Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

4QihT6CwD8.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-console-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-datetime-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-debug-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-errorhandling-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-file-l2-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-handle-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-heap-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-interlocked-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-libraryloader-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-localization-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-memory-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-namedpipe-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processenvironment-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-processthreads-l1-1-1.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-profile-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-string-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-synch-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-sysinfo-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-timezone-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-core-util-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-conio-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-convert-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-environment-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-filesystem-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-heap-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-locale-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-math-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-multibyte-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-private-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-process-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-runtime-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-stdio-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-string-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-time-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\api-ms-win-crt-utility-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\nssdbm3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\ucrtbase.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\3F5A6467\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\40885317949963744506502.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\aut40C4.tmp

data

dropped

C:\Users\user\AppData\Local\Temp\aut4104.tmp

data

dropped

C:\Users\user\AppData\Local\Temp\lophophorine

data

dropped

C:\Users\user\AppData\Local\Temp\orographically

ASCII text, with very long lines (65536), with no line terminators

dropped

There are 44 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\4QihT6CwD8.exe

"C:\Users\user\Desktop\4QihT6CwD8.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4180
Target ID:	0
Parent PID:	2580
Name:	4QihT6CwD8.exe
Path:	C:\Users\user\Desktop\4QihT6CwD8.exe
Commandline:	"C:\Users\user\Desktop\4QihT6CwD8.exe"
Size:	1223168
MD5:	45DA35E12BE2E8A17E6ACF41F682C7F9
Time:	16:46:53
Date:	29/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x350000
Modulesize:	1245184
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Azorult	Stealing of Sensitive Information
Yara detected Azorult Info Stealer	Stealing of Sensitive Information
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\4QihT6CwD8.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5180
Target ID:	1
Parent PID:	4180
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\4QihT6CwD8.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	16:46:55
Date:	29/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x200000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Azorult	Stealing of Sensitive Information
Yara detected Azorult Info Stealer	Stealing of Sensitive Information
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5548
Target ID:	2
Parent PID:	5180
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	16:47:06
Date:	29/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6816
Target ID:	3
Parent PID:	5548
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	16:47:06
Date:	29/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\timeout.exe

C:\Windows\system32\timeout.exe 3

Details

Is windows:	true
Is dropped:	false
PID:	4888
Target ID:	4
Parent PID:	5548
Name:	timeout.exe
Path:	C:\Windows\SysWOW64\timeout.exe
Commandline:	C:\Windows\system32\timeout.exe 3
Size:	25088
MD5:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Time:	16:47:06
Date:	29/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x9f0000
Modulesize:	40960
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://ln6b9.shop/LN341/index.php

104.21.2.6

Details

Name:	http://ln6b9.shop/LN341/index.php
IP:	104.21.2.6
TargetID:	1
From Memory:	false
Current Path:	C:\Windows\SysWOW64\svchost.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://www.mozilla.com/en-US/blocklist/

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://ln6b9.shop/LN341/index.phpAx

unknown

http://ocsp.thawte.com0

unknown

http://ip-api.com/json

unknown

Details

Name:	http://ip-api.com/json
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\4QihT6CwD8.exe
Source:	4QihT6CwD8.exe, 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.mozilla.com0

unknown

https://dotbit.me/a/

unknown

Details

Name:	https://dotbit.me/a/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\4QihT6CwD8.exe
Source:	4QihT6CwD8.exe, 00000000.00000002.1674725179.0000000001160000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1774295463.0000000000400000.00000040.80000000.00040000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

ln6b9.shop

104.21.2.6

Details

Name:	ln6b9.shop
IP:	104.21.2.6
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

104.21.2.6

ln6b9.shop

United States

Details

IP:	104.21.2.6
TargetID:	1
Current Path:	C:\Windows\SysWOW64\svchost.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	ln6b9.shop

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

400000

system

page execute and read and write

6C30000

direct allocation

page read and write

5E4C000

direct allocation

page read and write

1160000

direct allocation

page read and write

4D98000

direct allocation

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

4DA8000

direct allocation

page read and write

1253000

heap

page read and write

5A10000

direct allocation

page read and write

4D90000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

11E9000

heap

page read and write

3BDE000

direct allocation

page read and write

1253000

heap

page read and write

1282000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

3B6D000

direct allocation

page read and write

7E0000

heap

page read and write

351000

unkown

page execute read

1253000

heap

page read and write

4DA8000

direct allocation

page read and write

4DE8000

direct allocation

page read and write

3B6D000

direct allocation

page read and write

4D94000

direct allocation

page read and write

3EC000

unkown

page readonly

4DA0000

direct allocation

page read and write

3B6D000

direct allocation

page read and write

4D94000

direct allocation

page read and write

1253000

heap

page read and write

11E9000

heap

page read and write

98E000

stack

page read and write

351000

unkown

page execute read

3013000

heap

page read and write

5B60000

direct allocation

page read and write

38A0000

direct allocation

page read and write

58CE000

stack

page read and write

1268000

heap

page read and write

327F000

heap

page read and write

127C000

heap

page read and write

5A20000

direct allocation

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

3A40000

direct allocation

page read and write

127C000

heap

page read and write

5C20000

direct allocation

page read and write

1188000

heap

page read and write

6290000

direct allocation

page read and write

127C000

heap

page read and write

38A0000

direct allocation

page read and write

4D94000

direct allocation

page read and write

1140000

direct allocation

page execute and read and write

4DA0000

direct allocation

page read and write

3296000

heap

page read and write

38A0000

direct allocation

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

3B6D000

direct allocation

page read and write

11E9000

heap

page read and write

327F000

heap

page read and write

3480000

heap

page read and write

350000

unkown

page readonly

350000

unkown

page readonly

127C000

heap

page read and write

3B69000

direct allocation

page read and write

4DB4000

direct allocation

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

2D70000

heap

page read and write

11E9000

heap

page read and write

1253000

heap

page read and write

438000

unkown

page readonly

5B30000

direct allocation

page read and write

4DF8000

direct allocation

page read and write

5BA0000

direct allocation

page read and write

5A10000

direct allocation

page read and write

5A20000

direct allocation

page read and write

39C3000

direct allocation

page read and write

5C50000

direct allocation

page read and write

35F0000

heap

page read and write

67E0000

direct allocation

page read and write

5A80000

direct allocation

page read and write

DBF000

stack

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

5D40000

direct allocation

page read and write

4DD0000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

3B6D000

direct allocation

page read and write

37FF000

stack

page read and write

3B69000

direct allocation

page read and write

11E9000

heap

page read and write

8BE000

stack

page read and write

2DA0000

heap

page read and write

DFF000

stack

page read and write

39C3000

direct allocation

page read and write

1253000

heap

page read and write

3286000

heap

page read and write

1253000

heap

page read and write

6F80000

direct allocation

page read and write

1253000

heap

page read and write

12A7000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

94E000

stack

page read and write

4D94000

direct allocation

page read and write

5C90000

direct allocation

page read and write

127C000

heap

page read and write

775C000

stack

page read and write

127C000

heap

page read and write

424000

unkown

page readonly

4E60000

direct allocation

page read and write

1253000

heap

page read and write

73C000

stack

page read and write

1253000

heap

page read and write

38A0000

direct allocation

page read and write

412000

unkown

page readonly

4D94000

direct allocation

page read and write

1253000

heap

page read and write

123D000

heap

page read and write

11E9000

heap

page read and write

327F000

heap

page read and write

1F40000

heap

page read and write

3BDE000

direct allocation

page read and write

4D94000

direct allocation

page read and write

11BA000

heap

page read and write

127C000

heap

page read and write

5A10000

direct allocation

page read and write

127C000

heap

page read and write

3350000

heap

page read and write

4D94000

direct allocation

page read and write

1D7E000

stack

page read and write

127C000

heap

page read and write

325F000

heap

page read and write

4DB8000

direct allocation

page read and write

5A10000

direct allocation

page read and write

56DC000

stack

page read and write

127C000

heap

page read and write

2D1B000

stack

page read and write

1282000

heap

page read and write

127C000

heap

page read and write

575E000

stack

page read and write

2CB0000

heap

page read and write

4D94000

direct allocation

page read and write

4E18000

direct allocation

page read and write

328E000

heap

page read and write

5CB8000

direct allocation

page read and write

3000000

heap

page read and write

11C2000

heap

page read and write

127C000

heap

page read and write

5B50000

direct allocation

page read and write

4D94000

direct allocation

page read and write

11D3000

heap

page read and write

3246000

heap

page read and write

325B000

heap

page read and write

F4E000

stack

page read and write

42C000

unkown

page readonly

127C000

heap

page read and write

6F64000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

3A40000

direct allocation

page read and write

DEF000

stack

page read and write

5D30000

direct allocation

page read and write

197D000

stack

page read and write

4DB4000

direct allocation

page read and write

127C000

heap

page read and write

5B10000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

32FD000

stack

page read and write

127C000

heap

page read and write

3A40000

direct allocation

page read and write

3284000

heap

page read and write

324F000

heap

page read and write

127C000

heap

page read and write

1120000

heap

page read and write

127C000

heap

page read and write

3BDE000

direct allocation

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

521E000

stack

page read and write

127C000

heap

page read and write

38A0000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

35CE000

stack

page read and write

2FED000

stack

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

4D98000

direct allocation

page read and write

6F7C000

direct allocation

page read and write

3212000

heap

page read and write

1253000

heap

page read and write

38A0000

direct allocation

page read and write

1253000

heap

page read and write

5A10000

direct allocation

page read and write

1253000

heap

page read and write

1154000

heap

page read and write

4DA0000

direct allocation

page read and write

127C000

heap

page read and write

127C000

heap

page read and write

3BDE000

direct allocation

page read and write

3B6D000

direct allocation

page read and write

1282000

heap

page read and write

DCF000

stack

page read and write

3BDE000

direct allocation

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

44C000

unkown

page readonly

1253000

heap

page read and write

1253000

heap

page read and write

59CE000

stack

page read and write

2D0A000

stack

page read and write

3280000

heap

page read and write

5C60000

direct allocation

page read and write

5C50000

direct allocation

page read and write

1263000

heap

page read and write

3268000

heap

page read and write

127C000

heap

page read and write

5C60000

direct allocation

page read and write

127C000

heap

page read and write

39C3000

direct allocation

page read and write

3B69000

direct allocation

page read and write

3600000

heap

page read and write

7D0000

heap

page read and write

35CE000

stack

page read and write

4DA8000

direct allocation

page read and write

327F000

heap

page read and write

2DFD000

stack

page read and write

3A40000

direct allocation

page read and write

3265000

heap

page read and write

F0E000

stack

page read and write

7100000

direct allocation

page read and write

1253000

heap

page read and write

412000

unkown

page readonly

3002000

heap

page read and write

327F000

heap

page read and write

5A20000

direct allocation

page read and write

55DD000

stack

page read and write

127C000

heap

page read and write

4DCC000

direct allocation

page read and write

1253000

heap

page read and write

2D50000

heap

page read and write

127C000

heap

page read and write

11D3000

heap

page read and write

5DB0000

direct allocation

page read and write

4D94000

direct allocation

page read and write

3267000

heap

page read and write

4D9C000

direct allocation

page read and write

900000

heap

page read and write

1253000

heap

page read and write

5A10000

direct allocation

page read and write

11E9000

heap

page read and write

1253000

heap

page read and write

3264000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

585F000

stack

page read and write

1253000

heap

page read and write

1150000

heap

page read and write

1253000

heap

page read and write

1282000

heap

page read and write

3B69000

direct allocation

page read and write

4D94000

direct allocation

page read and write

4DB0000

direct allocation

page read and write

11B2000

heap

page read and write

2D77000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

39C3000

direct allocation

page read and write

3470000

heap

page read and write

559E000

stack

page read and write

11E9000

heap

page read and write

765C000

stack

page read and write

2DB0000

heap

page readonly

5B00000

direct allocation

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

127C000

heap

page read and write

3231000

heap

page read and write

327F000

heap

page read and write

1253000

heap

page read and write

4D94000

direct allocation

page read and write

1253000

heap

page read and write

32BF000

heap

page read and write

3A40000

direct allocation

page read and write

3296000

heap

page read and write

4DF0000

direct allocation

page read and write

127C000

heap

page read and write

4D80000

heap

page read and write

1263000

heap

page read and write

2CDB000

stack

page read and write

1253000

heap

page read and write

360B000

heap

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

7A0000

heap

page read and write

66D4000

direct allocation

page read and write

1253000

heap

page read and write

327F000

heap

page read and write

1253000

heap

page read and write

5DB0000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

420000

unkown

page write copy

1253000

heap

page read and write

127C000

heap

page read and write

4DA4000

direct allocation

page read and write

327F000

heap

page read and write

127C000

heap

page read and write

3271000

heap

page read and write

11D1000

heap

page read and write

5B10000

direct allocation

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

720E000

direct allocation

page read and write

990000

heap

page read and write

346E000

unkown

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

127C000

heap

page read and write

5AC0000

direct allocation

page read and write

3244000

heap

page read and write

7080000

heap

page read and write

4D94000

direct allocation

page read and write

5CB0000

direct allocation

page read and write

127C000

heap

page read and write

44C000

unkown

page readonly

5D94000

direct allocation

page read and write

39C3000

direct allocation

page read and write

4D9C000

direct allocation

page read and write

1253000

heap

page read and write

531E000

stack

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

3280000

heap

page read and write

3286000

heap

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

41C000

unkown

page write copy

1253000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

327F000

heap

page read and write

1253000

heap

page read and write

5A10000

direct allocation

page read and write

1253000

heap

page read and write

7300000

trusted library allocation

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

127C000

heap

page read and write

1253000

heap

page read and write

438000

unkown

page readonly

327F000

heap

page read and write

DDB000

stack

page read and write

3200000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

3BDE000

direct allocation

page read and write

3621000

heap

page read and write

3A40000

direct allocation

page read and write

1253000

heap

page read and write

4E68000

direct allocation

page read and write

1253000

heap

page read and write

3013000

heap

page read and write

2D70000

heap

page read and write

3B69000

direct allocation

page read and write

3B69000

direct allocation

page read and write

127C000

heap

page read and write

4D94000

direct allocation

page read and write

358F000

unkown

page read and write

4E68000

direct allocation

page read and write

1253000

heap

page read and write

7200000

direct allocation

page read and write

4D94000

direct allocation

page read and write

5C50000

direct allocation

page read and write

1253000

heap

page read and write

424000

unkown

page readonly

545F000

stack

page read and write

3280000

heap

page read and write

4D94000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

1180000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

7401000

heap

page read and write

FF0000

heap

page read and write

3EC000

unkown

page readonly

127C000

heap

page read and write

5E28000

direct allocation

page read and write

39C3000

direct allocation

page read and write

5A10000

direct allocation

page read and write

123D000

heap

page read and write

1253000

heap

page read and write

11B3000

heap

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

11EA000

heap

page read and write

1253000

heap

page read and write

11E9000

heap

page read and write

3312000

heap

page read and write

4E20000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

4D9C000

direct allocation

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

7212000

direct allocation

page read and write

1253000

heap

page read and write

41C000

unkown

page read and write

5B90000

direct allocation

page read and write

11C2000

heap

page read and write

42C000

unkown

page readonly

76A000

stack

page read and write

8FF000

stack

page read and write

5D40000

direct allocation

page read and write

1253000

heap

page read and write

5E50000

direct allocation

page read and write

11E9000

heap

page read and write

3623000

heap

page read and write

535E000

stack

page read and write

6FC000

stack

page read and write

3301000

heap

page read and write

549D000

stack

page read and write

1253000

heap

page read and write

1253000

heap

page read and write

4D94000

direct allocation

page read and write

There are 434 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
4QihT6CwD8.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report4QihT6CwD8.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
4QihT6CwD8.exe