IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\AEGHJKJKKJDHIDHJKJDB
ASCII text, with very long lines (1809), with CRLF line terminators
dropped
C:\ProgramData\ECAKECAEGDHIECBGHIIIIEGHDG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\ECGDBAEHIJKKFHIEGCBGCAFIJJ
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EGIIJDHC
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\HCAAEBKEGHJKEBFHJDBF
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\HDGCFHIDAKECFHIEBFCGIJDBKJ
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\ProgramData\HIIIDAKK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JJKFBAKFBGDHIEBGDAKF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
data
dropped
There are 13 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

URLs

Name
IP
Malicious
http://185.215.113.37/
185.215.113.37
malicious
http://185.215.113.37/e2b1563c6670f193.phpHJKJKKJDHIDHJKJDB
unknown
malicious
http://185.215.113.37/0d60be0de163924d/nss3.dllz
unknown
malicious
http://185.215.113.37/0d60be0de163924d/nss3.dll
185.215.113.37
malicious
http://185.215.113.37
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.php36
unknown
malicious
http://185.215.113.37/0d60be0de163924d/mozglue.dll
185.215.113.37
malicious
http://185.215.113.37/0d60be0de163924d/msvcp140.dll563c6670f193.php5
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.phpCoinomi
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.phpu
unknown
malicious
http://185.215.113.37/0d60be0de163924d/softokn3.dll
185.215.113.37
malicious
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
185.215.113.37
malicious
http://185.215.113.37e2b1563c6670f193.phption:
unknown
malicious
http://185.215.113.37/0d60be0de163924d/msvcp140.dll5
unknown
malicious
http://185.215.113.37/0d60be0de163924d/freebl3.dll
185.215.113.37
malicious
http://185.215.113.37/e2b1563c6670f193.phpser
unknown
malicious
http://185.215.113.37/0d60be0de163924d/freebl3.dllG
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.php
185.215.113.37
malicious
http://185.215.113.37/e2b1563c6670f193.phpi
unknown
malicious
http://185.215.113.37n
unknown
malicious
http://185.215.113.37/0d60be0de163924d/nss3.dll5
unknown
malicious
http://185.215.113.37/0d60be0de163924d/sqlite3.dll
185.215.113.37
malicious
http://185.215.113.37/0d60be0de163924d/softokn3.dllq~
unknown
malicious
http://185.215.113.37/0d60be0de163924d/sqlite3.dllg
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.phpus.wallet
unknown
malicious
http://185.215.113.37/0d60be0de163924d/sqlite3.dllc
unknown
malicious
http://185.215.113.37/0d60be0de163924d/msvcp140.dll
185.215.113.37
malicious
http://185.215.113.37/e2b1563c6670f193.phpE
unknown
malicious
http://185.215.113.37/0d60be0de163924d/freebl3.dllm
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.phpG
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.php-
unknown
malicious
http://185.215.113.37/0d60be0de163924d/nss3.dllS
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.phpem
unknown
malicious
http://185.215.113.37/0d60be0de163924d/softokn3.dllK~
unknown
malicious
http://185.215.113.37/0d60be0de163924d/sqlite3.dllq
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.php3
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.php9
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.phpFirefox
unknown
malicious
http://185.215.113.37/e2b1563c6670f193.php)
unknown
malicious
https://duckduckgo.com/chrome_newtab
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
unknown
https://duckduckgo.com/ac/?q=
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
unknown
http://www.sqlite.org/copyright.html.
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
unknown
https://www.ecosia.org/newtab/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
https://support.mozilla.org
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
There are 57 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.37
unknown
Portugal
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
1001000
unkown
page execute and read and write
malicious
5700000
direct allocation
page read and write
malicious
184E000
heap
page read and write
malicious
3537000
heap
page read and write
1DD64000
heap
page read and write
1DD46000
heap
page read and write
349C000
stack
page read and write
5271000
heap
page read and write
2A170000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
3ABE000
stack
page read and write
1C6E000
stack
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
5260000
direct allocation
page read and write
4E7F000
stack
page read and write
5260000
direct allocation
page read and write
5271000
heap
page read and write
1DD50000
heap
page read and write
5850000
direct allocation
page execute and read and write
4D3F000
stack
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
DCC000
stack
page read and write
4EBE000
stack
page read and write
1088000
unkown
page execute and read and write
5271000
heap
page read and write
14BC000
unkown
page execute and read and write
4D7E000
stack
page read and write
10EF000
unkown
page execute and read and write
1DD68000
heap
page read and write
1DD36000
heap
page read and write
1DD6C000
heap
page read and write
1DD4E000
heap
page read and write
40BF000
stack
page read and write
1DD5C000
heap
page read and write
40FE000
stack
page read and write
1798000
stack
page read and write
483F000
stack
page read and write
5260000
direct allocation
page read and write
6F8FE000
unkown
page read and write
1001000
unkown
page execute and write copy
1DD50000
heap
page read and write
5260000
direct allocation
page read and write
58B0000
direct allocation
page execute and read and write
5280000
heap
page read and write
5271000
heap
page read and write
49BE000
stack
page read and write
573C000
stack
page read and write
1DD50000
heap
page read and write
29D80000
heap
page read and write
1DB7C000
stack
page read and write
1DD57000
heap
page read and write
1DD4D000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
1DD6C000
heap
page read and write
4BFF000
stack
page read and write
1DD6C000
heap
page read and write
1D8CE000
stack
page read and write
1DD36000
heap
page read and write
5271000
heap
page read and write
1DD45000
heap
page read and write
1DD45000
heap
page read and write
4FFE000
stack
page read and write
353B000
heap
page read and write
5271000
heap
page read and write
1DD53000
heap
page read and write
1DD36000
heap
page read and write
5271000
heap
page read and write
18A7000
heap
page read and write
1DD64000
heap
page read and write
1DD69000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
6C85F000
unkown
page write copy
3520000
heap
page read and write
1DD5C000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
5260000
direct allocation
page read and write
108F000
unkown
page execute and read and write
1DD42000
heap
page read and write
437E000
stack
page read and write
1DD38000
heap
page read and write
1DD4C000
heap
page read and write
1DD4B000
heap
page read and write
2A168000
heap
page read and write
5271000
heap
page read and write
110F000
unkown
page execute and read and write
5271000
heap
page read and write
11C5000
unkown
page execute and read and write
5271000
heap
page read and write
3E7E000
stack
page read and write
1DD69000
heap
page read and write
1DD45000
heap
page read and write
588E000
stack
page read and write
1DD50000
heap
page read and write
1DD47000
heap
page read and write
6C865000
unkown
page readonly
487E000
stack
page read and write
5260000
direct allocation
page read and write
5271000
heap
page read and write
383F000
stack
page read and write
513E000
stack
page read and write
61E00000
direct allocation
page execute and read and write
1DD45000
heap
page read and write
1DBBE000
stack
page read and write
5271000
heap
page read and write
1DD48000
heap
page read and write
1DD6C000
heap
page read and write
1DD66000
heap
page read and write
5271000
heap
page read and write
3530000
heap
page read and write
6F871000
unkown
page execute read
1DE49000
heap
page read and write
1DD35000
heap
page read and write
1DD4C000
heap
page read and write
14DF000
unkown
page execute and read and write
14E8000
unkown
page execute and read and write
5880000
direct allocation
page execute and read and write
5880000
direct allocation
page execute and read and write
1DD68000
heap
page read and write
4ABF000
stack
page read and write
6C81F000
unkown
page readonly
1DD50000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
353E000
heap
page read and write
1DD45000
heap
page read and write
1DD65000
heap
page read and write
183E000
stack
page read and write
6F8ED000
unkown
page readonly
5271000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
125E000
unkown
page execute and read and write
1DD50000
heap
page read and write
5271000
heap
page read and write
1DD6C000
heap
page read and write
5260000
direct allocation
page read and write
1DD4D000
heap
page read and write
5260000
direct allocation
page read and write
5270000
heap
page read and write
423E000
stack
page read and write
5260000
direct allocation
page read and write
5271000
heap
page read and write
1DD45000
heap
page read and write
447F000
stack
page read and write
1092000
unkown
page execute and read and write
3D3E000
stack
page read and write
5271000
heap
page read and write
1B6E000
stack
page read and write
5890000
direct allocation
page execute and read and write
111B000
unkown
page execute and read and write
168E000
unkown
page execute and write copy
5271000
heap
page read and write
2A0CF000
stack
page read and write
2A171000
heap
page read and write
34DE000
stack
page read and write
1DD4D000
heap
page read and write
1893000
heap
page read and write
17C0000
heap
page read and write
523F000
stack
page read and write
61ECD000
direct allocation
page readonly
5271000
heap
page read and write
1DA7E000
stack
page read and write
1990000
heap
page read and write
1DD56000
heap
page read and write
1DD5D000
heap
page read and write
1DD50000
heap
page read and write
1792000
stack
page read and write
29D20000
heap
page read and write
1DD50000
heap
page read and write
473E000
stack
page read and write
17D0000
heap
page read and write
1DD2B000
heap
page read and write
1DD4C000
heap
page read and write
6C680000
unkown
page readonly
10B1000
unkown
page execute and read and write
61EB7000
direct allocation
page readonly
1DD69000
heap
page read and write
3E3F000
stack
page read and write
1000000
unkown
page readonly
29D40000
heap
page read and write
363F000
stack
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
41FF000
stack
page read and write
1DD5E000
heap
page read and write
1DD50000
heap
page read and write
1000000
unkown
page read and write
3FBE000
stack
page read and write
1DD68000
heap
page read and write
1DD68000
heap
page read and write
1DD50000
heap
page read and write
2A0D0000
trusted library allocation
page read and write
433F000
stack
page read and write
5271000
heap
page read and write
2A169000
heap
page read and write
56B0000
trusted library allocation
page read and write
5271000
heap
page read and write
29D60000
heap
page read and write
5700000
direct allocation
page read and write
18C1000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
61E01000
direct allocation
page execute read
4FBF000
stack
page read and write
5271000
heap
page read and write
14F6000
unkown
page execute and write copy
1DD66000
heap
page read and write
1DD65000
heap
page read and write
5260000
direct allocation
page read and write
497F000
stack
page read and write
1D64F000
stack
page read and write
1896000
heap
page read and write
5290000
heap
page read and write
5271000
heap
page read and write
5260000
direct allocation
page read and write
197D000
stack
page read and write
6C860000
unkown
page read and write
1DD4B000
heap
page read and write
1DD20000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
10BD000
unkown
page execute and read and write
1DD44000
heap
page read and write
1DD42000
heap
page read and write
4AFE000
stack
page read and write
1DD50000
heap
page read and write
6F870000
unkown
page readonly
1D7CE000
stack
page read and write
1DD5D000
heap
page read and write
1DD45000
heap
page read and write
45BF000
stack
page read and write
61ED0000
direct allocation
page read and write
1D92E000
stack
page read and write
5240000
heap
page read and write
5271000
heap
page read and write
3A7F000
stack
page read and write
5271000
heap
page read and write
6C681000
unkown
page execute read
5271000
heap
page read and write
1DD50000
heap
page read and write
168D000
unkown
page execute and read and write
14F5000
unkown
page execute and read and write
5271000
heap
page read and write
29FCE000
stack
page read and write
13DB000
unkown
page execute and read and write
3CFF000
stack
page read and write
1DD69000
heap
page read and write
5271000
heap
page read and write
3BBF000
stack
page read and write
1DD66000
heap
page read and write
61EB4000
direct allocation
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
1DD53000
heap
page read and write
61ED4000
direct allocation
page readonly
5271000
heap
page read and write
5271000
heap
page read and write
50FF000
stack
page read and write
5860000
direct allocation
page execute and read and write
1DD4C000
heap
page read and write
6C85E000
unkown
page read and write
1DD69000
heap
page read and write
44BE000
stack
page read and write
5271000
heap
page read and write
1DD50000
heap
page read and write
1DE40000
trusted library allocation
page read and write
5260000
direct allocation
page read and write
5271000
heap
page read and write
351E000
stack
page read and write
5271000
heap
page read and write
29DEB000
heap
page read and write
1DD42000
heap
page read and write
61ED3000
direct allocation
page read and write
5700000
direct allocation
page read and write
1995000
heap
page read and write
58A0000
direct allocation
page execute and read and write
10E2000
unkown
page execute and read and write
5271000
heap
page read and write
11A5000
unkown
page execute and read and write
5271000
heap
page read and write
61ECC000
direct allocation
page read and write
5260000
direct allocation
page read and write
5277000
heap
page read and write
5271000
heap
page read and write
5260000
direct allocation
page read and write
1D68E000
stack
page read and write
105A000
unkown
page execute and read and write
1DD5C000
heap
page read and write
6F902000
unkown
page readonly
2A177000
heap
page read and write
1D78F000
stack
page read and write
179D000
stack
page read and write
1085000
unkown
page execute and read and write
1DD64000
heap
page read and write
373F000
stack
page read and write
1DD68000
heap
page read and write
1DD47000
heap
page read and write
29F7D000
stack
page read and write
1DD36000
heap
page read and write
11CB000
unkown
page execute and read and write
4C3E000
stack
page read and write
5271000
heap
page read and write
397E000
stack
page read and write
5271000
heap
page read and write
46FF000
stack
page read and write
1DD45000
heap
page read and write
3BFE000
stack
page read and write
5271000
heap
page read and write
1DD50000
heap
page read and write
5271000
heap
page read and write
1DD64000
heap
page read and write
1DCBD000
stack
page read and write
1DD50000
heap
page read and write
1DD22000
heap
page read and write
5271000
heap
page read and write
14F5000
unkown
page execute and write copy
583F000
stack
page read and write
1DD66000
heap
page read and write
1DD5C000
heap
page read and write
1848000
heap
page read and write
5271000
heap
page read and write
1DA2F000
stack
page read and write
1DD36000
heap
page read and write
1DD5D000
heap
page read and write
5271000
heap
page read and write
3F7F000
stack
page read and write
345E000
stack
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
5271000
heap
page read and write
393F000
stack
page read and write
1840000
heap
page read and write
29E7E000
stack
page read and write
1DD66000
heap
page read and write
23DBD000
heap
page read and write
1DD62000
heap
page read and write
5870000
direct allocation
page execute and read and write
45FE000
stack
page read and write
There are 334 hidden memdumps, click here to show them.