IOC Report
gJtW7azO4o.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\gJtW7azO4o.exe
"C:\Users\user\Desktop\gJtW7azO4o.exe"
 malicious

URLs

Name
IP
Malicious
20.25.126.96
malicious
https://20.25.126.96/j.adG
unknown
https://20.25.126.96/ecurity=Impersonation
unknown
https://20.25.126.96/
unknown
https://20.25.126.96/.adc
unknown
https://20.25.126.96/j.ad4
unknown
https://20.25.126.96/j.ad2;C:
unknown
https://20.25.126.96/j.ad
unknown
https://20.25.126.96/j.adSPb
unknown
https://20.25.126.96/j.adw
unknown
http://127.0.0.1:%u/
unknown
https://20.25.126.96/.ads
unknown
https://20.25.126.96/j.adSystem3
unknown
There are 3 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
206.23.85.13.in-addr.arpa
unknown
 malicious

IPs

IP
Domain
Country
Malicious
20.25.126.96
unknown
United States
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
200390F0000
unclassified section
page execute read
 malicious
200393B0000
direct allocation
page execute and read and write
 malicious
200391B0000
heap
page read and write
20039256000
heap
page read and write
7FF7B3AD4000
unkown
page write copy
200390C5000
heap
page read and write
20039252000
heap
page read and write
20039254000
heap
page read and write
20039254000
heap
page read and write
20039401000
direct allocation
page execute and read and write
7FF7B3B36000
unkown
page readonly
200392B0000
heap
page read and write
2003924C000
heap
page read and write
20039226000
heap
page read and write
20039256000
heap
page read and write
200393F8000
direct allocation
page execute and read and write
20039252000
heap
page read and write
9E993FF000
stack
page read and write
20039403000
direct allocation
page execute and read and write
20039140000
heap
page read and write
7FF7B3B2D000
unkown
page readonly
20039226000
heap
page read and write
200390D0000
heap
page read and write
20039256000
heap
page read and write
20038FE0000
heap
page read and write
200393FE000
direct allocation
page execute and read and write
200390C0000
heap
page read and write
200391F9000
heap
page read and write
7FF7B3B33000
unkown
page read and write
9E995FE000
stack
page read and write
20039256000
heap
page read and write
2003B080000
remote allocation
page read and write
2003924C000
heap
page read and write
20039226000
heap
page read and write
20039254000
heap
page read and write
7FF7B3B30000
unkown
page read and write
20039252000
heap
page read and write
20039256000
heap
page read and write
9E98DFA000
stack
page read and write
20039222000
heap
page read and write
20039212000
heap
page read and write
20039226000
heap
page read and write
20039222000
heap
page read and write
2003B080000
remote allocation
page read and write
7FF7B3B2D000
unkown
page readonly
20039252000
heap
page read and write
2003924C000
heap
page read and write
20039254000
heap
page read and write
20039226000
heap
page read and write
7FF7B3AD0000
unkown
page readonly
200393FB000
direct allocation
page execute and read and write
20039254000
heap
page read and write
9E997FF000
stack
page read and write
7FF7B3AD4000
unkown
page write copy
7FF7B3B36000
unkown
page readonly
2003B080000
remote allocation
page read and write
7FF7B3AD0000
unkown
page readonly
2003924C000
heap
page read and write
9E989FD000
stack
page read and write
20039256000
heap
page read and write
20039226000
heap
page read and write
2003924C000
heap
page read and write
7FF7B3AD1000
unkown
page execute read
200391B6000
heap
page read and write
20039219000
heap
page read and write
7FF7B3AD1000
unkown
page execute read
2003924C000
heap
page read and write
200391BC000
heap
page read and write
9E99BFB000
stack
page read and write
9E999FD000
stack
page read and write
7FF7B3B33000
unkown
page write copy
20039254000
heap
page read and write
There are 62 hidden memdumps, click here to show them.