Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

FRCe39S0oE.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.9493556271057
Filename:	FRCe39S0oE.exe
Filesize:	1888768
MD5:	e3e57941fce3adf22df50c963a91c0e9
SHA1:	ae02f0fa7de34cf993ef6a5287f1516060694fbd
SHA256:	50922beaf74e3b79f0e6e3341dd3a53cca9fb9b26db26c14150873df844a1a41
SHA512:	74d38f31f849396c401a7fbb15662c201e4845e1bb9fd1afeb1de0490e185368e9f5bcfc253d5659f1e7f1b4d52521e925265ae77543cae9242dbca2e749bac3
SSDEEP:	24576:2qezYwUw5GSGCk+J/oSUSXke9vDBBV/mivUpOfnvgR3AIgmJHuKoY5tTOmorSAUP:6zRMdCk+BoPSXZ9X1JQ2IXSEOmyUW
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........BS..,...,...,.../...,...)./.,...(...,.../...,...)...,.......,...(...,...-...,...-.g.,.Y.%...,.Y.....,.Y.....,.Rich..,........

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Hides threads from debuggers	Anti Debugging	Virtualization/Sandbox Evasion
PE file contains section with special chars	System Summary
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)	Boot Survival	Security Software Discovery
Tries to detect sandboxes / dynamic malware analysis system (registry check)	Malware Analysis System Evasion
Tries to detect virtualization through RDTSC time measurements	Malware Analysis System Evasion	System Information Discovery
Tries to evade debugger and weak emulator (self modifying code)	Malware Analysis System Evasion
Checks if the current process is being debugged	Anti Debugging
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Creates files inside the system directory	System Summary	Masquerading
Creates job files (autostart)	Boot Survival	Scheduled Task/Job
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary
Checks the free space of harddrives	Malware Analysis System Evasion
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries a list of all running drivers	Malware Analysis System Evasion
Queries a list of all running processes	Malware Analysis System Evasion
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\PqFatgo[1].exe

PE32+ executable (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\PqFatgo[1].exe
Category:	dropped
Dump:	PqFatgo[1].exe.11.dr
ID:	dr_3
Target ID:	11
Process:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	7.734394940799733
Encrypted:	false
Ssdeep:	98304:JEwfFADGP7mX8ogwgI3HCi4EZd8rKCYEA:JVt7P7C8oXgeH1d8Wz
Size:	3424256
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading

C:\Users\user\AppData\Local\Temp\10341500101\PqFatgo.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\10341500101\PqFatgo.exe
Category:	dropped
Dump:	PqFatgo.exe.11.dr
ID:	dr_4
Target ID:	11
Process:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	7.734394940799733
Encrypted:	false
Ssdeep:	98304:JEwfFADGP7mX8ogwgI3HCi4EZd8rKCYEA:JVt7P7C8oXgeH1d8Wz
Size:	3424256
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Category:	dropped
Dump:	rapes.exe.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\FRCe39S0oE.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.9493556271057
Encrypted:	false
Ssdeep:	24576:2qezYwUw5GSGCk+J/oSUSXke9vDBBV/mivUpOfnvgR3AIgmJHuKoY5tTOmorSAUP:6zRMdCk+BoPSXZ9X1JQ2IXSEOmyUW
Size:	1888768
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Hides threads from debuggers	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)	Boot Survival	Security Software Discovery
Tries to detect sandboxes / dynamic malware analysis system (registry check)	Malware Analysis System Evasion	Security Software Discovery
Tries to detect sandboxes and other dynamic analysis tools (window names)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Checks for debuggers (devices)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings	Security Software Discovery Windows Management Instrumentation
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe:Zone.Identifier

ASCII text, with CRLF line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe:Zone.Identifier
Category:	modified
Dump:	rapes.exe_Zone.Identifier.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\FRCe39S0oE.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Ssdeep:	3:ggPYV:rPYV
Size:	26
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Hides threads from debuggers	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)	Boot Survival	Security Software Discovery
Tries to detect sandboxes / dynamic malware analysis system (registry check)	Malware Analysis System Evasion	Security Software Discovery
Tries to detect sandboxes and other dynamic analysis tools (window names)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Checks for debuggers (devices)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings	Security Software Discovery Windows Management Instrumentation
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

Unicode text, UTF-16, little-endian text, with CRLF line terminators

modified

Details

File:	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Category:	modified
Dump:	MpCmdRun.log.12.dr
ID:	dr_5
Target ID:	12
Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.245336644894351
Encrypted:	false
Ssdeep:	24:QOaqdmuF3rlVv+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVY:FaqdF7nv+AAHdKoqKFxcxkF91
Size:	2464
Whitelisted:	false
Reputation:	low

C:\Windows\Tasks\rapes.job

data

dropped

Details

File:	C:\Windows\Tasks\rapes.job
Category:	dropped
Dump:	rapes.job.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\FRCe39S0oE.exe
Type:	data
Entropy:	3.353888967230538
Encrypted:	false
Ssdeep:	6:k0H3XsMsUEZ+lX1X36tFYSoQI/uy0lwOEt0:k4sMsQ1HVQI/uVwDt0
Size:	276
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Creates job files (autostart)	Boot Survival	Scheduled Task/Job

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\FRCe39S0oE.exe

"C:\Users\user\Desktop\FRCe39S0oE.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7032
Target ID:	0
Parent PID:	4040
Name:	FRCe39S0oE.exe
Path:	C:\Users\user\Desktop\FRCe39S0oE.exe
Commandline:	"C:\Users\user\Desktop\FRCe39S0oE.exe"
Size:	1888768
MD5:	E3E57941FCE3ADF22DF50C963A91C0E9
Time:	11:16:59
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe90000
Modulesize:	4923392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe"

Details

Is windows:	false
Is dropped:	true
PID:	6292
Target ID:	1
Parent PID:	7032
Name:	rapes.exe
Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe"
Size:	1888768
MD5:	E3E57941FCE3ADF22DF50C963A91C0E9
Time:	11:17:03
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x170000
Modulesize:	4923392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Found malware configuration	AV Detection
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Sample uses string decryption to hide its real strings	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe

Details

Is windows:	false
Is dropped:	true
PID:	6332
Target ID:	2
Parent PID:	1080
Name:	rapes.exe
Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Commandline:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Size:	1888768
MD5:	E3E57941FCE3ADF22DF50C963A91C0E9
Time:	11:17:04
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x170000
Modulesize:	4923392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Found malware configuration	AV Detection
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Sample uses string decryption to hide its real strings	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe

Details

Is windows:	false
Is dropped:	true
PID:	2652
Target ID:	11
Parent PID:	1080
Name:	rapes.exe
Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Commandline:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Size:	1888768
MD5:	E3E57941FCE3ADF22DF50C963A91C0E9
Time:	11:18:01
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x170000
Modulesize:	4923392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Found malware configuration	AV Detection
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Sample uses string decryption to hide its real strings	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection

C:\Program Files\Windows Defender\MpCmdRun.exe

"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable

Details

Is windows:	true
Is dropped:	false
PID:	2088
Target ID:	12
Parent PID:	6292
Name:	MpCmdRun.exe
Path:	C:\Program Files\Windows Defender\MpCmdRun.exe
Commandline:	"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Size:	468120
MD5:	B3676839B2EE96983F9ED735CD044159
Time:	11:18:47
Date:	26/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff6876a0000
Modulesize:	479232
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2168
Target ID:	13
Parent PID:	2088
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	11:18:47
Date:	26/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff74be10000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://176.113.115.6/Ni9kiput/index.php

176.113.115.6

Details

Name:	http://176.113.115.6/Ni9kiput/index.php
IP:	176.113.115.6
TargetID:	11
From Memory:	false
Current Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

http://176.113.115.7/files/2043702969/PqFatgo.exe

176.113.115.7

Details

Name:	http://176.113.115.7/files/2043702969/PqFatgo.exe
IP:	176.113.115.7
TargetID:	11
From Memory:	false
Current Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

IPs

Domain

Country

Malicious

176.113.115.6

unknown

Russian Federation

Details

IP:	176.113.115.6
TargetID:	11
Current Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	49505
ASN name:	SELECTELRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

176.113.115.7

unknown

Russian Federation

Details

IP:	176.113.115.7
TargetID:	11
Current Path:	C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	49505
ASN name:	SELECTELRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

E91000

unkown

page execute and read and write

171000

unkown

page execute and read and write

4DE0000

direct allocation

page read and write

4E10000

direct allocation

page read and write

4960000

direct allocation

page read and write

4960000

direct allocation

page read and write

171000

unkown

page execute and read and write

B52000

heap

page read and write

B94000

heap

page read and write

3A9E000

stack

page read and write

28F0000

direct allocation

page read and write

61D000

unkown

page execute and read and write

4A60000

trusted library allocation

page read and write

44CF000

stack

page read and write

C1E000

stack

page read and write

284E000

stack

page read and write

5020000

direct allocation

page execute and read and write

B16000

heap

page read and write

4981000

heap

page read and write

824C000

stack

page read and write

4AE0000

direct allocation

page execute and read and write

4981000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

28F0000

direct allocation

page read and write

4F90000

direct allocation

page execute and read and write

4961000

heap

page read and write

DAE000

stack

page read and write

28D0000

heap

page read and write

4F60000

direct allocation

page execute and read and write

341F000

stack

page read and write

31AF000

stack

page read and write

4961000

heap

page read and write

E30000

heap

page read and write

44D1000

heap

page read and write

4970000

direct allocation

page read and write

44D1000

heap

page read and write

AC1000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

4B40000

direct allocation

page execute and read and write

486E000

stack

page read and write

41EF000

stack

page read and write

44D1000

heap

page read and write

4AF0000

direct allocation

page execute and read and write

4981000

heap

page read and write

4981000

heap

page read and write

4B50000

direct allocation

page execute and read and write

4981000

heap

page read and write

320F000

stack

page read and write

4960000

direct allocation

page read and write

4981000

heap

page read and write

3F5F000

stack

page read and write

2FCE000

stack

page read and write

B94000

heap

page read and write

28F0000

direct allocation

page read and write

5000000

direct allocation

page execute and read and write

B94000

heap

page read and write

C7A000

heap

page read and write

4F60000

direct allocation

page execute and read and write

3AAE000

stack

page read and write

4981000

heap

page read and write

35AE000

stack

page read and write

EF6000

unkown

page execute and read and write

34CE000

stack

page read and write

422E000

stack

page read and write

1DD000

unkown

page write copy

396E000

stack

page read and write

44D1000

heap

page read and write

43B000

unkown

page execute and read and write

4F1F000

stack

page read and write

A7E000

heap

page read and write

309E000

stack

page read and write

4F90000

direct allocation

page execute and read and write

B3F000

heap

page read and write

B17000

heap

page read and write

40AF000

stack

page read and write

44D1000

heap

page read and write

A7A000

heap

page read and write

5000000

direct allocation

page execute and read and write

B94000

heap

page read and write

338E000

stack

page read and write

2D0F000

stack

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

4970000

direct allocation

page read and write

496F000

stack

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

1DD000

unkown

page write copy

4961000

heap

page read and write

37DF000

stack

page read and write

B3C000

heap

page read and write

4AD0000

direct allocation

page execute and read and write

6230000

heap

page read and write

4981000

heap

page read and write

4F60000

direct allocation

page execute and read and write

7CA000

stack

page read and write

B10000

heap

page read and write

4981000

heap

page read and write

B94000

heap

page read and write

B94000

heap

page read and write

310E000

stack

page read and write

44D1000

heap

page read and write

30AE000

stack

page read and write

1080000

unkown

page execute and read and write

44D1000

heap

page read and write

F60000

direct allocation

page read and write

4F90000

direct allocation

page execute and read and write

43CE000

stack

page read and write

4981000

heap

page read and write

F60000

direct allocation

page read and write

4981000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

482000

unkown

page execute and write copy

305F000

stack

page read and write

44D1000

heap

page read and write

46DF000

stack

page read and write

4F60000

direct allocation

page execute and read and write

44D1000

heap

page read and write

2E2E000

stack

page read and write

36EE000

stack

page read and write

133D000

unkown

page execute and read and write

B94000

heap

page read and write

4990000

heap

page read and write

B94000

heap

page read and write

3CDF000

stack

page read and write

F60000

direct allocation

page read and write

AA5000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

171000

unkown

page execute and write copy

44D1000

heap

page read and write

B3F000

heap

page read and write

4970000

direct allocation

page read and write

400E000

stack

page read and write

838E000

stack

page read and write

4B90000

direct allocation

page execute and read and write

44D1000

heap

page read and write

4FE0000

direct allocation

page execute and read and write

4981000

heap

page read and write

49C5000

direct allocation

page read and write

4F40000

direct allocation

page execute and read and write

37EF000

stack

page read and write

B14000

heap

page read and write

6D70000

heap

page read and write

4960000

heap

page read and write

3D8E000

stack

page read and write

28F0000

direct allocation

page read and write

4981000

heap

page read and write

4DE0000

direct allocation

page read and write

469000

unkown

page execute and read and write

4981000

heap

page read and write

2D4E000

stack

page read and write

346E000

stack

page read and write

4981000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

44D1000

heap

page read and write

4981000

heap

page read and write

472E000

stack

page read and write

44D1000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

41DF000

stack

page read and write

4981000

heap

page read and write

28F0000

direct allocation

page read and write

45EE000

stack

page read and write

44AE000

stack

page read and write

28F0000

direct allocation

page read and write

4981000

heap

page read and write

7BD000

stack

page read and write

B94000

heap

page read and write

EFF000

unkown

page execute and read and write

61F000

unkown

page execute and write copy

4FB0000

direct allocation

page execute and read and write

EFD000

unkown

page write copy

F60000

direct allocation

page read and write

4960000

direct allocation

page read and write

360000

unkown

page execute and read and write

4F90000

direct allocation

page execute and read and write

2900000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

483000

unkown

page execute and write copy

AD0000

heap

page read and write

359E000

stack

page read and write

64BF000

stack

page read and write

4970000

direct allocation

page read and write

F60000

direct allocation

page read and write

28CE000

stack

page read and write

44D1000

heap

page read and write

5010000

direct allocation

page execute and read and write

39CE000

stack

page read and write

B3B000

heap

page read and write

46EF000

stack

page read and write

2CDE000

stack

page read and write

F70000

heap

page read and write

28F0000

direct allocation

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

334F000

stack

page read and write

3BDE000

stack

page read and write

381E000

stack

page read and write

4B60000

direct allocation

page execute and read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

AEB000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

2A0F000

stack

page read and write

3E5E000

stack

page read and write

4970000

direct allocation

page read and write

B94000

heap

page read and write

3FAE000

stack

page read and write

4AE0000

direct allocation

page execute and read and write

B94000

heap

page read and write

4960000

direct allocation

page read and write

B94000

heap

page read and write

170000

unkown

page readonly

2850000

direct allocation

page read and write

F60000

direct allocation

page read and write

3ACF000

stack

page read and write

4981000

heap

page read and write

2850000

direct allocation

page read and write

4981000

heap

page read and write

4F90000

direct allocation

page execute and read and write

3D1E000

stack

page read and write

61F000

unkown

page execute and write copy

4AC0000

direct allocation

page execute and read and write

ABD000

heap

page read and write

63BE000

stack

page read and write

2C9F000

stack

page read and write

1194000

unkown

page execute and read and write

F60000

direct allocation

page read and write

4981000

heap

page read and write

414E000

stack

page read and write

495F000

stack

page read and write

B26000

heap

page read and write

44D1000

heap

page read and write

40DE000

stack

page read and write

459F000

stack

page read and write

4981000

heap

page read and write

2850000

direct allocation

page read and write

4FF0000

direct allocation

page execute and read and write

4981000

heap

page read and write

4F60000

direct allocation

page execute and read and write

2F1F000

stack

page read and write

4E4E000

stack

page read and write

4F60000

direct allocation

page execute and read and write

4FC0000

direct allocation

page execute and read and write

BC5000

heap

page read and write

49C5000

direct allocation

page read and write

4B10000

direct allocation

page execute and read and write

4981000

heap

page read and write

3F6F000

stack

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

11A2000

unkown

page execute and read and write

11A2000

unkown

page execute and write copy

4981000

heap

page read and write

170000

unkown

page readonly

4E75000

direct allocation

page read and write

B94000

heap

page read and write

4981000

heap

page read and write

4970000

direct allocation

page read and write

3A5F000

stack

page read and write

B94000

heap

page read and write

B94000

heap

page read and write

2F2F000

stack

page read and write

3D2E000

stack

page read and write

DEE000

stack

page read and write

61D000

unkown

page execute and read and write

1E0000

unkown

page execute and read and write

B17000

heap

page read and write

B17000

heap

page read and write

3E2F000

stack

page read and write

44D1000

heap

page read and write

374E000

stack

page read and write

4970000

direct allocation

page read and write

123F000

stack

page read and write

2F5E000

stack

page read and write

B3B000

heap

page read and write

3FCF000

stack

page read and write

44D1000

heap

page read and write

3CEF000

stack

page read and write

445F000

stack

page read and write

170000

unkown

page read and write

B2D000

heap

page read and write

44D1000

heap

page read and write

B10000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

5030000

direct allocation

page execute and read and write

B10000

heap

page read and write

4FD0000

direct allocation

page execute and read and write

5040000

direct allocation

page execute and read and write

4981000

heap

page read and write

3B0E000

stack

page read and write

4AC0000

direct allocation

page execute and read and write

3E8F000

stack

page read and write

E47000

heap

page read and write

AF8000

heap

page read and write

2C0F000

stack

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

471E000

stack

page read and write

64FE000

stack

page read and write

449E000

stack

page read and write

410F000

stack

page read and write

BCE000

stack

page read and write

28F0000

direct allocation

page read and write

2850000

direct allocation

page read and write

4981000

heap

page read and write

663E000

stack

page read and write

B94000

heap

page read and write

B52000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

C60000

heap

page read and write

4981000

heap

page read and write

B94000

heap

page read and write

44D1000

heap

page read and write

E2E000

stack

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

F3E000

stack

page read and write

28F0000

direct allocation

page read and write

4AE0000

direct allocation

page execute and read and write

2A97000

heap

page read and write

11A3000

unkown

page execute and write copy

B90000

heap

page read and write

4B20000

direct allocation

page execute and read and write

398F000

stack

page read and write

45D0000

trusted library allocation

page read and write

B94000

heap

page read and write

44D1000

heap

page read and write

6D7E000

heap

page read and write

2850000

direct allocation

page read and write

B52000

heap

page read and write

3D4F000

stack

page read and write

2A90000

heap

page read and write

2DDF000

stack

page read and write

4F60000

direct allocation

page execute and read and write

CAE000

stack

page read and write

4AB0000

direct allocation

page execute and read and write

345E000

stack

page read and write

332E000

stack

page read and write

4981000

heap

page read and write

A30000

heap

page read and write

B3C000

heap

page read and write

4960000

direct allocation

page read and write

4A80000

trusted library allocation

page read and write

32EF000

stack

page read and write

170000

unkown

page readonly

44D1000

heap

page read and write

2B9F000

stack

page read and write

8700000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

B94000

heap

page read and write

3B9F000

stack

page read and write

AA0000

heap

page read and write

4981000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

4981000

heap

page read and write

43B000

unkown

page execute and read and write

4F70000

direct allocation

page execute and read and write

4981000

heap

page read and write

B3B000

heap

page read and write

50B0000

heap

page read and write

28F0000

direct allocation

page read and write

B94000

heap

page read and write

A70000

heap

page read and write

B94000

heap

page read and write

4981000

heap

page read and write

B94000

heap

page read and write

4F60000

heap

page read and write

395E000

stack

page read and write

331E000

stack

page read and write

2E1E000

stack

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

F50000

heap

page read and write

6D80000

heap

page read and write

4B30000

direct allocation

page execute and read and write

482000

unkown

page execute and read and write

F8C000

heap

page read and write

B39000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

F60000

direct allocation

page read and write

4981000

heap

page read and write

673F000

stack

page read and write

AB6000

heap

page read and write

1DD000

unkown

page write copy

485E000

stack

page read and write

E90000

unkown

page readonly

342F000

stack

page read and write

4970000

direct allocation

page read and write

4981000

heap

page read and write

B25000

heap

page read and write

A9E000

stack

page read and write

31DE000

stack

page read and write

370F000

stack

page read and write

116F000

stack

page read and write

2A60000

heap

page read and write

ACE000

heap

page read and write

C7E000

heap

page read and write

4981000

heap

page read and write

1DF000

unkown

page execute and read and write

4981000

heap

page read and write

1189000

unkown

page execute and read and write

3E1F000

stack

page read and write

4981000

heap

page read and write

B94000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

B14000

heap

page read and write

4981000

heap

page read and write

4981000

heap

page read and write

3ECE000

stack

page read and write

2850000

direct allocation

page read and write

E8B000

stack

page read and write

4B80000

direct allocation

page execute and read and write

6D80000

heap

page read and write

F7A000

heap

page read and write

421E000

stack

page read and write

4981000

heap

page read and write

2F8F000

stack

page read and write

4961000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

4970000

direct allocation

page read and write

C5E000

stack

page read and write

4981000

heap

page read and write

B94000

heap

page read and write

EFD000

unkown

page write copy

4970000

direct allocation

page read and write

4F60000

direct allocation

page execute and read and write

4E10000

direct allocation

page read and write

BE0000

heap

page read and write

44D1000

heap

page read and write

4FD0000

direct allocation

page execute and read and write

2DEF000

stack

page read and write

4F4F000

stack

page read and write

848E000

stack

page read and write

B94000

heap

page read and write

B94000

heap

page read and write

4F70000

direct allocation

page execute and read and write

360000

unkown

page execute and read and write

428E000

stack

page read and write

144F000

stack

page read and write

170000

unkown

page read and write

4961000

heap

page read and write

3C4E000

stack

page read and write

382E000

stack

page read and write

2A1E000

stack

page read and write

35CF000

stack

page read and write

85FB000

stack

page read and write

B3F000

heap

page read and write

4981000

heap

page read and write

36AF000

stack

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

ABB000

heap

page read and write

B94000

heap

page read and write

44D1000

heap

page read and write

4FE0000

direct allocation

page execute and read and write

B94000

heap

page read and write

B10000

heap

page read and write

355F000

stack

page read and write

4961000

heap

page read and write

44D1000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

44D1000

heap

page read and write

348F000

stack

page read and write

4981000

heap

page read and write

A40000

heap

page read and write

4FC0000

direct allocation

page execute and read and write

B2D000

heap

page read and write

B3B000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

B3C000

heap

page read and write

482000

unkown

page execute and write copy

474000

unkown

page execute and read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

1DD000

unkown

page write copy

65FF000

stack

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

4981000

heap

page read and write

482000

unkown

page execute and read and write

B94000

heap

page read and write

E90000

unkown

page read and write

F60000

direct allocation

page read and write

28F0000

direct allocation

page read and write

36DE000

stack

page read and write

4F90000

direct allocation

page execute and read and write

6236000

heap

page read and write

4981000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

360E000

stack

page read and write

4970000

direct allocation

page read and write

44D1000

heap

page read and write

B94000

heap

page read and write

4F90000

direct allocation

page execute and read and write

324E000

stack

page read and write

44D1000

heap

page read and write

409F000

stack

page read and write

834C000

stack

page read and write

4961000

heap

page read and write

2850000

direct allocation

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

4980000

heap

page read and write

1DF000

unkown

page execute and read and write

2850000

direct allocation

page read and write

4F60000

direct allocation

page execute and read and write

4FA0000

direct allocation

page execute and read and write

1D6000

unkown

page execute and read and write

4E1E000

stack

page read and write

4F80000

direct allocation

page execute and read and write

30CF000

stack

page read and write

4981000

heap

page read and write

EFD000

stack

page read and write

44D1000

heap

page read and write

6750000

heap

page read and write

4981000

heap

page read and write

280F000

stack

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

424F000

stack

page read and write

4981000

heap

page read and write

B94000

heap

page read and write

4981000

heap

page read and write

431F000

stack

page read and write

4FA0000

direct allocation

page execute and read and write

44D1000

heap

page read and write

8110000

heap

page read and write

AC3000

heap

page read and write

4981000

heap

page read and write

45DE000

stack

page read and write

E6F000

stack

page read and write

F60000

direct allocation

page read and write

AC4000

heap

page read and write

4981000

heap

page read and write

40EE000

stack

page read and write

44D1000

heap

page read and write

4E10000

direct allocation

page read and write

483000

unkown

page execute and write copy

4981000

heap

page read and write

44D1000

heap

page read and write

45AF000

stack

page read and write

4981000

heap

page read and write

1DD000

unkown

page write copy

115B000

unkown

page execute and read and write

2850000

direct allocation

page read and write

86FC000

stack

page read and write

4FF0000

direct allocation

page execute and read and write

B3B000

heap

page read and write

4981000

heap

page read and write

133F000

unkown

page execute and write copy

4AE0000

direct allocation

page execute and read and write

4981000

heap

page read and write

4981000

heap

page read and write

3C0F000

stack

page read and write

2907000

heap

page read and write

4981000

heap

page read and write

2CEF000

stack

page read and write

2F6E000

stack

page read and write

8718000

heap

page read and write

4981000

heap

page read and write

4981000

heap

page read and write

3F9D000

stack

page read and write

432F000

stack

page read and write

4981000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

4981000

heap

page read and write

481F000

stack

page read and write

4FB0000

direct allocation

page execute and read and write

474000

unkown

page execute and read and write

B10000

heap

page read and write

44D1000

heap

page read and write

AEF000

heap

page read and write

4981000

heap

page read and write

B14000

heap

page read and write

2850000

direct allocation

page read and write

469000

unkown

page execute and read and write

A30000

heap

page read and write

E91000

unkown

page execute and write copy

4981000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

3E6E000

stack

page read and write

306F000

stack

page read and write

4981000

heap

page read and write

28F0000

direct allocation

page read and write

F60000

direct allocation

page read and write

4AE0000

direct allocation

page execute and read and write

B14000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

6235000

heap

page read and write

2850000

direct allocation

page read and write

A20000

heap

page read and write

388E000

stack

page read and write

F60000

direct allocation

page read and write

32DF000

stack

page read and write

28F0000

direct allocation

page read and write

B94000

heap

page read and write

ABF000

heap

page read and write

B94000

heap

page read and write

4B70000

direct allocation

page execute and read and write

482F000

stack

page read and write

2A5E000

stack

page read and write

4981000

heap

page read and write

4B00000

direct allocation

page execute and read and write

369F000

stack

page read and write

B14000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

435E000

stack

page read and write

B3C000

stack

page read and write

44D1000

heap

page read and write

B94000

heap

page read and write

44D1000

heap

page read and write

AEE000

heap

page read and write

2E8E000

stack

page read and write

B94000

heap

page read and write

28F0000

direct allocation

page read and write

356F000

stack

page read and write

392F000

stack

page read and write

4A9F000

stack

page read and write

171000

unkown

page execute and write copy

44D1000

heap

page read and write

B94000

heap

page read and write

4970000

direct allocation

page read and write

446F000

stack

page read and write

B94000

heap

page read and write

391F000

stack

page read and write

4F80000

direct allocation

page execute and read and write

BC0000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

44D0000

heap

page read and write

C70000

heap

page read and write

499E000

stack

page read and write

4AE0000

direct allocation

page execute and read and write

44D1000

heap

page read and write

B94000

heap

page read and write

F60000

direct allocation

page read and write

3BEE000

stack

page read and write

44D1000

heap

page read and write

6CB000

stack

page read and write

4981000

heap

page read and write

4E45000

direct allocation

page read and write

45D0000

trusted library allocation

page read and write

BA0000

heap

page read and write

44D1000

heap

page read and write

B17000

heap

page read and write

2850000

direct allocation

page read and write

6D71000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

4981000

heap

page read and write

171000

unkown

page execute and write copy

B53000

heap

page read and write

44D1000

heap

page read and write

288E000

stack

page read and write

4981000

heap

page read and write

4DE0000

direct allocation

page read and write

AF0000

heap

page read and write

F60000

direct allocation

page read and write

4981000

heap

page read and write

4F30000

direct allocation

page execute and read and write

44D1000

heap

page read and write

4981000

heap

page read and write

4F90000

direct allocation

page execute and read and write

871B000

heap

page read and write

B94000

heap

page read and write

4970000

direct allocation

page read and write

31EE000

stack

page read and write

8114000

heap

page read and write

5010000

direct allocation

page execute and read and write

B94000

heap

page read and write

44D1000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

B94000

heap

page read and write

B94000

heap

page read and write

44D1000

heap

page read and write

4F60000

direct allocation

page execute and read and write

2E4F000

stack

page read and write

2B0F000

stack

page read and write

6BC000

stack

page read and write

4AD0000

direct allocation

page execute and read and write

482000

unkown

page execute and write copy

4970000

direct allocation

page read and write

4F50000

direct allocation

page execute and read and write

1D6000

unkown

page execute and read and write

4AE0000

direct allocation

page execute and read and write

4981000

heap

page read and write

4AB0000

direct allocation

page execute and read and write

50B4000

heap

page read and write

4981000

heap

page read and write

4F90000

direct allocation

page execute and read and write

4981000

heap

page read and write

B94000

heap

page read and write

3BAF000

stack

page read and write

4F90000

direct allocation

page execute and read and write

3A6F000

stack

page read and write

4981000

heap

page read and write

4981000

heap

page read and write

438F000

stack

page read and write

4981000

heap

page read and write

44D1000

heap

page read and write

4981000

heap

page read and write

E40000

heap

page read and write

436E000

stack

page read and write

2850000

direct allocation

page read and write

2850000

direct allocation

page read and write

319F000

stack

page read and write

384F000

stack

page read and write

There are 720 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
FRCe39S0oE.exe

Files

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFRCe39S0oE.exe

Files

Processes

URLs

IPs

Memdumps

IOC Report
FRCe39S0oE.exe