Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

rPO2025KTI-1059.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.169918286683416
Filename:	rPO2025KTI-1059.exe
Filesize:	1189376
MD5:	d0d4ac67a31810c43fb2f85f67a8b6f4
SHA1:	58bf2ed6745a10acdad1e48be485c2b94d0c07da
SHA256:	36b91cc1daa2bf80961d885be58addc49aecb83823f72caf1185ade288c2b7bf
SHA512:	6f57a7580fb2c1d28ef5379a48a1babd50218e4d80ba26e67fbe4320292268f73b9d56afc178161e85bfc2a6da92c36b3d7f251d0679f295c6a451fccbc99cc1
SSDEEP:	24576:+u6Jx3O0c+JY5UZ+XC0kGso/WavmZoP5UqCFRWY:QI0c++OCvkGsUWavmc5UXeY
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary	Virtualization/Sandbox Evasion
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion	Access Token Manipulation
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Application Window Discovery
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Valid Accounts Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Native API
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation Access Token Manipulation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Access Token Manipulation
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging	Access Token Manipulation
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to shutdown / reboot the system	System Summary	Access Token Manipulation System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Access Token Manipulation Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found large amount of non-executed APIs	Malware Analysis System Evasion	Access Token Manipulation
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Access Token Manipulation Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	Access Token Manipulation System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains functionality for error logging	System Summary	Access Token Manipulation Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion	Access Token Manipulation
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Access Token Manipulation
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary	Access Token Manipulation
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	Access Token Manipulation System Time Discovery System Information Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	Access Token Manipulation
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Discovery
PE file has an executable .text section and no other executable section	System Summary	Access Token Manipulation
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary	Access Token Manipulation
Sample is known by Antivirus	System Summary	Access Token Manipulation Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary	Security Software Discovery
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\4F950583

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\4F950583
Category:	dropped
Dump:	4F950583.12.dr
ID:	dr_2
Target ID:	12
Process:	C:\Windows\SysWOW64\sfc.exe
Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Entropy:	0.951889861146889
Encrypted:	false
Ssdeep:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaWtPqfPk:CfJ6a9xpnQLqtzKWJntPqfM
Size:	139264
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\Local\Temp\aut36AB.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut36AB.tmp
Category:	dropped
Dump:	aut36AB.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\rPO2025KTI-1059.exe
Type:	data
Entropy:	7.99382678739616
Encrypted:	true
Ssdeep:	6144:dSyfdv7oy2HbQ+S/zZJSCnHAOmN0zdM24B91hkwqwMyDNoTrLx4zS7yG0f:dSyfiy2HWjSCgOhzdM24BbhkSvNkrl2R
Size:	288768
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\wainage

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\wainage
Category:	dropped
Dump:	wainage.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\rPO2025KTI-1059.exe
Type:	data
Entropy:	7.99382678739616
Encrypted:	true
Ssdeep:	6144:dSyfdv7oy2HbQ+S/zZJSCnHAOmN0zdM24B91hkwqwMyDNoTrLx4zS7yG0f:dSyfiy2HWjSCgOhzdM24BbhkSvNkrl2R
Size:	288768
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\rPO2025KTI-1059.exe

"C:\Users\user\Desktop\rPO2025KTI-1059.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7732
Target ID:	0
Parent PID:	3964
Name:	rPO2025KTI-1059.exe
Path:	C:\Users\user\Desktop\rPO2025KTI-1059.exe
Commandline:	"C:\Users\user\Desktop\rPO2025KTI-1059.exe"
Size:	1189376
MD5:	D0D4AC67A31810C43FB2F85F67A8B6F4
Time:	01:31:24
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x730000
Modulesize:	1216512
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\rPO2025KTI-1059.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7748
Target ID:	1
Parent PID:	7732
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\rPO2025KTI-1059.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	01:31:25
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xea0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\BDP7jgHO8P3kKSgeArQ.exe

"C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\XjCOvb8A.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6208
Target ID:	11
Parent PID:	7748
Name:	BDP7jgHO8P3kKSgeArQ.exe
Path:	C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\BDP7jgHO8P3kKSgeArQ.exe
Commandline:	"C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\XjCOvb8A.exe"
Size:	143872
MD5:	9C98D1A23EFAF1B156A130CEA7D2EE3A
Time:	01:32:31
Date:	28/03/2025
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xfc0000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\sfc.exe

"C:\Windows\SysWOW64\sfc.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7384
Target ID:	12
Parent PID:	6208
Name:	sfc.exe
Path:	C:\Windows\SysWOW64\sfc.exe
Commandline:	"C:\Windows\SysWOW64\sfc.exe"
Size:	40448
MD5:	4D2662964EF299131D049EC1278BE08B
Time:	01:32:33
Date:	28/03/2025
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0xaf0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\BDP7jgHO8P3kKSgeArQ.exe

"C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\YS2ARIjS4Cbv.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5668
Target ID:	13
Parent PID:	7384
Name:	BDP7jgHO8P3kKSgeArQ.exe
Path:	C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\BDP7jgHO8P3kKSgeArQ.exe
Commandline:	"C:\Program Files (x86)\UQQPQGRPvsymXVXAJukfXvBOBevtLlyXWjklxFhaWCjKrwhmTXuCrDkEsRCatqROO\YS2ARIjS4Cbv.exe"
Size:	143872
MD5:	9C98D1A23EFAF1B156A130CEA7D2EE3A
Time:	01:32:46
Date:	28/03/2025
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xfc0000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1376
Target ID:	14
Parent PID:	7384
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	01:32:59
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff76aab0000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.hypend.xyz/tekh/?SPxhT=hn5X&bp3L7N0=z5gEihOGDB7WnuLTAQO9muKZThSiJ7F9a5OrXridUNi/TfNTZzeYN00B2pODk5SFuZ2ppKxBKG8kLwcZQB+wXl8A+kxFIWVn/epyP/VxgVdiOj9y8RN5pJo=

209.74.79.41

https://www.ecosia.org/newtab/v20

unknown

https://duckduckgo.com/ac/?q=

unknown

https://duckduckgo.com/?q=

unknown

http://www.hypend.xyz/tekh/

209.74.79.41

https://duckduckgo.com/chrome_newtabv20

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://ac.ecosia.org?q=

unknown

http://www.play-venom-rush.xyz/yt8q/?bp3L7N0=WRKjTn0dll6Qz3UyE21xyejj49mCaCQ97raCxfAySAXOx/ipnyZtE+tC+uiKhs02kc3wz6Sff6xAEylRtbwChhdQGjE6qMic59Cp4/1xZp7iacP8ILZzcp8=&SPxhT=hn5X

172.64.80.1

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://gemini.google.com/app?q=

unknown

http://www.hlkjhu.online/8gml/?bp3L7N0=uagn24tKD9XwqPketrL8vPAAyfhmu7pATFdWjn4YGNyEFoo5H0iTa23WeYKqrGs+/MsKrZvXmlVRnmZA8Xnd/jKaPpngkZRqMSkJ9VYmBlbKsStinMnI1pA=&SPxhT=hn5X

52.223.13.41

https://www.google.com/images/branding/product/ico/googleg_alldph

unknown

http://www.play-venom-rush.xyz/yt8q/

172.64.80.1

http://www.hypend.xyz

unknown

There are 6 hidden URLs, click here to show them.

Domains

Name

Malicious

www.hlkjhu.online

52.223.13.41

Details

Name:	www.hlkjhu.online
IP:	52.223.13.41
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.play-venom-rush.xyz

172.64.80.1

Details

Name:	www.play-venom-rush.xyz
IP:	172.64.80.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS queries to domains with low reputation	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

www.hypend.xyz

209.74.79.41

Details

Name:	www.hypend.xyz
IP:	209.74.79.41
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS queries to domains with low reputation	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

209.74.79.41

www.hypend.xyz

United States

52.223.13.41

www.hlkjhu.online

United States

172.64.80.1

www.play-venom-rush.xyz

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

2C20000

unkown

page execute and read and write

3230000

system

page execute and read and write

7FE0000

unclassified section

page execute and read and write

3FA0000

unclassified section

page execute and read and write

36E0000

trusted library allocation

page read and write

400000

system

page execute and read and write

D90000

system

page execute and read and write

3730000

trusted library allocation

page read and write

1E9F000

stack

page read and write

35C1000

heap

page read and write

812E000

heap

page read and write

40B3000

direct allocation

page read and write

35C1000

heap

page read and write

7B0000

unkown

page readonly

35C1000

heap

page read and write

FB0000

unkown

page read and write

1749000

heap

page read and write

3377000

heap

page read and write

3D72000

unclassified section

page read and write

35C1000

heap

page read and write

C90000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

F50000

unkown

page readonly

4130000

direct allocation

page read and write

3413000

heap

page read and write

3F90000

direct allocation

page read and write

87BE000

stack

page read and write

8220000

trusted library allocation

page read and write

13CF000

stack

page read and write

1710000

unkown

page readonly

35C1000

heap

page read and write

35C1000

heap

page read and write

1381000

unkown

page readonly

3C40000

unkown

page execute and read and write

998000

unkown

page read and write

3D2D000

direct allocation

page execute and read and write

35C1000

heap

page read and write

1FA0000

heap

page read and write

3AFE000

direct allocation

page execute and read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

AA0000

unkown

page readonly

35C0000

heap

page read and write

14D0000

heap

page read and write

891F000

stack

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

8141000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

174A000

heap

page read and write

3413000

heap

page read and write

35C1000

heap

page read and write

361B000

heap

page read and write

25202F81000

system

page execute and read and write

35C1000

heap

page read and write

40B3000

direct allocation

page read and write

7F2000

unkown

page write copy

F4E000

stack

page read and write

42CE000

direct allocation

page read and write

77A000

stack

page read and write

35C1000

heap

page read and write

E1B000

system

page execute and read and write

F80000

unkown

page read and write

35C1000

heap

page read and write

3ED1000

direct allocation

page execute and read and write

3605000

heap

page read and write

FD9000

unkown

page readonly

3313000

heap

page read and write

35C1000

heap

page read and write

1724000

heap

page read and write

4259000

direct allocation

page read and write

35C1000

heap

page read and write

3332000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

33DF000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

700000

unkown

page readonly

FF0000

unkown

page readonly

32D0000

heap

page read and write

35C1000

heap

page read and write

3C40000

heap

page read and write

4374000

unclassified section

page read and write

425D000

direct allocation

page read and write

4130000

direct allocation

page read and write

3302000

heap

page read and write

35C1000

heap

page read and write

335D000

heap

page read and write

2B20000

unkown

page readonly

35C1000

heap

page read and write

35C1000

heap

page read and write

170A000

heap

page read and write

3413000

heap

page read and write

10BA000

heap

page read and write

EFC000

stack

page read and write

FC1000

unkown

page execute read

35C1000

heap

page read and write

3A00000

heap

page read and write

16FB000

heap

page read and write

25204ECE000

trusted library allocation

page read and write

3ECD000

direct allocation

page execute and read and write

35C1000

heap

page read and write

8148000

heap

page read and write

FCF000

unkown

page readonly

33C0000

direct allocation

page read and write

FCF000

unkown

page readonly

B0A000

stack

page read and write

35C1000

heap

page read and write

2F72000

system

page read and write

4259000

direct allocation

page read and write

25202F84000

system

page execute and read and write

33B0000

heap

page read and write

32B4000

heap

page read and write

842F000

stack

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

252030C0000

heap

page read and write

35C1000

heap

page read and write

4130000

direct allocation

page read and write

16DB000

heap

page read and write

3362000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

731000

unkown

page execute read

3400000

heap

page read and write

35C1000

heap

page read and write

252030F0000

heap

page read and write

339C000

heap

page read and write

FD9000

unkown

page readonly

3D29000

direct allocation

page execute and read and write

3304000

heap

page read and write

35CF000

heap

page read and write

3304000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

40B3000

direct allocation

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

FC0000

unkown

page readonly

3200000

heap

page read and write

335D000

heap

page read and write

C50000

unkown

page read and write

330D000

heap

page read and write

690E000

stack

page read and write

28BE000

stack

page read and write

33C5000

heap

page read and write

FD6000

unkown

page read and write

35C1000

heap

page read and write

4259000

direct allocation

page read and write

3574000

system

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

3313000

heap

page read and write

3624000

heap

page read and write

35C1000

heap

page read and write

BF6000

heap

page read and write

4259000

direct allocation

page read and write

8172000

heap

page read and write

36C0000

heap

page read and write

AFC000

stack

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

3402000

heap

page read and write

2BFC000

unkown

page read and write

3B9E000

heap

page read and write

B90000

unkown

page read and write

33C0000

direct allocation

page read and write

13DB000

stack

page read and write

3B2D000

heap

page read and write

2790000

unkown

page readonly

63C0000

unclassified section

page execute and read and write

13BF000

stack

page read and write

10B0000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

3413000

heap

page read and write

7D0000

unkown

page readonly

35C1000

heap

page read and write

1FD0000

direct allocation

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

2FF8000

stack

page read and write

1828000

heap

page read and write

A80000

unkown

page readonly

C9E000

heap

page read and write

A90000

unkown

page readonly

3250000

heap

page read and write

3600000

heap

page read and write

6650000

trusted library allocation

page read and write

4130000

direct allocation

page read and write

2BFC000

unkown

page read and write

3F8C000

unclassified section

page read and write

425D000

direct allocation

page read and write

B60000

unkown

page readonly

3413000

heap

page read and write

14E0000

heap

page read and write

3413000

heap

page read and write

59AF000

stack

page read and write

7F0000

unkown

page read and write

40B3000

direct allocation

page read and write

35C1000

heap

page read and write

3413000

heap

page read and write

35C1000

heap

page read and write

32C0000

heap

page read and write

3D9E000

direct allocation

page execute and read and write

3399000

heap

page read and write

33D5000

heap

page read and write

730000

unkown

page readonly

35C1000

heap

page read and write

3370000

heap

page read and write

7E0000

heap

page read and write

35C1000

heap

page read and write

425D000

direct allocation

page read and write

35C1000

heap

page read and write

16FB000

heap

page read and write

1749000

heap

page read and write

3176000

unkown

page read and write

33BE000

stack

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

2C14000

heap

page read and write

2790000

unkown

page readonly

35C1000

heap

page read and write

4640000

unkown

page execute and read and write

10BA000

heap

page read and write

3389000

heap

page read and write

35C1000

heap

page read and write

3605000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

FB0000

unkown

page read and write

FCF000

unkown

page readonly

3612000

heap

page read and write

35C1000

heap

page read and write

28D0000

heap

page read and write

3850000

trusted library allocation

page execute and read and write

2910000

heap

page read and write

3F90000

direct allocation

page read and write

35C1000

heap

page read and write

E8D000

system

page execute and read and write

2F8C000

stack

page read and write

252030CA000

heap

page read and write

35C1000

heap

page read and write

10BE000

heap

page read and write

25204B20000

heap

page read and write

7F7000

unkown

page readonly

7E4000

unkown

page readonly

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

2FCC000

system

page read and write

3DCC000

unclassified section

page read and write

3F90000

direct allocation

page read and write

BE1000

unkown

page readonly

4130000

direct allocation

page read and write

35C1000

heap

page read and write

87FF000

stack

page read and write

35C1000

heap

page read and write

252030F3000

heap

page read and write

F50000

unkown

page readonly

7F0000

unkown

page read and write

1749000

heap

page read and write

3F42000

direct allocation

page execute and read and write

3617000

heap

page read and write

35C1000

heap

page read and write

3C31000

direct allocation

page execute and read and write

3384000

heap

page read and write

FD6000

unkown

page read and write

815E000

heap

page read and write

3C44000

heap

page read and write

16FC000

heap

page read and write

3413000

heap

page read and write

338E000

heap

page read and write

3377000

heap

page read and write

35C1000

heap

page read and write

A90000

unkown

page readonly

35C1000

heap

page read and write

7C0000

unkown

page readonly

33C0000

direct allocation

page read and write

35C1000

heap

page read and write

38FF000

stack

page read and write

7D0000

unkown

page readonly

83AD000

stack

page read and write

394C000

heap

page read and write

35C1000

heap

page read and write

FC1000

unkown

page execute read

35C1000

heap

page read and write

318C000

system

page read and write

25204D00000

trusted library allocation

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

7BF000

unkown

page readonly

330D000

heap

page read and write

E2B000

system

page execute and read and write

35C1000

heap

page read and write

36C0000

trusted library allocation

page read and write

C9A000

heap

page read and write

35C1000

heap

page read and write

361A000

heap

page read and write

3340000

direct allocation

page read and write

FD6000

unkown

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

E12000

system

page execute and read and write

814E000

heap

page read and write

35C1000

heap

page read and write

3413000

heap

page read and write

170A000

heap

page read and write

35C1000

heap

page read and write

5040000

unkown

page execute and read and write

10E8000

heap

page read and write

35C1000

heap

page read and write

42CE000

direct allocation

page read and write

38DB000

heap

page read and write

35C1000

heap

page read and write

F8E000

stack

page read and write

730000

unkown

page readonly

35C1000

heap

page read and write

25204C00000

trusted library allocation

page read and write

42CE000

direct allocation

page read and write

7EE000

unkown

page read and write

B50000

heap

page read and write

F70000

heap

page read and write

586F000

stack

page read and write

40B3000

direct allocation

page read and write

88DE000

stack

page read and write

A80000

unkown

page readonly

3B29000

heap

page read and write

B50000

heap

page read and write

6F0000

unkown

page readonly

35C1000

heap

page read and write

336D000

heap

page read and write

35C1000

heap

page read and write

37AE000

heap

page read and write

35C1000

heap

page read and write

2A3C000

unkown

page read and write

35C1000

heap

page read and write

3CA2000

direct allocation

page execute and read and write

45C0000

unclassified section

page execute and read and write

35C1000

heap

page read and write

2C10000

heap

page read and write

4FC0000

unclassified section

page execute and read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

700000

unkown

page readonly

35C1000

heap

page read and write

35C1000

heap

page read and write

38D7000

heap

page read and write

25203040000

heap

page read and write

35C1000

heap

page read and write

3A89000

direct allocation

page execute and read and write

35C1000

heap

page read and write

32B4000

heap

page read and write

BD1000

unkown

page readonly

E37000

system

page execute and read and write

336D000

heap

page read and write

3413000

heap

page read and write

35C1000

heap

page read and write

28D4000

heap

page read and write

330D000

heap

page read and write

33CB000

heap

page read and write

7E0000

heap

page read and write

FC1000

unkown

page execute read

8159000

heap

page read and write

32B4000

heap

page read and write

3413000

heap

page read and write

3220000

heap

page read and write

8169000

heap

page read and write

35C1000

heap

page read and write

16D4000

heap

page read and write

816E000

heap

page read and write

FD6000

unkown

page read and write

35C1000

heap

page read and write

816B000

heap

page read and write

3900000

trusted library allocation

page read and write

35C1000

heap

page read and write

59C0000

unclassified section

page execute and read and write

35C1000

heap

page read and write

3CB2000

unclassified section

page read and write

3413000

heap

page read and write

35C1000

heap

page read and write

25203020000

heap

page read and write

FC0000

unkown

page readonly

BE1000

unkown

page readonly

FC0000

unkown

page readonly

3370000

heap

page read and write

16EB000

heap

page read and write

B70000

unkown

page readonly

425D000

direct allocation

page read and write

42CE000

direct allocation

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

EE05DFE000

stack

page read and write

2FBB000

stack

page read and write

35C1000

heap

page read and write

3302000

heap

page read and write

1380000

unkown

page readonly

BF0000

unkown

page read and write

35C1000

heap

page read and write

1749000

heap

page read and write

35C1000

heap

page read and write

353E000

stack

page read and write

1EDE000

stack

page read and write

35C1000

heap

page read and write

33CF000

heap

page read and write

35C1000

heap

page read and write

2EB2000

system

page read and write

35C1000

heap

page read and write

3701000

heap

page read and write

35C1000

heap

page read and write

6F0000

unkown

page readonly

992000

unkown

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

3309000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

2FE4000

unkown

page read and write

35C1000

heap

page read and write

25204E01000

trusted library allocation

page read and write

25204EAE000

trusted library allocation

page read and write

887F000

stack

page read and write

425D000

direct allocation

page read and write

883E000

stack

page read and write

3413000

heap

page read and write

35C1000

heap

page read and write

2050000

heap

page read and write

2922000

unkown

page read and write

35C1000

heap

page read and write

425D000

direct allocation

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

EE065FE000

stack

page read and write

3384000

heap

page read and write

BD1000

unkown

page readonly

3F90000

direct allocation

page read and write

C3E000

unkown

page read and write

35C1000

heap

page read and write

8430000

heap

page read and write

EE04DFC000

stack

page read and write

10B0000

heap

page read and write

35C1000

heap

page read and write

77A000

stack

page read and write

1769000

heap

page read and write

16A0000

heap

page read and write

25203070000

heap

page read and write

3617000

heap

page read and write

4557000

unclassified section

page execute and read and write

16F9000

heap

page read and write

BF0000

heap

page read and write

330D000

heap

page read and write

1380000

unkown

page readonly

35C1000

heap

page read and write

3C00000

direct allocation

page execute and read and write

35C1000

heap

page read and write

1711000

unkown

page readonly

35C1000

heap

page read and write

4130000

direct allocation

page read and write

35C1000

heap

page read and write

252030DC000

heap

page read and write

35C1000

heap

page read and write

16A8000

heap

page read and write

8230000

trusted library allocation

page read and write

B80000

heap

page read and write

32B0000

heap

page read and write

35C1000

heap

page read and write

F90000

unkown

page readonly

335E000

heap

page read and write

E10000

system

page execute and read and write

3413000

heap

page read and write

3F50000

direct allocation

page read and write

25204D03000

trusted library allocation

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

B90000

unkown

page read and write

3320000

heap

page read and write

FF0000

unkown

page readonly

B40000

unkown

page readonly

C9A000

heap

page read and write

35C1000

heap

page read and write

25204D15000

trusted library allocation

page read and write

7F7000

unkown

page readonly

25204D0F000

trusted library allocation

page read and write

330D000

heap

page read and write

42CE000

direct allocation

page read and write

35C1000

heap

page read and write

AA0000

unkown

page readonly

8146000

heap

page read and write

3413000

heap

page read and write

3790000

heap

page read and write

35C1000

heap

page read and write

836C000

stack

page read and write

7C0000

unkown

page readonly

16C3000

heap

page read and write

2C10000

heap

page read and write

35C1000

heap

page read and write

3F90000

direct allocation

page read and write

522C000

stack

page read and write

35C1000

heap

page read and write

DB0000

heap

page read and write

512F000

unkown

page read and write

3413000

heap

page read and write

16D2000

heap

page read and write

B70000

unkown

page readonly

35C1000

heap

page read and write

2B20000

unkown

page readonly

7EE000

unkown

page write copy

35C1000

heap

page read and write

16FB000

heap

page read and write

170A000

heap

page read and write

BF0000

unkown

page read and write

3F90000

direct allocation

page read and write

532F000

stack

page read and write

710000

unkown

page readonly

813C000

heap

page read and write

35C1000

heap

page read and write

F0C000

stack

page read and write

35C1000

heap

page read and write

83EE000

stack

page read and write

29E2000

unkown

page read and write

28D0000

heap

page read and write

694E000

stack

page read and write

35C1000

heap

page read and write

3800000

heap

page read and write

13FD000

stack

page read and write

35C1000

heap

page read and write

7B0000

unkown

page readonly

EFC000

stack

page read and write

B60000

unkown

page readonly

35C1000

heap

page read and write

C9E000

heap

page read and write

8172000

heap

page read and write

D4A000

stack

page read and write

35C1000

heap

page read and write

33BB000

heap

page read and write

7BF000

unkown

page readonly

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

362E000

heap

page read and write

28D4000

heap

page read and write

7E4000

unkown

page readonly

252030EC000

heap

page read and write

3900000

trusted library allocation

page read and write

35C1000

heap

page read and write

B40000

unkown

page readonly

35C1000

heap

page read and write

AFC000

stack

page read and write

16EB000

heap

page read and write

EE055FD000

stack

page read and write

817C000

heap

page read and write

16DB000

heap

page read and write

2C14000

heap

page read and write

37A0000

trusted library allocation

page read and write

1380000

unkown

page readonly

31D7000

unkown

page execute and read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

25204970000

trusted library allocation

page read and write

B0A000

stack

page read and write

2910000

heap

page read and write

35C1000

heap

page read and write

3900000

trusted library allocation

page read and write

BE0000

unkown

page read and write

FCF000

unkown

page readonly

25204EC4000

trusted library allocation

page read and write

35C1000

heap

page read and write

3330000

heap

page read and write

170B000

heap

page read and write

36F2000

heap

page read and write

10BE000

heap

page read and write

35C1000

heap

page read and write

25202F20000

system

page execute and read and write

35C1000

heap

page read and write

FC0000

unkown

page readonly

8165000

heap

page read and write

35C1000

heap

page read and write

32F0000

heap

page read and write

25204970000

trusted library allocation

page read and write

F70000

heap

page read and write

25204970000

trusted library allocation

page read and write

362E000

heap

page read and write

B80000

heap

page read and write

3960000

direct allocation

page execute and read and write

35C1000

heap

page read and write

25204EBE000

trusted library allocation

page read and write

FD9000

unkown

page readonly

35C1000

heap

page read and write

FC1000

unkown

page execute read

3619000

heap

page read and write

35C1000

heap

page read and write

16EB000

heap

page read and write

357E000

stack

page read and write

35C1000

heap

page read and write

35BE000

stack

page read and write

C90000

heap

page read and write

3923000

heap

page read and write

2922000

unkown

page read and write

32F8000

heap

page read and write

4259000

direct allocation

page read and write

25204D21000

trusted library allocation

page read and write

4506000

unclassified section

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

710000

unkown

page readonly

576F000

stack

page read and write

8153000

heap

page read and write

16D2000

heap

page read and write

3A6F000

stack

page read and write

35C1000

heap

page read and write

4259000

direct allocation

page read and write

BE0000

unkown

page read and write

CB9000

heap

page read and write

3240000

unkown

page execute and read and write

35C1000

heap

page read and write

FD9000

unkown

page readonly

814B000

heap

page read and write

42CE000

direct allocation

page read and write

39FE000

stack

page read and write

1FC0000

direct allocation

page execute and read and write

17D8000

heap

page read and write

BF0000

heap

page read and write

33A3000

heap

page read and write

34FE000

stack

page read and write

35C1000

heap

page read and write

3A01000

heap

page read and write

35C1000

heap

page read and write

3C2D000

direct allocation

page execute and read and write

35C1000

heap

page read and write

DFE000

stack

page read and write

40B3000

direct allocation

page read and write

58AE000

stack

page read and write

35C1000

heap

page read and write

2FCB000

stack

page read and write

F80000

unkown

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

35C1000

heap

page read and write

F90000

unkown

page readonly

337E000

stack

page read and write

35C1000

heap

page read and write

C60000

unkown

page read and write

731000

unkown

page execute read

35C1000

heap

page read and write

8130000

heap

page read and write

3A8D000

direct allocation

page execute and read and write

330D000

heap

page read and write

35C1000

heap

page read and write

There are 656 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
rPO2025KTI-1059.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportrPO2025KTI-1059.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
rPO2025KTI-1059.exe