Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

MACHINE SPECIFICATIONS.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.437482043020375
Filename:	MACHINE SPECIFICATIONS.exe
Filesize:	1687040
MD5:	34fc8dcc17a913a918b306c481f1c763
SHA1:	880a14e76fbae3e4bbf5a700c9402b17a6c6a868
SHA256:	b9d182b8bdb6e8925aec4665f78264a7e28f699068ad51b998e28ee68bb82405
SHA512:	d67436a48347a9095643df8fcca11801e8e5a58a83982104922c8332cfe249f20362607021548bcbd2c583bec396f9b18e8bb4f0f4d83a6c4ac780a67f20485f
SSDEEP:	49152:Yh+ZkldoPK1XaiH3N55l2XXDz+9JhYBf4OL:Z2cPK1zdGXDz+xY6
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary	Security Software Discovery
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools Security Software Discovery
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery Application Window Discovery
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Valid Accounts Access Token Manipulation Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Native API
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging	Security Software Discovery
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection Disable or Modify Tools
Detected potential crypto function	System Summary	System Time Discovery Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery
Found large amount of non-executed APIs	Malware Analysis System Evasion	System Time Discovery
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	Security Software Discovery System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information Security Software Discovery
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion
Contains functionality to instantiate COM classes	System Summary	Security Software Discovery
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery Security Software Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging	Security Software Discovery
Creates temporary files	System Summary	Security Software Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\786202vrQ

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\786202vrQ
Category:	dropped
Dump:	786202vrQ.4.dr
ID:	dr_1
Target ID:	4
Process:	C:\Windows\SysWOW64\RmClient.exe
Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Entropy:	1.1209867721194036
Encrypted:	false
Ssdeep:	192:72qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:72qOB1nxCkvSAELyKOMq+8QTQKC+
Size:	196608
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\Local\Temp\Dalis

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\Dalis
Category:	dropped
Dump:	Dalis.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
Type:	data
Entropy:	7.993652857478224
Encrypted:	true
Ssdeep:	6144:nY6WKx8LN3TMbTlOpbfcoZIwh8E4c7Hpdt57gjMwRKIlXuk53:YQyLN3YbTkb/Zph8EHJdngLRpuk53
Size:	289280
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe

"C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7104
Target ID:	0
Parent PID:	4056
Name:	MACHINE SPECIFICATIONS.exe
Path:	C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe
Commandline:	"C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe"
Size:	1687040
MD5:	34FC8DCC17A913A918B306C481F1C763
Time:	03:58:35
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb20000
Modulesize:	1712128
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6268
Target ID:	2
Parent PID:	7104
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\MACHINE SPECIFICATIONS.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	03:58:38
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xa0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\IexMqt2DaKEZyYvnrd.exe

"C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\wDEIiNFL2nTgFi.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5604
Target ID:	3
Parent PID:	6268
Name:	IexMqt2DaKEZyYvnrd.exe
Path:	C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\IexMqt2DaKEZyYvnrd.exe
Commandline:	"C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\wDEIiNFL2nTgFi.exe"
Size:	143872
MD5:	9C98D1A23EFAF1B156A130CEA7D2EE3A
Time:	03:58:41
Date:	28/03/2025
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x480000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\RmClient.exe

"C:\Windows\SysWOW64\RmClient.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6656
Target ID:	4
Parent PID:	5604
Name:	RmClient.exe
Path:	C:\Windows\SysWOW64\RmClient.exe
Commandline:	"C:\Windows\SysWOW64\RmClient.exe"
Size:	15360
MD5:	CE765DCC7CDFDC1BFD94CCB772C75E41
Time:	03:58:43
Date:	28/03/2025
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0xef0000
Modulesize:	28672
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\IexMqt2DaKEZyYvnrd.exe

"C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\RC7YGTMY.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2124
Target ID:	6
Parent PID:	6656
Name:	IexMqt2DaKEZyYvnrd.exe
Path:	C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\IexMqt2DaKEZyYvnrd.exe
Commandline:	"C:\Program Files (x86)\SyXPwcovsgyBnimAncDWTfeZLAHUZFFTDxcJNDvPtVVtbugvUDzQfRJdWsqklD\RC7YGTMY.exe"
Size:	143872
MD5:	9C98D1A23EFAF1B156A130CEA7D2EE3A
Time:	03:58:55
Date:	28/03/2025
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x480000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2724
Target ID:	8
Parent PID:	6656
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	03:59:08
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6894a0000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.cjokfbvd.net/wgp3/

104.166.89.204

http://www.xiongsupported.shop/pr5c/

104.21.9.169

http://www.xiongsupported.shop/pr5c/?i0D=Xi/LK6kwyXQKhjKCQL9Nuw5sgizlPuHS/HlWEmGvuZuMTg5EdAzzL2AF+0bP2fPPzrXK77OIZiUqo3lfgNtbWbvn/9PdsdkmkiRzjBkycVp9GvrV7/dJkR+UYfMt4sSY1w==&o4=iBJXOXwHqRvdsxx

104.21.9.169

http://www.motherrucker.shop/t52t/?i0D=yEQzVPits0NhHU2gr4RI6lK78RLVs+xCfKL87vgTtuIHzz1j5f1H41/t+dWnccE+luCcZRKiXFUeFx6af2BrfPz/NH/GKZAdgXNhTFABCD++KEQteMSSXjZGNT87TwTbHg==&o4=iBJXOXwHqRvdsxx

15.197.148.33

http://www.iborn.org/vtfe/?i0D=0BWSKxZteIMvdWwbkh91oKbL4NvnBT/QlXyZVmxR8bAmAzD3t+OZfnLHg22q5MNh4SOsF0UzniEhEnuUD2V1yvH/6S+aIiFvH1AuFj0YcZU0hHFNVq1VQLR4F+zYTsGOMA==&o4=iBJXOXwHqRvdsxx

52.223.13.41

http://www.v153cbo9xcl49.buzz/q18c/

199.59.243.228

http://www.cjokfbvd.net/wgp3/?i0D=FbCmunup9JzbyjawoaUYO20YqMz5RcKn1ZlSYbA9NhRQ5NLtX0xVMyAtOROfqSjnxhBC7hrmjJ3peAjGixZUT33r4Ip3QHEQOUIMZH/wxeurfVbT1nYBFz5X+ylB/Jxe8w==&o4=iBJXOXwHqRvdsxx

104.166.89.204

http://www.strappix.online/3ps2/?o4=iBJXOXwHqRvdsxx&i0D=WXwa1ouCQFjltjxkAh/CTZI/QJYnZJ7RiFZntFtqJtxG/4+QtIGBFRyOqvXMEZndomF/0dELBX9B3HZcejPcji3I1P8obSOeWCdxDu1vnYnEDBpFb24Efl4NUTkDDZM/RQ==

84.32.84.32

http://www.dubaicarpark.xyz/v7hg/?o4=iBJXOXwHqRvdsxx&i0D=WZWKJ9Qw4GKZhbn8MUB5iivld8cr89J1rzv/5bsAiDwAi3JULUOModzom5VDkHubiOmOghqBmGr3eKIIMQjX4xRu2lRFXGlabl4DLkAm1EQi2otgsG2kyYsiaB+bGfQZ+g==

76.223.54.146

http://www.motherrucker.shop/t52t/

15.197.148.33

http://www.dubaicarpark.xyz/v7hg/

76.223.54.146

http://www.lefkosaturklisesi.net/scnj/

77.245.159.55

http://www.vitalbiteb.info/zswz/

172.67.165.31

http://www.anyang-590303492.click/5asc/

199.59.243.160

http://www.iborn.org/vtfe/

52.223.13.41

http://www.v153cbo9xcl49.buzz/q18c/?o4=iBJXOXwHqRvdsxx&i0D=aDm6GKOYr0XmGF3Nrvz8r4CnGLFy+8A+Hc3l0PWcafPryfk5HY5KCLAngANtOU40Me4kyF9duAdDeiOy56Plrgr/o4tM/MZKXU/jCltt8UHwcoNZhmmUVY8O6c2aCjyN9g==

199.59.243.228

http://www.progressreport.sbs/fm0t/

38.180.96.83

http://www.anyang-590303492.click/5asc/?i0D=aFiBmGBHqEtSRV8Cg0RlGSi5TQ6JNnuZv4EZqPlz8fbXA74/mH2vwX8Y+jkph8wmDySORnJ3hzzoOxdxucHlyqeTEhePJlZ1zQpYIuYebwf350JlX/oyurrrinDVfIpPIg==&o4=iBJXOXwHqRvdsxx

199.59.243.160

http://www.progressreport.sbs/fm0t/?i0D=HN0FJPMJqE54WuoAC9rBg+iyPy7iUGoE0RypB5g7CfrFeifDFflhbSZNtLTs7U15HZnIBVPqsxfpJr9ggZsB5iem3OSdmCTVuRrKagxGKxDGgf+JkfXC7lolV3X7374/ew==&o4=iBJXOXwHqRvdsxx

38.180.96.83

http://www.lefkosaturklisesi.net/scnj/?i0D=la6mruIiTl7jT5t2EcPRjP0WeEe/LFy3MvqxRRXa8eFDOUG5BAmqw6OJnO+J4HgW3FZhvM95BaNPh+FihBC2ef+dF/vlHdNiUXxBzK13a6a3wO2soDeUJbdcJB2RnA37+w==&o4=iBJXOXwHqRvdsxx

77.245.159.55

http://www.eioo.org/kiwx/

199.59.243.228

http://www.link6-tesla-nd6.xyz/ncfq/?i0D=+3ITSOfBVIny1mTavZs17Q9376/klX3H2+I+HyXDj8rxQfoe7x2MXudpkRNTSK9fou3Tb2u3jId7JTCKoKkkHzbi1/mIu3L8OX7itiKQ9s8gCEbVC0ZQdGbRXrevBAMDtA==&o4=iBJXOXwHqRvdsxx

172.64.80.1

http://www.strappix.online/3ps2/

84.32.84.32

http://www.eioo.org/kiwx/?i0D=dwrs7e0nshlLwNStdR2kT1v9YE2v1YHtMO32SGCbnOGQbDovHXh4qK/Lb2CeIfWj/mVHBuYbUbIN17xrS6dZWqoFyz00saBdX1SZwJeJaZeKW5OERKuwSjhYoEwuh2SJDQ==&o4=iBJXOXwHqRvdsxx

199.59.243.228

https://duckduckgo.com/ac/?q=

unknown

https://duckduckgo.com/?q=

unknown

https://kb.fastpanel.direct/troubleshoot/

unknown

http://lefkosaturklisesi.net/scnj/?i0D=la6mruIiTl7jT5t2EcPRjP0WeEe/LFy3MvqxRRXa8eFDOUG5BAmqw6OJnO

unknown

https://zz.bdstatic.com/linksubmit/push.js

unknown

https://ac.ecosia.org?q=

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://push.zhanzhang.baidu.com/push.js

unknown

http://www.xiongsupported.shop

unknown

https://www.google.com

unknown

https://www.ecosia.org/newtab/v20w

unknown

https://duckduckgo.com/chrome_newtabv20

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://gemini.google.com/app?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_alldp

unknown

There are 30 hidden URLs, click here to show them.

Domains

Name

Malicious

www.xiongsupported.shop

104.21.9.169

lefkosaturklisesi.net

77.245.159.55

www.apexpoint.top

203.161.38.186

strappix.online

84.32.84.32

www.vitalbiteb.info

172.67.165.31

www.iborn.org

52.223.13.41

www.dubaicarpark.xyz

76.223.54.146

motherrucker.shop

15.197.148.33

www.link6-tesla-nd6.xyz

172.64.80.1

www.cjokfbvd.net

104.166.89.204

www.progressreport.sbs

38.180.96.83

www.anyang-590303492.click

199.59.243.160

94950.bodis.com

199.59.243.228

www.eioo.org

unknown

www.tzurik.click

unknown

www.motherrucker.shop

unknown

www.strappix.online

unknown

www.v153cbo9xcl49.buzz

unknown

www.lefkosaturklisesi.net

unknown

www.ogbos88.cyou

unknown

There are 10 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

76.223.54.146

www.dubaicarpark.xyz

United States

77.245.159.55

lefkosaturklisesi.net

Turkey

203.161.38.186

www.apexpoint.top

Malaysia

84.32.84.32

strappix.online

Lithuania

15.197.148.33

motherrucker.shop

United States

104.21.9.169

www.xiongsupported.shop

United States

52.223.13.41

www.iborn.org

United States

172.67.165.31

www.vitalbiteb.info

United States

38.180.96.83

www.progressreport.sbs

United States

199.59.243.160

www.anyang-590303492.click

United States

104.166.89.204

www.cjokfbvd.net

United States

199.59.243.228

94950.bodis.com

United States

172.64.80.1

www.link6-tesla-nd6.xyz

United States

There are 3 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

5670000

system

page execute and read and write

74E0000

unclassified section

page execute and read and write

800000

trusted library allocation

page read and write

2300000

unkown

page execute and read and write

7B0000

trusted library allocation

page read and write

400000

system

page execute and read and write

110000

system

page execute and read and write

3FE0000

unclassified section

page execute and read and write

6B1000

heap

page read and write

1300000

unkown

page read and write

4254000

unclassified section

page read and write

48F000

unkown

page readonly

12A1000

unkown

page readonly

180000

heap

page read and write

48FC000

unkown

page read and write

480000

unkown

page readonly

145A000

heap

page read and write

6B1000

heap

page read and write

46B000

heap

page read and write

B20000

unkown

page readonly

499000

unkown

page readonly

6B1000

heap

page read and write

4FE000

heap

page read and write

6B1000

heap

page read and write

4D8000

heap

page read and write

3402000

heap

page read and write

6B1000

heap

page read and write

3250000

heap

page read and write

610000

heap

page read and write

76F4000

heap

page read and write

6B1000

heap

page read and write

7FC000

stack

page read and write

3A4D000

direct allocation

page read and write

3A49000

direct allocation

page read and write

3ABE000

direct allocation

page read and write

3413000

heap

page read and write

6B1000

heap

page read and write

F6D000

heap

page read and write

3ADA000

unkown

page read and write

A0000

unkown

page readonly

56D4000

system

page execute and read and write

A0000

unkown

page readonly

6B1000

heap

page read and write

9D0000

trusted library allocation

page read and write

3C0C000

unclassified section

page read and write

6B1000

heap

page read and write

99000

stack

page read and write

11A000

stack

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

DA0000

unkown

page readonly

6B1000

heap

page read and write

D72000

direct allocation

page execute and read and write

103A000

stack

page read and write

1450000

heap

page read and write

301C000

unclassified section

page read and write

471000

heap

page read and write

3780000

direct allocation

page read and write

1C0000

heap

page read and write

1250000

unkown

page read and write

6B1000

heap

page read and write

2099D679000

system

page execute and read and write

5A467FE000

stack

page read and write

CDE000

heap

page read and write

1140000

unkown

page readonly

76FD000

heap

page read and write

FFD000

heap

page read and write

53C000

heap

page read and write

6B1000

heap

page read and write

190000

unkown

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

56E0000

system

page execute and read and write

2F62000

unkown

page read and write

3413000

heap

page read and write

3A4D000

direct allocation

page read and write

6B1000

heap

page read and write

496000

unkown

page read and write

6B1000

heap

page read and write

3A4D000

direct allocation

page read and write

3413000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

2E70000

unkown

page readonly

160000

unkown

page readonly

1320000

heap

page read and write

2099F315000

trusted library allocation

page read and write

27FD000

unkown

page execute and read and write

3C00000

direct allocation

page execute and read and write

1150000

unkown

page readonly

76A4000

heap

page read and write

2D24000

heap

page read and write

6B1000

heap

page read and write

AF0000

heap

page read and write

3920000

direct allocation

page read and write

920000

trusted library allocation

page execute and read and write

6B9000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

323C000

unkown

page read and write

9A5000

heap

page read and write

476000

heap

page read and write

DFE000

stack

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

470000

heap

page read and write

6B1000

heap

page read and write

F9C000

heap

page read and write

2099F030000

trusted library allocation

page read and write

6B1000

heap

page read and write

7D6F000

stack

page read and write

3617000

heap

page read and write

D90000

unkown

page readonly

90000

unkown

page readonly

55B000

heap

page read and write

38E8000

unclassified section

page read and write

6B1000

heap

page read and write

1DCA4000

system

page read and write

9D0000

trusted library allocation

page read and write

496000

unkown

page read and write

47C000

heap

page read and write

1150000

unkown

page readonly

2099D67B000

system

page execute and read and write

2099F300000

trusted library allocation

page read and write

546000

heap

page read and write

6B1000

heap

page read and write

3413000

heap

page read and write

38A3000

direct allocation

page read and write

509000

heap

page read and write

6B1000

heap

page read and write

4CD000

heap

page read and write

3B29000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

1450000

heap

page read and write

7BF000

stack

page read and write

7DC000

heap

page read and write

B0000

unkown

page readonly

6B1000

heap

page read and write

3F90000

unkown

page read and write

2FFB000

stack

page read and write

8E0000

unkown

page readonly

150000

unkown

page readonly

3A49000

direct allocation

page read and write

6B1000

heap

page read and write

2210000

unkown

page readonly

18E1000

unkown

page readonly

470000

heap

page read and write

6B1000

heap

page read and write

2099F310000

trusted library allocation

page read and write

6B1000

heap

page read and write

3920000

direct allocation

page read and write

1E0000

unkown

page readonly

2E70000

unkown

page readonly

6B1000

heap

page read and write

4D52000

unclassified section

page read and write

476000

heap

page read and write

1003000

heap

page read and write

6B1000

heap

page read and write

3ABE000

direct allocation

page read and write

6B1000

heap

page read and write

C71000

unkown

page readonly

6B1000

heap

page read and write

3413000

heap

page read and write

42B4000

unkown

page read and write

3ABE000

direct allocation

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

5A46FFE000

stack

page read and write

6B1000

heap

page read and write

87C000

heap

page read and write

40C2000

unclassified section

page read and write

F69000

heap

page read and write

6B1000

heap

page read and write

517000

heap

page read and write

DA0000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

160000

unkown

page readonly

CD0000

direct allocation

page execute and read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

1046000

heap

page read and write

503000

heap

page read and write

768F000

heap

page read and write

33AE000

stack

page read and write

4DC000

heap

page read and write

6B1000

heap

page read and write

CD7000

heap

page read and write

F58000

heap

page read and write

440000

heap

page read and write

BE3000

unkown

page write copy

4A2E000

unclassified section

page read and write

6B1000

heap

page read and write

BAF000

unkown

page readonly

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

48F000

unkown

page readonly

6B1000

heap

page read and write

6B1000

heap

page read and write

2099D783000

heap

page read and write

2099F321000

trusted library allocation

page read and write

2210000

unkown

page readonly

6B1000

heap

page read and write

6B1000

heap

page read and write

1550000

unkown

page readonly

1A1000

unkown

page readonly

1170000

heap

page read and write

1310000

unkown

page read and write

12B0000

unkown

page read and write

3360000

heap

page read and write

3ABE000

direct allocation

page read and write

61E000

heap

page read and write

D80000

unkown

page readonly

4EDD000

unclassified section

page execute and read and write

3780000

direct allocation

page read and write

1140000

unkown

page readonly

6B1000

heap

page read and write

6B1000

heap

page read and write

4B5000

heap

page read and write

6B1000

heap

page read and write

43E6000

unclassified section

page read and write

43F000

stack

page read and write

2104000

heap

page read and write

6B1000

heap

page read and write

3D29000

direct allocation

page execute and read and write

1550000

unkown

page readonly

1F4000

heap

page read and write

D8000

stack

page read and write

1E0000

heap

page read and write

87E000

stack

page read and write

578C000

unkown

page read and write

6B1000

heap

page read and write

1479000

heap

page read and write

6B1000

heap

page read and write

3F50000

direct allocation

page read and write

1D6FC000

system

page read and write

6B1000

heap

page read and write

3701000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

4474000

unclassified section

page execute and read and write

76BB000

heap

page read and write

2104000

heap

page read and write

2099F4CE000

trusted library allocation

page read and write

6B1000

heap

page read and write

2099D780000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

79E0000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

499000

unkown

page readonly

6B1000

heap

page read and write

3920000

direct allocation

page read and write

496000

unkown

page read and write

6B1000

heap

page read and write

7690000

heap

page read and write

3948000

unkown

page read and write

1B0000

unkown

page read and write

38A3000

direct allocation

page read and write

870000

trusted library allocation

page read and write

6B1000

heap

page read and write

35C4000

unclassified section

page read and write

76E0000

heap

page read and write

610000

heap

page read and write

6B1000

heap

page read and write

56BB000

system

page execute and read and write

6B1000

heap

page read and write

3FA0000

direct allocation

page read and write

1D5E2000

system

page read and write

BCE000

direct allocation

page execute and read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3780000

direct allocation

page read and write

DA8000

heap

page read and write

7CF000

stack

page read and write

481000

unkown

page execute read

142F000

stack

page read and write

44DD000

unclassified section

page execute and read and write

45D8000

unkown

page read and write

2D24000

heap

page read and write

37B6000

unkown

page read and write

58DD000

unclassified section

page execute and read and write

C70000

unkown

page readonly

B0000

unkown

page readonly

4D8000

heap

page read and write

6B1000

heap

page read and write

BDF000

unkown

page write copy

480000

unkown

page readonly

79CE000

stack

page read and write

7698000

heap

page read and write

6B1000

heap

page read and write

142F000

stack

page read and write

170000

unkown

page readonly

34FD000

heap

page read and write

B20000

unkown

page readonly

47C000

heap

page read and write

2100000

heap

page read and write

476A000

unkown

page read and write

6B1000

heap

page read and write

BAF000

unkown

page readonly

6B1000

heap

page read and write

3606000

heap

page read and write

A30000

direct allocation

page execute and read and write

536000

heap

page read and write

8DF000

stack

page read and write

31FD000

unkown

page execute and read and write

1B0000

unkown

page read and write

481000

unkown

page execute read

6B1000

heap

page read and write

6B1000

heap

page read and write

3413000

heap

page read and write

476000

heap

page read and write

3F30000

unclassified section

page read and write

31DC000

unclassified section

page read and write

6B1000

heap

page read and write

61A000

heap

page read and write

6B1000

heap

page read and write

48F000

unkown

page readonly

496000

unkown

page read and write

B00000

heap

page read and write

6B1000

heap

page read and write

3920000

direct allocation

page read and write

159D000

stack

page read and write

4C9000

heap

page read and write

B59000

direct allocation

page execute and read and write

2099F401000

trusted library allocation

page read and write

6B1000

heap

page read and write

2099D77B000

heap

page read and write

6B1000

heap

page read and write

38A3000

direct allocation

page read and write

6B1000

heap

page read and write

5C60000

trusted library allocation

page read and write

489C000

unclassified section

page read and write

1300000

unkown

page read and write

190000

heap

page read and write

1E0000

unkown

page readonly

6B1000

heap

page read and write

100000

heap

page read and write

9A9000

heap

page read and write

6B1000

heap

page read and write

5EE000

stack

page read and write

3FA0000

direct allocation

page read and write

4CD000

heap

page read and write

46D000

heap

page read and write

6B1000

heap

page read and write

12B0000

unkown

page read and write

2D6E000

stack

page read and write

7B0000

trusted library allocation

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

113C000

stack

page read and write

950000

heap

page read and write

31A0000

heap

page read and write

6B1000

heap

page read and write

2794000

unkown

page execute and read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

1170000

heap

page read and write

2099F30E000

trusted library allocation

page read and write

477000

heap

page read and write

3F42000

direct allocation

page execute and read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3A49000

direct allocation

page read and write

145E000

heap

page read and write

4EE000

heap

page read and write

7702000

heap

page read and write

2099F140000

heap

page read and write

39FF000

stack

page read and write

6B1000

heap

page read and write

440000

unkown

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3612000

heap

page read and write

6B1000

heap

page read and write

2F62000

unkown

page read and write

B5D000

direct allocation

page execute and read and write

3A49000

direct allocation

page read and write

F7B000

heap

page read and write

541000

heap

page read and write

12D0000

unkown

page readonly

12E0000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3A49000

direct allocation

page read and write

3780000

direct allocation

page read and write

476000

heap

page read and write

3ECD000

direct allocation

page execute and read and write

145A000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

1250000

unkown

page read and write

3756000

unclassified section

page read and write

6B1000

heap

page read and write

190000

unkown

page read and write

2099F303000

trusted library allocation

page read and write

3413000

heap

page read and write

31B3000

heap

page read and write

6B0000

heap

page read and write

4EE000

heap

page read and write

3413000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

8E0000

unkown

page readonly

76CC000

heap

page read and write

83D000

stack

page read and write

3605000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3624000

heap

page read and write

9D0000

trusted library allocation

page read and write

BD5000

unkown

page readonly

BD5000

unkown

page readonly

6B1000

heap

page read and write

3A4D000

direct allocation

page read and write

3413000

heap

page read and write

6B1000

heap

page read and write

103A000

stack

page read and write

2099D720000

heap

page read and write

6B1000

heap

page read and write

1031000

heap

page read and write

6B1000

heap

page read and write

1325000

heap

page read and write

3A4D000

direct allocation

page read and write

150000

unkown

page readonly

6B1000

heap

page read and write

3D2D000

direct allocation

page execute and read and write

362A000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

2099D650000

system

page execute and read and write

3920000

direct allocation

page read and write

470A000

unclassified section

page read and write

F7E000

heap

page read and write

76F9000

heap

page read and write

6B1000

heap

page read and write

1160000

unkown

page readonly

6B1000

heap

page read and write

129E000

stack

page read and write

6B1000

heap

page read and write

2099F312000

trusted library allocation

page read and write

2FB4000

heap

page read and write

307C000

unkown

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

38FE000

stack

page read and write

3400000

heap

page read and write

4122000

unkown

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

12A1000

unkown

page readonly

2F02000

unclassified section

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

1E0000

heap

page read and write

3617000

heap

page read and write

7DB000

stack

page read and write

3C6C000

unkown

page read and write

1F0000

heap

page read and write

6B1000

heap

page read and write

3B9E000

heap

page read and write

3413000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

11A000

stack

page read and write

48B000

heap

page read and write

6B1000

heap

page read and write

180000

heap

page read and write

7680000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

481000

unkown

page execute read

6B1000

heap

page read and write

FE3000

heap

page read and write

D80000

unkown

page readonly

323C000

unkown

page read and write

3370000

direct allocation

page read and write

3413000

heap

page read and write

2099D750000

heap

page read and write

4E1000

heap

page read and write

3413000

heap

page read and write

4A8E000

unkown

page read and write

6B1000

heap

page read and write

3413000

heap

page read and write

76EF000

heap

page read and write

3280000

heap

page read and write

76E8000

heap

page read and write

CFD000

direct allocation

page execute and read and write

1D8BC000

system

page read and write

7704000

heap

page read and write

6B1000

heap

page read and write

7695000

heap

page read and write

499000

unkown

page readonly

6B1000

heap

page read and write

4446000

unkown

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

145E000

heap

page read and write

3413000

heap

page read and write

3ABE000

direct allocation

page read and write

48F000

unkown

page readonly

6B1000

heap

page read and write

CDE000

heap

page read and write

B21000

unkown

page execute read

46B000

heap

page read and write

2D20000

heap

page read and write

6B1000

heap

page read and write

61A000

heap

page read and write

2099D757000

heap

page read and write

481000

unkown

page execute read

471000

heap

page read and write

2099D783000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

472000

heap

page read and write

46D000

heap

page read and write

76C6000

heap

page read and write

6B1000

heap

page read and write

38A3000

direct allocation

page read and write

38A3000

direct allocation

page read and write

3230000

heap

page read and write

4DB2000

unkown

page read and write

6B1000

heap

page read and write

220F000

stack

page read and write

129E000

stack

page read and write

6B1000

heap

page read and write

5AC000

stack

page read and write

3D9E000

direct allocation

page execute and read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3413000

heap

page read and write

CE0000

direct allocation

page read and write

3780000

direct allocation

page read and write

B21000

unkown

page execute read

D90000

unkown

page readonly

170000

unkown

page readonly

6B1000

heap

page read and write

3605000

heap

page read and write

6B1000

heap

page read and write

768B000

heap

page read and write

3BFD000

unkown

page execute and read and write

2099F4C4000

trusted library allocation

page read and write

BE8000

unkown

page readonly

480000

unkown

page readonly

6B1000

heap

page read and write

199F000

stack

page read and write

6B1000

heap

page read and write

3920000

direct allocation

page read and write

3A49000

direct allocation

page read and write

6B1000

heap

page read and write

1A1000

unkown

page readonly

6B1000

heap

page read and write

BDF000

unkown

page read and write

6B1000

heap

page read and write

2099F4B0000

trusted library allocation

page read and write

2099D677000

system

page execute and read and write

4578000

unclassified section

page read and write

3A4D000

direct allocation

page read and write

6B1000

heap

page read and write

769D000

heap

page read and write

3617000

heap

page read and write

9B000

stack

page read and write

6B1000

heap

page read and write

3FA0000

direct allocation

page read and write

6B1000

heap

page read and write

2099F030000

trusted library allocation

page read and write

1F4000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

3780000

direct allocation

page read and write

6B1000

heap

page read and write

3ED1000

direct allocation

page execute and read and write

6B1000

heap

page read and write

5A47FFE000

stack

page read and write

6B1000

heap

page read and write

43E000

stack

page read and write

5A477FE000

stack

page read and write

76C2000

heap

page read and write

476000

heap

page read and write

2E6F000

stack

page read and write

1034000

heap

page read and write

6B1000

heap

page read and write

860000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

E60000

unkown

page read and write

BE8000

unkown

page readonly

33EE000

stack

page read and write

5AC000

stack

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

2FBC000

stack

page read and write

1320000

heap

page read and write

DA0000

unkown

page readonly

DBD000

stack

page read and write

50D000

heap

page read and write

3A7A000

unclassified section

page read and write

6B1000

heap

page read and write

1079000

heap

page read and write

4DC000

heap

page read and write

7686000

heap

page read and write

5737000

system

page execute and read and write

1F4000

heap

page read and write

6B1000

heap

page read and write

1003000

heap

page read and write

4E1000

heap

page read and write

480000

unkown

page readonly

56C4000

system

page execute and read and write

148D000

heap

page read and write

90000

unkown

page readonly

6B1000

heap

page read and write

18E0000

unkown

page readonly

6B1000

heap

page read and write

468000

heap

page read and write

440000

unkown

page read and write

3A01000

heap

page read and write

2099D710000

heap

page read and write

3A00000

heap

page read and write

2099F200000

trusted library allocation

page read and write

101F000

heap

page read and write

523000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

6B1000

heap

page read and write

5A45FFC000

stack

page read and write

6B1000

heap

page read and write

3800000

heap

page read and write

6B1000

heap

page read and write

499000

unkown

page readonly

61E000

heap

page read and write

12E0000

heap

page read and write

6B1000

heap

page read and write

3600000

heap

page read and write

3413000

heap

page read and write

6B1000

heap

page read and write

1160000

unkown

page readonly

113C000

stack

page read and write

6B1000

heap

page read and write

2099F010000

heap

page read and write

460000

heap

page read and write

6B1000

heap

page read and write

1430000

unkown

page read and write

6B1000

heap

page read and write

1DE000

stack

page read and write

3ABE000

direct allocation

page read and write

3B2D000

heap

page read and write

511000

heap

page read and write

6B1000

heap

page read and write

A1A000

heap

page read and write

12D0000

unkown

page readonly

6B1000

heap

page read and write

31A4000

heap

page read and write

D01000

direct allocation

page execute and read and write

2D20000

heap

page read and write

6B1000

heap

page read and write

2099D76D000

heap

page read and write

3624000

unkown

page read and write

1C0000

heap

page read and write

588C000

unkown

page read and write

2099F030000

trusted library allocation

page read and write

2099F4BE000

trusted library allocation

page read and write

6B1000

heap

page read and write

3923000

heap

page read and write

2100000

heap

page read and write

38A3000

direct allocation

page read and write

There are 668 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MACHINE SPECIFICATIONS.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMACHINE SPECIFICATIONS.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
MACHINE SPECIFICATIONS.exe