Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\13w4NM6mPa.exe

"C:\Users\user\Desktop\13w4NM6mPa.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6704
Target ID:	0
Parent PID:	2580
Name:	13w4NM6mPa.exe
Path:	C:\Users\user\Desktop\13w4NM6mPa.exe
Commandline:	"C:\Users\user\Desktop\13w4NM6mPa.exe"
Size:	21991832
MD5:	76761104AAD9E5FA6B474D9E5CF667BE
Time:	04:57:45
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb70000
Modulesize:	34422784
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\Desktop\lWjPtDoy2N.exe

lWjPtDoy2N.exe

Details

Is windows:	false
Is dropped:	true
PID:	3368
Target ID:	6
Parent PID:	6704
Name:	lWjPtDoy2N.exe
Path:	C:\Users\user\Desktop\lWjPtDoy2N.exe
Commandline:	lWjPtDoy2N.exe
Size:	20028832
MD5:	912799971263C4B4415C40071C065EEB
Time:	04:58:08
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xcd0000
Modulesize:	31219712
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected LummaC Stealer	Stealing of Sensitive Information, Remote Access Functionality
Drops PE files	Persistence and Installation Behavior
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe "start /min cmd.exe "/c timeout /t 3 /nobreak & del "C:\Users\user\Desktop\lWjPtDoy2N.exe"""

Details

Is windows:	true
Is dropped:	false
PID:	3236
Target ID:	8
Parent PID:	3368
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe "start /min cmd.exe "/c timeout /t 3 /nobreak & del "C:\Users\user\Desktop\lWjPtDoy2N.exe"""
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	04:58:18
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\user\Desktop\13w4NM6mPa.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2800
Target ID:	11
Parent PID:	6704
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\user\Desktop\13w4NM6mPa.exe"
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	04:58:19
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

Details

Is windows:	true
Is dropped:	false
PID:	4476
Target ID:	13
Parent PID:	2800
Name:	PING.EXE
Class:	system-tools
Path:	C:\Windows\SysWOW64\PING.EXE
Commandline:	ping 127.0.0.1
Size:	18944
MD5:	B3624DD758CCECF93A1226CEF252CA12
Time:	04:58:19
Date:	19/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x8c0000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Uses ping.exe to check the status of other devices and networks	Networking	System Network Configuration Discovery Remote System Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6684
Target ID:	1
Parent PID:	6704
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	04:57:45
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2488
Target ID:	9
Parent PID:	3236
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	04:58:18
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\timeout.exe

timeout /t 3 /nobreak

Details

Is windows:	true
Is dropped:	false
PID:	3180
Target ID:	10
Parent PID:	3236
Name:	timeout.exe
Path:	C:\Windows\SysWOW64\timeout.exe
Commandline:	timeout /t 3 /nobreak
Size:	25088
MD5:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Time:	04:58:18
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x8a0000
Modulesize:	40960
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2416
Target ID:	12
Parent PID:	2800
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	04:58:19
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://38.180.21.197/stats/17/0/0

38.180.21.197

incredibleextedwj.shop

http://38.180.21.197/stats/17/1/1

38.180.21.197

shortsvelventysjo.shop

tolerateilusidjukl.shop

poledoverglazedkilio.shop

liabilitynighstjsko.shop

shatterbreathepsw.shop

http://38.180.21.197/archives/17

38.180.21.197

http://38.180.21.197/archives/5

38.180.21.197

http://38.180.21.197/stats/15/0/0

38.180.21.197

demonstationfukewko.shop

productivelookewr.shop

alcojoldwograpciw.shop

https://duckduckgo.com/chrome_newtab

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF

unknown

https://duckduckgo.com/ac/?q=

unknown

https://poledoverglazedkilio.shop/

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://38.180.21.197/archives/15

unknown

http://ip-api.com/json

208.95.112.1

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://crl.rootca1.amazontrust.com/rootca1.crl0

unknown

http://upx.sf.net

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://ocsp.rootca1.amazontrust.com0:

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17

unknown

http://38.180.21.197/archives/17?

unknown

https://www.ecosia.org/newtab/

unknown

http://38.180.21.197/stats/17/1/1S

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

http://38.180.21.197/stats/15/1/1

unknown

http://38.180.21.197/stats/17/1/1I

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

https://pwsafe.org:

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://support.microsof

unknown

http://crt.rootca1.amazontrust.com/rootca1.cer0?

unknown

http://38.180.21.197/stats/17/0/0http://38.180.21.197/stats/15/0/0http://38.180.21.197/archives/5htt

unknown

https://support.mozilla.org

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples

unknown

https://poledoverglazedkilio.shop/api

172.67.153.60

http://ip-api.com/jsonSOR_

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

There are 38 hidden URLs, click here to show them.

Domains

Name

Malicious

poledoverglazedkilio.shop

172.67.153.60

Details

Name:	poledoverglazedkilio.shop
IP:	172.67.153.60
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

ip-api.com

208.95.112.1

Details

Name:	ip-api.com
IP:	208.95.112.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

38.180.21.197

unknown

United States

Details

IP:	38.180.21.197
TargetID:	0
Current Path:	C:\Users\user\Desktop\13w4NM6mPa.exe
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

172.67.153.60

poledoverglazedkilio.shop

United States

Details

IP:	172.67.153.60
TargetID:	6
Current Path:	C:\Users\user\Desktop\lWjPtDoy2N.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	poledoverglazedkilio.shop

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

127.0.0.1

unknown

Details

IP:	127.0.0.1
TargetID:	13
Current Path:	C:\Windows\SysWOW64\PING.EXE
Private:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Uses ping.exe to check the status of other devices and networks	Networking	System Network Configuration Discovery Remote System Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

208.95.112.1

ip-api.com

United States

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\SitronicsTeam

ZeHuilo

Memdumps

Base Address

Regiontype

Protect

Malicious

D0D000

unkown

page readonly

4C21000

heap

page read and write

30F4000

heap

page read and write

30F4000

heap

page read and write

5439000

trusted library allocation

page read and write

C90000

heap

page read and write

542A000

trusted library allocation

page read and write

540A000

trusted library allocation

page read and write

5409000

trusted library allocation

page read and write

5409000

trusted library allocation

page read and write

540A000

trusted library allocation

page read and write

30F4000

heap

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

4BF0000

remote allocation

page read and write

2EAB000

heap

page read and write

3205000

heap

page read and write

2EA2000

heap

page read and write

2EA2000

heap

page read and write

2EFC000

heap

page read and write

534E000

stack

page read and write

5409000

trusted library allocation

page read and write

509E000

stack

page read and write

2EA6000

heap

page read and write

541B000

trusted library allocation

page read and write

4C21000

heap

page read and write

5401000

trusted library allocation

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

B70000

unkown

page readonly

30F4000

heap

page read and write

5600000

trusted library allocation

page read and write

2EAB000

heap

page read and write

5EE000

stack

page read and write

30F4000

heap

page read and write

2EAB000

heap

page read and write

4C21000

heap

page read and write

2EBC000

heap

page read and write

5443000

trusted library allocation

page read and write

2EA6000

heap

page read and write

2C0B000

unkown

page readonly

2BA0000

trusted library allocation

page read and write

56D7000

trusted library allocation

page read and write

2EAB000

heap

page read and write

2EA1000

heap

page read and write

4C21000

heap

page read and write

30F4000

heap

page read and write

4EFE000

stack

page read and write

B5B000

stack

page read and write

BC7000

unkown

page read and write

542B000

trusted library allocation

page read and write

2EA9000

heap

page read and write

322E000

heap

page read and write

4C21000

heap

page read and write

538F000

stack

page read and write

4C21000

heap

page read and write

5427000

trusted library allocation

page read and write

2EAB000

heap

page read and write

4C21000

heap

page read and write

2EA6000

heap

page read and write

2EA6000

heap

page read and write

2EAB000

heap

page read and write

2ECD000

heap

page read and write

30F4000

heap

page read and write

2E56000

heap

page read and write

2EA6000

heap

page read and write

2EA6000

heap

page read and write

2ED3000

heap

page read and write

347E000

stack

page read and write

2EA6000

heap

page read and write

2EC2000

heap

page read and write

2EA2000

heap

page read and write

5409000

trusted library allocation

page read and write

2EC1000

heap

page read and write

5438000

trusted library allocation

page read and write

2EAB000

heap

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

541B000

trusted library allocation

page read and write

4BF0000

remote allocation

page read and write

4C21000

heap

page read and write

519F000

stack

page read and write

30F4000

heap

page read and write

2EFE000

heap

page read and write

2EA6000

heap

page read and write

540A000

trusted library allocation

page read and write

4C21000

heap

page read and write

2E3A000

heap

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

2EBB000

heap

page read and write

543A000

trusted library allocation

page read and write

2EEA000

heap

page read and write

C3E000

stack

page read and write

30F4000

heap

page read and write

542E000

trusted library allocation

page read and write

560F000

trusted library allocation

page read and write

2EBE000

heap

page read and write

5435000

trusted library allocation

page read and write

543B000

trusted library allocation

page read and write

2EA3000

heap

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

543B000

trusted library allocation

page read and write

5402000

trusted library allocation

page read and write

4C21000

heap

page read and write

2C13000

heap

page read and write

543B000

trusted library allocation

page read and write

2EAB000

heap

page read and write

2EA1000

heap

page read and write

2EAB000

heap

page read and write

5408000

trusted library allocation

page read and write

2EA2000

heap

page read and write

2E4D000

heap

page read and write

2F01000

heap

page read and write

3170000

heap

page read and write

2EA2000

heap

page read and write

4C21000

heap

page read and write

2EA6000

heap

page read and write

4C21000

heap

page read and write

54CF000

stack

page read and write

5606000

trusted library allocation

page read and write

4C21000

heap

page read and write

5435000

trusted library allocation

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

542B000

trusted library allocation

page read and write

5441000

trusted library allocation

page read and write

2E12000

heap

page read and write

174A000

unkown

page execute read

CD0000

unkown

page readonly

2EA6000

heap

page read and write

5406000

trusted library allocation

page read and write

2EA6000

heap

page read and write

2BA0000

trusted library allocation

page read and write

2EC1000

heap

page read and write

4C21000

heap

page read and write

5408000

trusted library allocation

page read and write

30F4000

heap

page read and write

2E40000

heap

page read and write

2A5D000

unkown

page readonly

2EC4000

heap

page read and write

2A5D000

unkown

page readonly

540A000

trusted library allocation

page read and write

540A000

trusted library allocation

page read and write

B71000

unkown

page execute read

5657000

trusted library allocation

page read and write

4C21000

heap

page read and write

30F4000

heap

page read and write

4D75000

heap

page read and write

543A000

trusted library allocation

page read and write

5402000

trusted library allocation

page read and write

4C21000

heap

page read and write

524F000

stack

page read and write

5441000

trusted library allocation

page read and write

30F4000

heap

page read and write

2E9E000

heap

page read and write

2EA1000

heap

page read and write

D44000

unkown

page read and write

2EC8000

heap

page read and write

2EF1000

heap

page read and write

540C000

trusted library allocation

page read and write

2EAB000

heap

page read and write

30F4000

heap

page read and write

595E000

stack

page read and write

543A000

trusted library allocation

page read and write

2DB0000

heap

page read and write

2E9E000

heap

page read and write

4C21000

heap

page read and write

2ED5000

heap

page read and write

AF8000

stack

page read and write

5409000

trusted library allocation

page read and write

2EAB000

heap

page read and write

4EC000

stack

page read and write

540A000

trusted library allocation

page read and write

545C000

trusted library allocation

page read and write

2EAA000

heap

page read and write

543B000

trusted library allocation

page read and write

217E000

unkown

page execute read

2B4C000

unkown

page execute read

2F01000

heap

page read and write

4C21000

heap

page read and write

2E5E000

heap

page read and write

3150000

heap

page read and write

2EAB000

heap

page read and write

2EA6000

heap

page read and write

2E90000

heap

page read and write

2EA3000

heap

page read and write

30F4000

heap

page read and write

541A000

trusted library allocation

page read and write

2EA2000

heap

page read and write

2EAB000

heap

page read and write

4C21000

heap

page read and write

318A000

heap

page read and write

2EA6000

heap

page read and write

2EA6000

heap

page read and write

30F4000

heap

page read and write

2E33000

heap

page read and write

D1B000

unkown

page execute read

4C21000

heap

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

5402000

trusted library allocation

page read and write

562F000

stack

page read and write

561F000

trusted library allocation

page read and write

2EC1000

heap

page read and write

56FF000

stack

page read and write

4C21000

heap

page read and write

2EA2000

heap

page read and write

541B000

trusted library allocation

page read and write

2EA2000

heap

page read and write

2EF2000

heap

page read and write

214C000

unkown

page execute read

2ECD000

heap

page read and write

2EA1000

heap

page read and write

547B000

trusted library allocation

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

542B000

trusted library allocation

page read and write

50F0000

heap

page read and write

5419000

trusted library allocation

page read and write

2EA6000

heap

page read and write

2EDA000

heap

page read and write

2EA6000

heap

page read and write

4D70000

heap

page read and write

5474000

trusted library allocation

page read and write

30F4000

heap

page read and write

2EBC000

heap

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

2EA6000

heap

page read and write

2EA6000

heap

page read and write

5401000

trusted library allocation

page read and write

2C13000

heap

page read and write

5409000

trusted library allocation

page read and write

2EAB000

heap

page read and write

57BD000

stack

page read and write

542D000

trusted library allocation

page read and write

56CF000

trusted library allocation

page read and write

2EA2000

heap

page read and write

30F4000

heap

page read and write

2EA1000

heap

page read and write

2EA2000

heap

page read and write

4C20000

heap

page read and write

2EA6000

heap

page read and write

542B000

trusted library allocation

page read and write

4C21000

heap

page read and write

2ED4000

heap

page read and write

4C21000

heap

page read and write

2EC1000

heap

page read and write

30F4000

heap

page read and write

2EAB000

heap

page read and write

2EA2000

heap

page read and write

CD0000

unkown

page readonly

5409000

trusted library allocation

page read and write

5F0000

heap

page read and write

2EA6000

heap

page read and write

174C000

unkown

page execute read

4C21000

heap

page read and write

2E2B000

heap

page read and write

2C0B000

unkown

page readonly

541B000

trusted library allocation

page read and write

5737000

trusted library allocation

page read and write

D4A000

unkown

page execute read

5452000

trusted library allocation

page read and write

541A000

trusted library allocation

page read and write

5438000

trusted library allocation

page read and write

2EA6000

heap

page read and write

580000

heap

page read and write

2EAB000

heap

page read and write

5D0C000

stack

page read and write

5404000

trusted library allocation

page read and write

540A000

trusted library allocation

page read and write

B70000

unkown

page readonly

30F4000

heap

page read and write

2C00000

heap

page read and write

4C21000

heap

page read and write

5432000

trusted library allocation

page read and write

56DF000

trusted library allocation

page read and write

52DE000

stack

page read and write

2EC6000

heap

page read and write

2EA1000

heap

page read and write

7F0000

heap

page read and write

4F3D000

stack

page read and write

541A000

trusted library allocation

page read and write

577B000

stack

page read and write

CD1000

unkown

page execute read

30F4000

heap

page read and write

79C000

stack

page read and write

5A0000

heap

page read and write

543B000

trusted library allocation

page read and write

214C000

unkown

page execute read

540A000

trusted library allocation

page read and write

2EBB000

heap

page read and write

2EA6000

heap

page read and write

318E000

heap

page read and write

4C21000

heap

page read and write

30F4000

heap

page read and write

4E00000

trusted library allocation

page read and write

4C21000

heap

page read and write

51DE000

stack

page read and write

2EAB000

heap

page read and write

5401000

trusted library allocation

page read and write

2B9F000

stack

page read and write

30F4000

heap

page read and write

30F0000

heap

page read and write

2EAB000

heap

page read and write

2EA6000

heap

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

547C000

trusted library allocation

page read and write

2EA1000

heap

page read and write

5637000

trusted library allocation

page read and write

2EAB000

heap

page read and write

177E000

unkown

page execute read

2EBC000

heap

page read and write

541B000

trusted library allocation

page read and write

2EA6000

heap

page read and write

543B000

trusted library allocation

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

2EBC000

heap

page read and write

2E3C000

heap

page read and write

2EA1000

heap

page read and write

2EC2000

heap

page read and write

503C000

stack

page read and write

2EA2000

heap

page read and write

2C13000

heap

page read and write

5BB0000

heap

page read and write

52C000

stack

page read and write

2EA6000

heap

page read and write

177E000

unkown

page execute read

5405000

trusted library allocation

page read and write

2EAB000

heap

page read and write

58BE000

stack

page read and write

89E000

stack

page read and write

2E4A000

heap

page read and write

541A000

trusted library allocation

page read and write

4BF0000

remote allocation

page read and write

5483000

trusted library allocation

page read and write

2EBB000

heap

page read and write

30F4000

heap

page read and write

4C21000

heap

page read and write

552E000

stack

page read and write

2DA0000

heap

page read and write

5800000

trusted library allocation

page read and write

4C21000

heap

page read and write

2ED5000

heap

page read and write

BCD000

unkown

page execute read

540A000

trusted library allocation

page read and write

2EA6000

heap

page read and write

5C0C000

stack

page read and write

542D000

trusted library allocation

page read and write

30FE000

stack

page read and write

5A5E000

stack

page read and write

567D000

stack

page read and write

2E3A000

heap

page read and write

542B000

trusted library allocation

page read and write

4C21000

heap

page read and write

2EAD000

heap

page read and write

30F4000

heap

page read and write

2EAB000

heap

page read and write

30F4000

heap

page read and write

30F4000

heap

page read and write

5403000

trusted library allocation

page read and write

2C13000

heap

page read and write

543B000

trusted library allocation

page read and write

B9C000

unkown

page read and write

2EBC000

heap

page read and write

2A48000

heap

page read and write

4C21000

heap

page read and write

542D000

trusted library allocation

page read and write

5463000

trusted library allocation

page read and write

4D20000

trusted library allocation

page read and write

541A000

trusted library allocation

page read and write

2EA2000

heap

page read and write

2EAB000

heap

page read and write

562F000

trusted library allocation

page read and write

4C21000

heap

page read and write

5438000

trusted library allocation

page read and write

5401000

trusted library allocation

page read and write

2EAB000

heap

page read and write

2EA6000

heap

page read and write

5402000

trusted library allocation

page read and write

2EA6000

heap

page read and write

30F4000

heap

page read and write

528E000

stack

page read and write

2EA6000

heap

page read and write

2E00000

heap

page read and write

CC0000

heap

page read and write

313E000

stack

page read and write

30F4000

heap

page read and write

5402000

trusted library allocation

page read and write

5406000

trusted library allocation

page read and write

C7E000

stack

page read and write

5436000

trusted library allocation

page read and write

2E6F000

heap

page read and write

2EBD000

heap

page read and write

5430000

trusted library allocation

page read and write

2EC8000

heap

page read and write

2A40000

heap

page read and write

5409000

trusted library allocation

page read and write

2EA6000

heap

page read and write

2EAB000

heap

page read and write

4C21000

heap

page read and write

2EA2000

heap

page read and write

4C21000

heap

page read and write

541B000

trusted library allocation

page read and write

540A000

trusted library allocation

page read and write

30F4000

heap

page read and write

5406000

trusted library allocation

page read and write

53CD000

stack

page read and write

2DFE000

stack

page read and write

30F4000

heap

page read and write

4C21000

heap

page read and write

2C13000

heap

page read and write

2B4C000

unkown

page execute read

B9E000

unkown

page execute read

2EA1000

heap

page read and write

2EAB000

heap

page read and write

4C01000

trusted library allocation

page read and write

2EAB000

heap

page read and write

541B000

trusted library allocation

page read and write

2C02000

heap

page read and write

31D3000

heap

page read and write

D10000

unkown

page read and write

2EA2000

heap

page read and write

2EE2000

heap

page read and write

337E000

stack

page read and write

544B000

trusted library allocation

page read and write

2EAB000

heap

page read and write

4C21000

heap

page read and write

7D0000

heap

page read and write

4440000

heap

page read and write

4C21000

heap

page read and write

2EA6000

heap

page read and write

514E000

stack

page read and write

2EA6000

heap

page read and write

2EAB000

heap

page read and write

541F000

trusted library allocation

page read and write

2EA6000

heap

page read and write

3180000

heap

page read and write

4C21000

heap

page read and write

4C21000

heap

page read and write

2EA6000

heap

page read and write

2EA6000

heap

page read and write

15CD000

unkown

page execute read

30F4000

heap

page read and write

2EA5000

heap

page read and write

B8E000

unkown

page readonly

29BF000

stack

page read and write

4C21000

heap

page read and write

5402000

trusted library allocation

page read and write

2EAB000

heap

page read and write

174C000

unkown

page execute read

83F000

stack

page read and write

2EAB000

heap

page read and write

5402000

trusted library allocation

page read and write

2EAB000

heap

page read and write

5D4E000

stack

page read and write

56A7000

trusted library allocation

page read and write

2EA2000

heap

page read and write

4C21000

heap

page read and write

2D4B000

stack

page read and write

4C21000

heap

page read and write

30F4000

heap

page read and write

4C21000

heap

page read and write

2EAB000

heap

page read and write

2EE9000

heap

page read and write

543B000

trusted library allocation

page read and write

2EA2000

heap

page read and write

2EA6000

heap

page read and write

B20000

heap

page read and write

4C30000

heap

page read and write

2EA6000

heap

page read and write

542D000

trusted library allocation

page read and write

5404000

trusted library allocation

page read and write

2EAB000

heap

page read and write

2EA1000

heap

page read and write

217E000

unkown

page execute read

576F000

trusted library allocation

page read and write

5402000

trusted library allocation

page read and write

2EAB000

heap

page read and write

5438000

trusted library allocation

page read and write

2EA6000

heap

page read and write

31EE000

heap

page read and write

2BED000

stack

page read and write

2EA6000

heap

page read and write

5E4F000

stack

page read and write

2EA6000

heap

page read and write

5400000

trusted library allocation

page read and write

There are 483 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
13w4NM6mPa

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report13w4NM6mPa

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
13w4NM6mPa