkown

page write copy

8EE000

heap

page read and write

13D8000

heap

page read and write

137E000

stack

page read and write

54BE000

stack

page read and write

924000

heap

page read and write

8EC000

heap

page read and write

8EE000

heap

page read and write

1469000

heap

page read and write

8DB000

heap

page read and write

6FB000

stack

page read and write

922000

heap

page read and write

6C965000

unkown

page readonly

8E0000

heap

page read and write

30E6000

heap

page read and write

922000

heap

page read and write

147D000

heap

page read and write

2D50000

heap

page read and write

142F000

heap

page read and write

A3B000

stack

page read and write

8FD000

heap

page read and write

1459000

heap

page read and write

8DC000

heap

page read and write

8CB000

heap

page read and write

8E6000

heap

page read and write

903000

heap

page read and write

8FE000

heap

page read and write

316E000

stack

page read and write

8DC000

heap

page read and write

3040000

heap

page read and write

1464000

heap

page read and write

8E6000

heap

page read and write

A20000

unkown

page readonly

6DE82000

unkown

page read and write

4C1D000

stack

page read and write

1425000

heap

page read and write

7DC000

stack

page read and write

145C000

heap

page read and write

8F9000

heap

page read and write

8D3000

heap

page read and write

8E5000

heap

page read and write

8FE000

heap

page read and write

91C000

heap

page read and write

8FE000

heap

page read and write

8EA000

heap

page read and write

81B000

stack

page read and write

8EA000

heap

page read and write

31D3000

heap

page read and write

8C2000

heap

page read and write

2BD0000

heap

page read and write

8C7000

heap

page read and write

8FE000

heap

page read and write

1598000

heap

page read and write

8E5000

heap

page read and write

89C000

heap

page read and write

8EC000

heap

page read and write

6C8A0000

unkown

page readonly

8DC000

heap

page read and write

8E5000

heap

page read and write

8EA000

heap

page read and write

547D000

stack

page read and write

13DA000

heap

page read and write

8CA000

heap

page read and write

3057000

heap

page read and write

8E9000

heap

page read and write

903000

heap

page read and write

903000

heap

page read and write

145E000

heap

page read and write

903000

heap

page read and write

8EA000

heap

page read and write

373B000

trusted library allocation

page read and write

8DB000

heap

page read and write

8F5000

heap

page read and write

8DD000

heap

page read and write

903000

heap

page read and write

921000

heap

page read and write

B3F000

stack

page read and write

922000

heap

page read and write

3180000

heap

page read and write

4CF3000

heap

page read and write

903000

heap

page read and write

8EE000

heap

page read and write

8DE000

heap

page read and write

6EAF1000

unkown

page execute read

3631000

heap

page read and write

31D7000

heap

page read and write

2B7F000

stack

page read and write

10001000

unkown

page execute read

5B20000

unkown

page read and write

8DD000

heap

page read and write

918000

heap

page read and write

91E000

heap

page read and write

8EA000

heap

page read and write

8DE000

heap

page read and write

8F7000

heap

page read and write

6C892000

unkown

page read and write

590E000

direct allocation

page read and write

91C000

heap

page read and write

2BA0000

heap

page read and write

91D000

heap

page read and write

8FD000

heap

page read and write

924000

heap

page read and write

8E2000

heap

page read and write

8F3000

heap

page read and write

710000

heap

page read and write

3C0D000

stack

page read and write

903000

heap

page read and write

6DE70000

unkown

page readonly

8EA000

heap

page read and write

922000

heap

page read and write

12F6000

stack

page read and write

30CE000

stack

page read and write

8FC000

heap

page read and write

8FD000

heap

page read and write

1427000

heap

page read and write

10000000

unkown

page readonly

8ED000

heap

page read and write

A21000

unkown

page execute read

8EF000

heap

page read and write

311F000

heap

page read and write

1465000

heap

page read and write

AD7000

unkown

page readonly

8EA000

heap

page read and write

8F6000

heap

page read and write

920000

heap

page read and write

8EA000

heap

page read and write

8E9000

heap

page read and write

146F000

heap

page read and write

AFD000

unkown

page readonly

8F7000

heap

page read and write

8DE000

heap

page read and write

8D8000

heap

page read and write

3B6000

unkown

page read and write

AD7000

unkown

page readonly

8EA000

heap

page read and write

923000

heap

page read and write

8DE000

heap

page read and write

569D000

stack

page read and write

147E000

heap

page read and write

8EA000

heap

page read and write

8EA000

heap

page read and write

3000000

heap

page read and write

3CB0000

heap

page read and write

920000

heap

page read and write

F60000

heap

page read and write

8F3000

heap

page read and write

8CA000

heap

page read and write

8D3000

heap

page read and write

8C8000

heap

page read and write

8E0000

heap

page read and write

8EE000

heap

page read and write

1459000

heap

page read and write

8EA000

heap

page read and write

1425000

heap

page read and write

1402000

heap

page read and write

1010D000

unkown

page readonly

903000

heap

page read and write

8FE000

heap

page read and write

903000

heap

page read and write

6E0000

heap

page read and write

924000

heap

page read and write

8D9000

heap

page read and write

1459000

heap

page read and write

4CF3000

heap

page read and write

8E1000

heap

page read and write

4BDE000

stack

page read and write

5899000

direct allocation

page read and write

8EF000

heap

page read and write

8EA000

heap

page read and write

F90000

heap

page read and write

903000

heap

page read and write

6E550000

unkown

page readonly

922000

heap

page read and write

FF0000

heap

page read and write

13D3000

heap

page read and write

8F7000

heap

page read and write

8F1000

heap

page read and write

8E5000

heap

page read and write

4994000

heap

page read and write

8EA000

heap

page read and write

3FE000

stack

page read and write

1001B000

unkown

page execute read

8E1000

heap

page read and write

2D10000

heap

page read and write

17EE000

stack

page read and write

26E0000

heap

page read and write

8DC000

heap

page read and write

30E0000

heap

page read and write

8DE000

heap

page read and write

8EA000

heap

page read and write

1459000

heap

page read and write

13E0000

heap

page read and write

10FF000

unkown

page read and write

922000

heap

page read and write

8E7000

heap

page read and write

FD0000

unkown

page readonly

15AB000

heap

page read and write

8E9000

heap

page read and write

ADC000

unkown

page readonly

381E000

stack

page read and write

6DE85000

unkown

page readonly

8E9000

heap

page read and write

8FC000

heap

page read and write

1428000

heap

page read and write

142D000

heap

page read and write

ADC000

unkown

page readonly

6C850000

unkown

page readonly

8D9000

heap

page read and write

8FD000

heap

page read and write

8DE000

heap

page read and write

3B0B000

stack

page read and write

903000

heap

page read and write

600000

heap

page read and write

141F000

heap

page read and write

8F9000

heap

page read and write

91E000

heap

page read and write

13FA000

heap

page read and write

8EA000

heap

page read and write

8F1000

heap

page read and write

903000

heap

page read and write

6C840000

unkown

page readonly

8F5000

heap

page read and write

8D3000

heap

page read and write

903000

heap

page read and write

564F000

stack

page read and write

8D9000

heap

page read and write

8E9000

heap

page read and write

8B4000

heap

page read and write

8E3000

heap

page read and write

AD0000

unkown

page readonly

142E000

heap

page read and write

254F000

heap

page read and write

146E000

heap

page read and write

91C000

heap

page read and write

8F1000

heap

page read and write

1460000

heap

page read and write

8ED000

heap

page read and write

922000

heap

page read and write

91A000

heap

page read and write

F2D000

stack

page read and write

8CF000

heap

page read and write

8F8000

heap

page read and write

922000

heap

page read and write

919000

heap

page read and write

8EC000

heap

page read and write

903000

heap

page read and write

55BE000

stack

page read and write

8D3000

heap

page read and write

2D56000

heap

page read and write

92F000

stack

page read and write

12F6000

stack

page read and write

903000

heap

page read and write

8F5000

heap

page read and write

There are 707 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
agHzhs8gQd.exe

Files

Processes

URLs

Domains

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportagHzhs8gQd.exe

Files

Processes

URLs

Domains

Registry

Memdumps

IOC Report
agHzhs8gQd.exe