Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\N2Qncau2rN.exe

"C:\Users\user\Desktop\N2Qncau2rN.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6404
Target ID:	0
Parent PID:	3504
Name:	N2Qncau2rN.exe
Path:	C:\Users\user\Desktop\N2Qncau2rN.exe
Commandline:	"C:\Users\user\Desktop\N2Qncau2rN.exe"
Size:	1401699
MD5:	47D011CED9BD433871F605C662C06B55
Time:	09:32:59
Date:	08/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	741376
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\N2Qncau2rN.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6828
Target ID:	2
Parent PID:	6404
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\N2Qncau2rN.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	09:33:00
Date:	08/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x110000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe

"C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7152
Target ID:	3
Parent PID:	6828
Name:	auuGcaPMTDojV.exe
Path:	C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
Commandline:	"C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	09:33:14
Date:	08/10/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xa00000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\RpcPing.exe

"C:\Windows\SysWOW64\RpcPing.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4080
Target ID:	5
Parent PID:	7152
Name:	RpcPing.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\RpcPing.exe
Commandline:	"C:\Windows\SysWOW64\RpcPing.exe"
Size:	26624
MD5:	F7DD5764D96A988F0CF9DD4813751473
Time:	09:33:17
Date:	08/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x5d0000
Modulesize:	40960
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe

"C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1432
Target ID:	8
Parent PID:	4080
Name:	auuGcaPMTDojV.exe
Path:	C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe
Commandline:	"C:\Program Files (x86)\xBbXuaowsrbzEUmmJxCknSytRFWIpGxALalWIlZxd\auuGcaPMTDojV.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	09:33:30
Date:	08/10/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xa00000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6424
Target ID:	10
Parent PID:	4080
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	09:33:42
Date:	08/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff73feb0000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.shanhaiguan.net/b6g5/

156.242.132.82

http://www.palcoconnector.net/bnrz/

208.91.197.27

http://www.wajf.net/eoqq/

3.91.127.116

http://www.shanhaiguan.net/b6g5/?tpTd=a8QqMioE13Jt2iPiOClkfJLiI6soJM7xy7KAtya8ruOCNgqe2jC0xyltzPPw7ePD7gDMaG5P8Bx9i7otBFrSmSNv5WmdoflN7m2YOZj8dE3cyj5SIw==&WX=rnWllP5PLlhLLtj

156.242.132.82

http://www.falconclub.online/sld7/?tpTd=/serfU6kaxhlkkJx8dOr0qlSRXA+6La0KEB68G6jbYfyT6z2zvVJBFhkOYA104kn6FRHm7lAc7gn2TRu9DlziYvx9tC/5P1WJl131MkdoxRdpo/lsw==&WX=rnWllP5PLlhLLtj

74.208.236.25

http://www.doggieradio.net/szy7/?tpTd=K8R7SnSfb7dli3eXRAD3SnntsVSSj1ZCjsRlCzIsDWJUxclcgzVYTq7f6N7/UKjTBpPX3WVoPH/v0tj5Dmk2jiKrkd/jwL9iqNrnd9yIGgMT9MzICA==&WX=rnWllP5PLlhLLtj

3.33.130.190

http://www.palcoconnector.net/bnrz/?tpTd=OQxwzbuOtqgqEYELNcMucZtHnRjB34c8S/VejUlVZtuveUVj7y4E7KtMGd+fy1MLwhM03wpJ8ksC3Umpmq48p+wh68NaozaF8Wex7USlPt5ZhMWe3g==&WX=rnWllP5PLlhLLtj

208.91.197.27

http://www.demovix.xyz/azuc/

199.192.19.19

http://www.promasterev.shop/abrg/

3.33.130.190

http://www.falconclub.online/sld7/

74.208.236.25

http://www.demovix.xyz/azuc/?WX=rnWllP5PLlhLLtj&tpTd=IEG0cbQocDdgsf0hXa+uAMZkMIV+L9dmDWmvXBjU8TDCB1WiaKjeRQjMK7ZBG/72TlyV3qB8EHQj0nSZZfMRzC5BhxJ3N2wZ76F+LQzPhJ8EwwRHzQ==

199.192.19.19

http://www.wajf.net/eoqq/?tpTd=WfaN7QdSX3VNxg1q9fkfNv4hQq9KYwkNivs6k+R5An5RjxagqDfSiLpQ7QxvwrMnBdqTEtPHhZ8GpglWyWgxMX7+0Hc5PxIPKPsdiKxnaB1g3ZY6yQ==&WX=rnWllP5PLlhLLtj

3.91.127.116

http://www.promasterev.shop/abrg/?WX=rnWllP5PLlhLLtj&tpTd=GnAJmiRPPiyH2TmfuBVnsZoXdGf0FUPFySgQhtVOM4GwnDq9Dnvh9ePCWYtJxLLAU+yG0d2c2V85YMiF3u+CH4Whw+Z8K8Lme5ABmnpnJdsWz6g8ww==

3.33.130.190

http://www.animekuid.xyz/7un9/?tpTd=4XOwgplivDvk/EZOubh+oM7E4qBWP2ACvZmroFPOKBmtqB+PCSuAHgoGD1T4VUWf5wIO7JPBcjeVh4zPUWd0ua1JHgAe3g4A1TGkBV6DNuNtOYfRKw==&WX=rnWllP5PLlhLLtj

203.175.9.128

http://www.drivedoge.website/c6cw/?WX=rnWllP5PLlhLLtj&tpTd=FqG002IG5EdskeSYnMZEmsgm4M8u04DOLE26DOOOZGkEYfdt2aoEMjGd+Okidkvsa7u+peDvqMbFWL8Zvpj7qkQAFbZLww+9EwijpyIUD9D3/88cfw==

195.161.68.8

http://www.doggieradio.net/szy7/

3.33.130.190

http://www.animekuid.xyz/7un9/

203.175.9.128

http://www.childlesscatlady.today/itly/?tpTd=tsSBdLA6gv84Y8GcYug/jDCyCw8YLYxClZSiOA0GXKnW8CsuEbQ9YFwfaGPSJlWcPZlV2TdpOPQww8tdSTouVEB2Caqu0WVs/8KUUJONnONwfAEA0g==&WX=rnWllP5PLlhLLtj

3.33.130.190

http://www.es-lidl.online/n2dv/?tpTd=bOYvUT8qr4FCBQL4q+W2EOsk7MURICY42o+fYfsEfk4vvxNQfURJ5XqGAnjP2wivb2XfCAEuS6lNjanH3pgkh9rgu/pEJ/+PKIa4gq6/Dbg2n2byoA==&WX=rnWllP5PLlhLLtj

84.32.84.32

http://www.multileveltravel.world/hfue/?WX=rnWllP5PLlhLLtj&tpTd=GzF3o7eza1dU4F476cHHeral/cYJG+FCwgJMIz0HPlfrSCMBDVuQfjGNmxBd7moVrhCGY2hY7MCgK+MnekgstTp0z3ZjcP9rk68ek43BHqQDCfcAeg==

3.33.130.190

http://www.childlesscatlady.today/itly/

3.33.130.190

http://www.torex33.online/hd7m/?tpTd=sLbEVsfW73VtVB0Jvj7gC+ceEVX4meQWoUuArYo60q3nO/kAxb5tEPXYoxmPYHkEXIEIOfWFMW/cSWDV+KoY2jgQgwLtxzjq6i8n+9HhH6xOpB1tMw==&WX=rnWllP5PLlhLLtj

194.58.112.174

http://www.es-lidl.online/n2dv/

84.32.84.32

http://www.drivedoge.website/c6cw/

195.161.68.8

http://www.torex33.online/hd7m/

194.58.112.174

https://duckduckgo.com/chrome_newtab

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix

unknown

https://dts.gnpge.com

unknown

https://duckduckgo.com/ac/?q=

unknown

https://reg.ru

unknown

http://i1.cdn-image.com/__media__/pics/29590/bg1.png)

unknown

http://www.palcoconnector.net/Wire_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39Ji

unknown

http://www.palcoconnector.net/__media__/js/trademark.php?d=palcoconnector.net&type=ns

unknown

https://cdn.consentmanager.net

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2

unknown

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://www.palcoconnector.net/Ntsc_Pal_Adapter.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39J

unknown

https://www.reg.ru/web-sites/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_c

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular

unknown

http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot

unknown

https://www.reg.ru/domain/new/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.net

unknown

https://www.reg.ru/dedicated/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_s

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf

unknown

http://i1.cdn-image.com/__media__/pics/28903/search.png)

unknown

https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold

unknown

http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)

unknown

https://www.reg.ru/web-sites/website-builder/?utm_source=www.torex33.online&utm_medium=parking&utm_c

unknown

https://delivery.consentmanager.net

unknown

http://www.palcoconnector.net/Cable_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39J

unknown

http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg

unknown

https://jino.ru

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://www.palcoconnector.net/Pal_TV.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39JiqpfnJPBMT

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot

unknown

https://www.reg.ru/hosting/?utm_source=www.torex33.online&utm_medium=parking&utm_campaign=s_land_hos

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://animekuid.xyz/7un9/?tpTd=4XOwgplivDvk/EZOubh

unknown

https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-

unknown

https://www.ecosia.org/newtab/

unknown

https://parking.reg.ru/script/get_domain_data?domain_name=www.torex33.online&rand=

unknown

http://www.Palcoconnector.net

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2

unknown

https://www.reg.ru/whois/?check=&dname=www.torex33.online&reg_source=parking_auto

unknown

http://www.palcoconnector.net/RCA_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAN39Jiq

unknown

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf

unknown

http://www.torex33.online

unknown

http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://i1.cdn-image.com/__media__/js/min.js?v2.3

unknown

There are 70 hidden URLs, click here to show them.

Domains

Name

Malicious

www.palcoconnector.net

208.91.197.27

www.broomeorchard.xyz

15.197.204.56

promasterev.shop

3.33.130.190

wcq24.top

154.23.184.240

es-lidl.online

84.32.84.32

www.drivedoge.website

195.161.68.8

www.demovix.xyz

199.192.19.19

animekuid.xyz

203.175.9.128

cdl-lb-1356093980.us-east-1.elb.amazonaws.com

3.91.127.116

doggieradio.net

3.33.130.190

www.torex33.online

194.58.112.174

childlesscatlady.today

3.33.130.190

www.falconclub.online

74.208.236.25

www.shanhaiguan.net

156.242.132.82

multileveltravel.world

3.33.130.190

www.es-lidl.online

unknown

www.animekuid.xyz

unknown

www.mtcep.org

unknown

www.doggieradio.net

unknown

www.wcq24.top

unknown

www.multileveltravel.world

unknown

www.childlesscatlady.today

unknown

206.23.85.13.in-addr.arpa

unknown

www.wajf.net

unknown

www.promasterev.shop

unknown

There are 15 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

156.242.132.82

www.shanhaiguan.net

Seychelles

3.91.127.116

cdl-lb-1356093980.us-east-1.elb.amazonaws.com

United States

208.91.197.27

www.palcoconnector.net

Virgin Islands (BRITISH)

84.32.84.32

es-lidl.online

Lithuania

74.208.236.25

www.falconclub.online

United States

195.161.68.8

www.drivedoge.website

Russian Federation

194.58.112.174

www.torex33.online

Russian Federation

3.33.130.190

promasterev.shop

United States

199.192.19.19

www.demovix.xyz

United States

203.175.9.128

animekuid.xyz

Indonesia

Memdumps

Base Address

Regiontype

Protect

Malicious

29B0000

trusted library allocation

page read and write

4BC0000

unkown

page execute and read and write

32D0000

unclassified section

page execute and read and write

400000

system

page execute and read and write

4F90000

system

page execute and read and write

470000

system

page execute and read and write

2730000

trusted library allocation

page read and write

6200000

unclassified section

page execute and read and write

28B1000

heap

page read and write

3FA0000

heap

page read and write

28B1000

heap

page read and write

150000

unkown

page readonly

28B1000

heap

page read and write

76E3000

heap

page read and write

28B1000

heap

page read and write

47B9000

direct allocation

page read and write

B67000

heap

page read and write

285C000

heap

page read and write

22D0000

unkown

page readonly

28B1000

heap

page read and write

4690000

direct allocation

page read and write

28B1000

heap

page read and write

2494EF00000

trusted library allocation

page read and write

406E000

heap

page read and write

28B1000

heap

page read and write

2A00000

trusted library allocation

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

260E000

stack

page read and write

7691000

heap

page read and write

28B1000

heap

page read and write

37D6000

unclassified section

page read and write

960000

heap

page read and write

28B1000

heap

page read and write

A0E000

unkown

page readonly

2A3C000

stack

page read and write

7740000

trusted library allocation

page read and write

981000

unkown

page read and write

28B1000

heap

page read and write

36D1000

direct allocation

page execute and read and write

2856000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

2C13000

heap

page read and write

2494F1A6000

trusted library allocation

page read and write

8FE99FE000

stack

page read and write

4DC1000

unkown

page execute and read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

3CA0000

heap

page read and write

28B1000

heap

page read and write

7FC000

stack

page read and write

76A2000

heap

page read and write

DC1000

unkown

page readonly

2494F000000

trusted library allocation

page read and write

8AF000

stack

page read and write

2C13000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

438000

stack

page read and write

53E000

stack

page read and write

47BD000

direct allocation

page read and write

28B1000

heap

page read and write

4AB000

unkown

page readonly

491000

unkown

page write copy

3F0F000

heap

page read and write

28B1000

heap

page read and write

2494D559000

heap

page read and write

28B1000

heap

page read and write

4690000

direct allocation

page read and write

2E05000

heap

page read and write

3000000

direct allocation

page read and write

2942000

unkown

page read and write

28B1000

heap

page read and write

4AAE000

unclassified section

page read and write

22D0000

unkown

page readonly

2E05000

heap

page read and write

5C0000

heap

page read and write

A31000

heap

page read and write

2C13000

heap

page read and write

7EA000

unkown

page read and write

27CB000

heap

page read and write

63E000

stack

page read and write

670000

heap

page read and write

ADE000

stack

page read and write

4613000

direct allocation

page read and write

3644000

unclassified section

page read and write

2842000

heap

page read and write

670000

unkown

page readonly

28B1000

heap

page read and write

2494F1C4000

trusted library allocation

page read and write

3EF8000

unkown

page read and write

D2B2000

system

page read and write

2889000

heap

page read and write

2835000

heap

page read and write

904000

heap

page read and write

28B1000

heap

page read and write

2790000

unkown

page readonly

28B1000

heap

page read and write

28B1000

heap

page read and write

3ED9000

heap

page read and write

2C13000

heap

page read and write

28B1000

heap

page read and write

2D5D000

direct allocation

page execute and read and write

2620000

unkown

page read and write

28B1000

heap

page read and write

76B6000

heap

page read and write

766B000

heap

page read and write

401000

unkown

page execute read

2E17000

heap

page read and write

28B1000

heap

page read and write

332D000

heap

page read and write

28B1000

heap

page read and write

A0A000

heap

page read and write

28B1000

heap

page read and write

2610000

unkown

page read and write

28B1000

heap

page read and write

286A000

heap

page read and write

478A000

unclassified section

page read and write

6FA000

stack

page read and write

1F0000

unkown

page readonly

2C13000

heap

page read and write

28B1000

heap

page read and write

2EFD000

direct allocation

page execute and read and write

4690000

direct allocation

page read and write

2863000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

A17000

unkown

page readonly

9B0000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

4613000

direct allocation

page read and write

5C4000

heap

page read and write

27B0000

heap

page read and write

28B1000

heap

page read and write

A17000

unkown

page readonly

2835000

heap

page read and write

140000

unkown

page readonly

3EFC000

heap

page read and write

491C000

unclassified section

page read and write

28B1000

heap

page read and write

7660000

heap

page read and write

2876000

heap

page read and write

482E000

direct allocation

page read and write

2818000

heap

page read and write

764E000

heap

page read and write

8FE000

stack

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

35BE000

stack

page read and write

27CB000

heap

page read and write

140000

unkown

page readonly

690000

unkown

page readonly

76DD000

heap

page read and write

28B1000

heap

page read and write

2494D550000

heap

page read and write

28B1000

heap

page read and write

2494D57C000

heap

page read and write

2C13000

heap

page read and write

28B1000

heap

page read and write

2494F014000

trusted library allocation

page read and write

303E000

stack

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

502C000

system

page execute and read and write

500D000

system

page execute and read and write

76B8000

heap

page read and write

76BE000

heap

page read and write

900000

heap

page read and write

4D4F000

unkown

page execute and read and write

33FA000

unkown

page read and write

47BD000

direct allocation

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

D3CC000

system

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

A15000

unkown

page read and write

47BD000

direct allocation

page read and write

3280000

direct allocation

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

3123000

heap

page read and write

AE0000

unkown

page read and write

317E000

stack

page read and write

40BF000

heap

page read and write

E30000

unkown

page readonly

28B1000

heap

page read and write

28B1000

heap

page read and write

AF1000

unkown

page readonly

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

27CB000

heap

page read and write

640000

unkown

page read and write

904000

heap

page read and write

5E9E000

stack

page read and write

76CB000

heap

page read and write

3A00000

unclassified section

page execute and read and write

28B1000

heap

page read and write

B30000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

2DDE000

stack

page read and write

28B1000

heap

page read and write

115000

heap

page read and write

40E0000

heap

page read and write

40DC000

heap

page execute and read and write

5BE0000

trusted library allocation

page read and write

A00000

unkown

page readonly

2494D583000

heap

page read and write

4F0000

heap

page read and write

28B1000

heap

page read and write

2850000

heap

page read and write

2B5C000

unkown

page read and write

28B1000

heap

page read and write

A17000

unkown

page readonly

28B1000

heap

page read and write

76CF000

heap

page read and write

3400000

direct allocation

page execute and read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

3FB0000

unclassified section

page read and write

4024000

heap

page read and write

28B1000

heap

page read and write

2A80000

trusted library allocation

page read and write

28B1000

heap

page read and write

680000

unkown

page readonly

28B1000

heap

page read and write

28B1000

heap

page read and write

2E17000

heap

page read and write

2C23000

heap

page read and write

28B1000

heap

page read and write

2DCE000

direct allocation

page execute and read and write

2865000

heap

page read and write

76C5000

heap

page read and write

7A30000

heap

page read and write

A15000

unkown

page read and write

2BAE000

heap

page read and write

28B1000

heap

page read and write

B40000

unkown

page readonly

28B1000

heap

page read and write

4E00000

unclassified section

page execute and read and write

2B5C000

unkown

page read and write

A70000

unkown

page readonly

2A00000

trusted library allocation

page read and write

A0E000

unkown

page readonly

339E000

heap

page read and write

766D000

heap

page read and write

28B1000

heap

page read and write

DC1000

unkown

page readonly

ADE000

stack

page read and write

28B1000

heap

page read and write

A01000

unkown

page execute read

28B1000

heap

page read and write

5080000

system

page execute and read and write

28B1000

heap

page read and write

2C13000

heap

page read and write

3529000

direct allocation

page execute and read and write

28B1000

heap

page read and write

2BE0000

heap

page read and write

93E000

stack

page read and write

2494D581000

heap

page read and write

A3D000

heap

page read and write

4690000

direct allocation

page read and write

47B9000

direct allocation

page read and write

77F0000

trusted library allocation

page read and write

2889000

heap

page read and write

2860000

heap

page read and write

15FF000

stack

page read and write

2E12000

heap

page read and write

2730000

trusted library allocation

page read and write

A3D000

heap

page read and write

500000

unkown

page readonly

28B1000

heap

page read and write

400000

unkown

page readonly

371E000

unkown

page read and write

100000

heap

page read and write

28B1000

heap

page read and write

2610000

unkown

page read and write

4092000

heap

page read and write

A00000

unkown

page readonly

32D0000

direct allocation

page read and write

660000

unkown

page read and write

47BD000

direct allocation

page read and write

32D0000

direct allocation

page read and write

288F000

heap

page read and write

482000

unkown

page readonly

28B1000

heap

page read and write

7666000

heap

page read and write

2494F011000

trusted library allocation

page read and write

766F000

heap

page read and write

5C4000

heap

page read and write

2494F00F000

trusted library allocation

page read and write

2494F100000

trusted library allocation

page read and write

2494D38A000

system

page execute and read and write

9A000

stack

page read and write

28B1000

heap

page read and write

51FC000

unkown

page read and write

28B1000

heap

page read and write

2A85000

heap

page read and write

299C000

unkown

page read and write

4400000

unclassified section

page execute and read and write

A01000

unkown

page execute read

327F000

stack

page read and write

5002000

system

page execute and read and write

28B0000

heap

page read and write

7757000

heap

page read and write

44F0000

direct allocation

page read and write

421C000

unkown

page read and write

2D59000

direct allocation

page execute and read and write

7656000

heap

page read and write

A90000

heap

page read and write

28B1000

heap

page read and write

4AB000

unkown

page readonly

313F000

stack

page read and write

43AE000

unkown

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

2850000

heap

page read and write

900000

heap

page read and write

2680000

heap

page read and write

282C000

heap

page read and write

27CB000

heap

page read and write

325C000

unclassified section

page read and write

358C000

unkown

page read and write

28B1000

heap

page read and write

2C13000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

27D1000

heap

page read and write

2494D420000

heap

page read and write

2F82000

unclassified section

page read and write

28B1000

heap

page read and write

76D5000

heap

page read and write

3042000

unclassified section

page read and write

2C13000

heap

page read and write

28B1000

heap

page read and write

40EC000

heap

page read and write

28B1000

heap

page read and write

32D0000

direct allocation

page read and write

B20000

heap

page read and write

2F72000

direct allocation

page execute and read and write

4FC000

stack

page read and write

A80000

unkown

page readonly

7E3F000

stack

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

77F000

stack

page read and write

22CF000

stack

page read and write

4690000

direct allocation

page read and write

2865000

heap

page read and write

5029000

system

page execute and read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

B30000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

790000

unkown

page readonly

45F8000

unclassified section

page read and write

670000

unkown

page readonly

A34000

heap

page read and write

28B1000

heap

page read and write

2C02000

heap

page read and write

44F0000

direct allocation

page read and write

3EF5000

heap

page read and write

2C13000

heap

page read and write

638F000

unclassified section

page execute and read and write

28B1000

heap

page read and write

B7F000

heap

page read and write

4613000

direct allocation

page read and write

28B1000

heap

page read and write

2AB0000

heap

page read and write

2A7B000

stack

page read and write

769C000

heap

page read and write

28B1000

heap

page read and write

2C13000

heap

page read and write

2494D38C000

system

page execute and read and write

28B1000

heap

page read and write

670000

heap

page read and write

8B4000

stack

page read and write

44F0000

direct allocation

page read and write

281B000

heap

page read and write

28B1000

heap

page read and write

27D1000

heap

page read and write

3F72000

heap

page read and write

B60000

heap

page read and write

76CB000

heap

page read and write

28B1000

heap

page read and write

2821000

heap

page read and write

2E70000

heap

page read and write

3EC8000

heap

page read and write

2494F101000

trusted library allocation

page read and write

2494D510000

heap

page read and write

7C7000

heap

page read and write

500000

unkown

page readonly

28B1000

heap

page read and write

A80000

unkown

page readonly

47B9000

direct allocation

page read and write

28B1000

heap

page read and write

2863000

heap

page read and write

7B0000

unkown

page read and write

4613000

direct allocation

page read and write

7C0000

heap

page read and write

27CB000

heap

page read and write

2842000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

27DD000

heap

page read and write

3268000

unkown

page read and write

2494EE10000

trusted library allocation

page read and write

11C1000

unkown

page readonly

28B1000

heap

page read and write

3F4D000

heap

page read and write

1BA000

stack

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

39CC000

heap

page read and write

41C0000

unkown

page execute and read and write

2E1A000

heap

page read and write

2494F1BE000

trusted library allocation

page read and write

2DE0000

heap

page read and write

490000

unkown

page write copy

D58C000

system

page read and write

28B1000

heap

page read and write

2C13000

heap

page read and write

651000

unkown

page readonly

520000

heap

page read and write

40DD000

heap

page read and write

28B1000

heap

page read and write

640000

unkown

page read and write

28B1000

heap

page read and write

4690000

direct allocation

page read and write

7FC000

stack

page read and write

28B1000

heap

page read and write

47B9000

direct allocation

page read and write

36CD000

direct allocation

page execute and read and write

27D5000

heap

page read and write

2899000

heap

page read and write

28B1000

heap

page read and write

11C1000

unkown

page readonly

50FC000

unkown

page read and write

28B1000

heap

page read and write

A60000

unkown

page readonly

76DD000

heap

page read and write

A17000

unkown

page readonly

2680000

heap

page read and write

D372000

system

page read and write

3EB3000

heap

page read and write

3000000

heap

page read and write

28B1000

heap

page read and write

4FC000

stack

page read and write

2494D320000

system

page execute and read and write

28B1000

heap

page read and write

2494F021000

trusted library allocation

page read and write

2494D55F000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

8FE000

stack

page read and write

6FA000

stack

page read and write

27B8000

heap

page read and write

8FE89FB000

stack

page read and write

501D000

system

page execute and read and write

E2F000

stack

page read and write

130000

unkown

page readonly

43A3000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

43AD000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

B67000

heap

page read and write

2E00000

heap

page read and write

7667000

heap

page read and write

3C8C000

unclassified section

page read and write

510000

unkown

page readonly

28B1000

heap

page read and write

9A4000

heap

page read and write

28B1000

heap

page read and write

1FB000

stack

page read and write

2630000

unkown

page read and write

44F0000

direct allocation

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

57F000

stack

page read and write

2856000

heap

page read and write

A0E000

heap

page read and write

2AD0000

heap

page read and write

2E30000

heap

page read and write

2C13000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

A30000

unkown

page readonly

28B1000

heap

page read and write

1F0000

heap

page read and write

482E000

direct allocation

page read and write

28B1000

heap

page read and write

29DF000

heap

page read and write

2790000

unkown

page readonly

7C0000

heap

page read and write

D974000

system

page read and write

278F000

stack

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

3200000

heap

page read and write

3EEF000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

47BD000

direct allocation

page read and write

28B1000

heap

page read and write

A0E000

unkown

page readonly

9B0000

heap

page read and write

3EFF000

heap

page read and write

30D6000

unkown

page read and write

285C000

heap

page read and write

28B1000

heap

page read and write

2830000

heap

page read and write

AE0000

unkown

page read and write

28B1000

heap

page read and write

7B0000

unkown

page read and write

28B1000

heap

page read and write

590000

heap

page read and write

28B1000

heap

page read and write

2893000

heap

page read and write

9A0000

heap

page read and write

2A00000

trusted library allocation

page read and write

940000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

27C2000

heap

page read and write

28B1000

heap

page read and write

490000

unkown

page read and write

3B30000

heap

page read and write

1BA000

stack

page read and write

7DB000

heap

page read and write

286D000

heap

page read and write

28B1000

heap

page read and write

A01000

unkown

page execute read

76DA000

heap

page read and write

28B1000

heap

page read and write

23C0000

unkown

page execute and read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

2494F003000

trusted library allocation

page read and write

28B1000

heap

page read and write

5800000

unclassified section

page execute and read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

680000

unkown

page readonly

76D8000

heap

page read and write

2A70000

heap

page read and write

7697000

heap

page read and write

28BC000

heap

page read and write

B24000

heap

page read and write

43A0000

direct allocation

page read and write

3742000

direct allocation

page execute and read and write

2E75000

heap

page read and write

A70000

unkown

page readonly

27C0000

heap

page read and write

A00000

unkown

page readonly

8FE91FD000

stack

page read and write

2BB2000

heap

page read and write

A15000

unkown

page read and write

28B1000

heap

page read and write

B00000

unkown

page read and write

2C30000

direct allocation

page execute and read and write

A00000

heap

page read and write

A15000

unkown

page read and write

28B1000

heap

page read and write

2494ED30000

heap

page read and write

2882000

unkown

page read and write

3329000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

B24000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

A30000

unkown

page readonly

28B1000

heap

page read and write

482000

unkown

page readonly

28B1000

heap

page read and write

580000

heap

page read and write

28B1000

heap

page read and write

2830000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

1F0000

unkown

page readonly

445A000

heap

page read and write

B35000

heap

page read and write

482E000

direct allocation

page read and write

288F000

heap

page read and write

3F1C000

heap

page read and write

B20000

heap

page read and write

5C4000

heap

page read and write

A0E000

unkown

page readonly

47BD000

direct allocation

page read and write

B40000

unkown

page readonly

3AFA000

unclassified section

page read and write

767A000

heap

page read and write

401000

unkown

page execute read

2821000

heap

page read and write

27C0000

heap

page read and write

28B1000

heap

page read and write

359E000

direct allocation

page execute and read and write

9EE000

stack

page read and write

2F01000

heap

page read and write

2C13000

heap

page read and write

2B30000

trusted library allocation

page execute and read and write

3968000

unclassified section

page read and write

28B1000

heap

page read and write

2C1E000

stack

page read and write

309C000

unclassified section

page read and write

28B1000

heap

page read and write

2893000

heap

page read and write

27CB000

heap

page read and write

3E1E000

unclassified section

page read and write

286D000

heap

page read and write

3F81000

heap

page read and write

47B9000

direct allocation

page read and write

28B1000

heap

page read and write

2C13000

heap

page read and write

790000

unkown

page readonly

3B34000

heap

page read and write

2DC0000

unkown

page execute and read and write

28B1000

heap

page read and write

286A000

heap

page read and write

400000

unkown

page readonly

3DA0000

heap

page read and write

28B1000

heap

page read and write

76D0000

heap

page read and write

28B1000

heap

page read and write

3BE7000

heap

page read and write

28B1000

heap

page read and write

2899000

heap

page read and write

510000

unkown

page readonly

4142000

unclassified section

page read and write

2B00000

heap

page read and write

28B1000

heap

page read and write

39BF000

stack

page read and write

28B1000

heap

page read and write

765B000

heap

page read and write

E30000

unkown

page readonly

4613000

direct allocation

page read and write

7754000

heap

page read and write

37C0000

unkown

page execute and read and write

28B1000

heap

page read and write

7653000

heap

page read and write

B00000

unkown

page read and write

2810000

heap

page read and write

76D4000

heap

page read and write

8FEA1FE000

stack

page read and write

AF1000

unkown

page readonly

2C13000

heap

page read and write

44F0000

direct allocation

page read and write

352D000

direct allocation

page execute and read and write

A90000

heap

page read and write

282C000

heap

page read and write

44F0000

direct allocation

page read and write

2C00000

heap

page read and write

28B1000

heap

page read and write

27C7000

heap

page read and write

150000

unkown

page readonly

3801000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

2F01000

direct allocation

page execute and read and write

E2F000

stack

page read and write

28B1000

heap

page read and write

2494EE00000

heap

page read and write

110000

heap

page read and write

2F44000

unkown

page read and write

27C2000

heap

page read and write

3A42000

unkown

page read and write

408A000

unkown

page read and write

28B1000

heap

page read and write

B60000

heap

page read and write

660000

unkown

page read and write

4613000

direct allocation

page read and write

40ED000

heap

page read and write

11FE000

stack

page read and write

482E000

direct allocation

page read and write

130000

unkown

page readonly

28B1000

heap

page read and write

2876000

heap

page read and write

690000

unkown

page readonly

47B9000

direct allocation

page read and write

7C7000

heap

page read and write

28B1000

heap

page read and write

2494D56C000

heap

page read and write

A00000

unkown

page readonly

A3E000

heap

page read and write

38B0000

unkown

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

7DFE000

stack

page read and write

2860000

heap

page read and write

28B1000

heap

page read and write

482E000

direct allocation

page read and write

28B1000

heap

page read and write

2E2B000

heap

page read and write

A60000

unkown

page readonly

651000

unkown

page readonly

520000

heap

page read and write

28B1000

heap

page read and write

28B1000

heap

page read and write

2494EE10000

trusted library allocation

page read and write

482E000

direct allocation

page read and write

28B1000

heap

page read and write

6401000

unclassified section

page execute and read and write

28B1000

heap

page read and write

A01000

unkown

page execute read

28B1000

heap

page read and write

3F05000

heap

page read and write

492000

unkown

page read and write

4A8000

unkown

page read and write

40DD000

heap

page read and write

2882000

unkown

page read and write

28B1000

heap

page read and write

There are 724 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
N2Qncau2rN.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportN2Qncau2rN.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
N2Qncau2rN.exe