Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ShadowFury.exe

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

initial sample

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\D3DSCache\a5ae4d5e940ad976\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

data

dropped

C:\Users\user\AppData\Local\D3DSCache\a5ae4d5e940ad976\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

ASCII text, with no line terminators

modified

C:\Users\user\AppData\Local\D3DSCache\a5ae4d5e940ad976\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

data

modified

C:\Users\user\AppData\Local\Programs\ShadowFury\LICENSE.electron.txt

ASCII text

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\LICENSES.chromium.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\chrome_100_percent.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\chrome_200_percent.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\ffmpeg.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\icudtl.dat

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\libEGL.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\libGLESv2.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\locales\af.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\locales\am.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\locales\ar.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\locales\bg.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\locales\bn.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\locales\ca.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\resources.pak

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\snapshot_blob.bin

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\v8_context_snapshot.bin

data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader_icd.json

JSON data

dropped

C:\Users\user\AppData\Local\Programs\ShadowFury\vulkan-1.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\65009a31-e18f-4331-be2b-a374113ace84.tmp.node

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\6f9c7dcb-c5ec-4d75-b81c-93e1fcff8c95.tmp.node

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3wqgek32.5bo.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_befqev12.yp0.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfzby2tn.dti.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bp5zyjii.nj3.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csboxvu0.vp4.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_euaxoon1.utp.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gbcndarq.3cq.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqeemgkq.tmi.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjride20.aha.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfpbmemr.4in.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oh5to30c.2rc.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovpyas1j.143.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_paaopvor.qvp.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qia5zjfx.s0j.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvmutyrc.fwo.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_stre2n4a.5iq.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1sbwzmi.jg3.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxj3fnhu.bhr.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w1sns1et.j1b.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpkphbdv.kid.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\c72e6d37-050a-4632-91c0-63b85d93d972.tmp.node

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\ece2b052-aa6a-477b-a28f-4a0581807657.tmp.node

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\LICENSE.electron.txt

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\LICENSES.chromium.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ShadowFury.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\chrome_100_percent.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\chrome_200_percent.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\d3dcompiler_47.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ffmpeg.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\icudtl.dat

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libEGL.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libGLESv2.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\af.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\am.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ar.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\bg.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\bn.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ca.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\cs.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\da.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\de.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\el.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\en-GB.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\en-US.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\es-419.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\es.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\et.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fa.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fi.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fil.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fr.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\gu.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\he.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\hi.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\hr.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\hu.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\id.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\it.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ja.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\kn.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ko.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\lt.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\lv.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ml.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\mr.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ms.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\nb.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\nl.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\pl.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\pt-BR.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\pt-PT.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ro.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ru.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sk.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sl.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sr.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sv.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sw.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ta.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\te.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\th.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\tr.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\uk.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ur.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\vi.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\zh-CN.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\zh-TW.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources.pak

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources\app.asar

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources\elevate.exe

PE32 executable (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\snapshot_blob.bin

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\v8_context_snapshot.bin

data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vk_swiftshader.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vk_swiftshader_icd.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vulkan-1.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\SpiderBanner.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\StdUtils.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\System.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\app-32.7z

7-zip archive data, version 0.4

dropped

C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\nsis7z.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\ShadowFury\4d92a671-e7a3-4c89-bc91-bed1c44b947d.tmp

JSON data

modified

C:\Users\user\AppData\Roaming\ShadowFury\Local State (copy)

JSON data

dropped

C:\Users\user\AppData\Roaming\ShadowFury\Local State~RF41a1b2.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Roaming\ShadowFury\e90be693-0797-4479-93e1-bf26b23be5af.tmp

JSON data

modified

There are 123 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1444 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\user\Desktop\ShadowFury.exe

"C:\Users\user\Desktop\ShadowFury.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\chcp.com

chcp

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\chcp.com

chcp

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\findstr.exe

findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\findstr.exe

findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"

There are 27 hidden processes, click here to show them.

URLs

Name

Malicious

https://sqlite.org/forum/forumpost/eb8613976a

unknown

https://url.spec.whatwg.org/#concept-url-origin

unknown

https://tools.ietf.org/html/rfc6455#section-1.3

unknown

https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape

unknown

https://github.com/sebhildebrandt/systeminformation.git

unknown

http://anglebug.com/4633

unknown

https://anglebug.com/7382

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-Atom

unknown

https://github.com/nodejs/node/pull/35941

unknown

https://www.chromestatus.com/feature/5093566007214080

unknown

https://console.spec.whatwg.org/#table

unknown

https://github.com/nodejs/string_decoder

unknown

https://docs.google.com/

unknown

https://crbug.com/1356053

unknown

https://elinux.org/RPI_vcgencmd_usage

unknown

https://encoding.spec.whatwg.org/#textencoder

unknown

http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD

unknown

https://github.com/tc39/proposal-weakrefs

unknown

https://goo.gl/t5IS6M).

unknown

http://crbug.com/110263

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion

unknown

https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js

unknown

https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object

unknown

https://url.spec.whatwg.org/#concept-urlencoded-serializer

unknown

https://www.chromium.org/blink/origin-trials/portals.

unknown

http://anglebug.com/6929

unknown

https://semver.org/

unknown

https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F

unknown

https://nodejs.org/api/fs.html

unknown

https://chromium.googlesource.com/chromium/src/

unknown

https://github.com/nodejs/node/pull/21313

unknown

https://www.chromium.org/blink/origin-trials/portals.The

unknown

https://anglebug.com/7246

unknown

https://anglebug.com/7369

unknown

https://anglebug.com/7489

unknown

https://bit.ly/3rpDuEX.

unknown

https://crbug.com/593024

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges

unknown

https://w3c.github.io/manifest/#installability-signals

unknown

http://www.midnight-commander.org/browser/lib/tty/key.c

unknown

https://nodejs.org/

unknown

https://tools.ietf.org/html/rfc7540#section-8.1.2.5

unknown

http://exslt.org/common

unknown

https://github.com/tensorflow/models

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits

unknown

http://www.squid-cache.org/Doc/config/half_closed_clients/

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape

unknown

https://c.docs.google.com/

unknown

https://github.com/KhronosGroup/SPIRV-Headers.git

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter

unknown

https://www.sqlite.org/src/info/908f001483982c43

unknown

https://tc39.es/ecma262/#sec-timeclip

unknown

https://issuetracker.google.com/161903006

unknown

http://127.0.0.1

unknown

https://crbug.com/1300575

unknown

https://github.com/nodejs/node/pull/33661

unknown

http://www.nongnu.org/freebangfont/downloads.html#mukti

unknown

https://crbug.com/710443

unknown

http://narwhaljs.org)

unknown

http://istanbul-js.org/

unknown

https://github.com/tensorflow/tflite-support

unknown

https://github.com/WICG/scheduling-apis

unknown

https://sqlite.org/

unknown

https://crbug.com/1060012

unknown

http://localhosthttp://127.0.0.1object-src

unknown

https://code.google.com/p/chromium/issues/detail?id=25916

unknown

http://anglebug.com/3997

unknown

http://anglebug.com/4722

unknown

http://crbug.com/642605

unknown

https://fetch.spec.whatwg.org/#fetch-timing-info

unknown

http://anglebug.com/1452

unknown

https://webassembly.github.io/spec/web-api

unknown

https://github.com/electron/electron/issues/18397.Module

unknown

http://www.xfa.org/schema/xdc/

unknown

https://github.com/nodejs/node/pull/12607

unknown

https://www.ecma-international.org/ecma-262/#sec-line-terminators

unknown

http://www.sqlite.org/

unknown

https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt

unknown

https://crbug.com/650547callClearTwiceUsing

unknown

https://github.com/npm/node-tar/issues/183

unknown

http://html4/loose.dtd

unknown

http://anglebug.com/3502

unknown

http://anglebug.com/3623

unknown

https://gitlab.freedesktop.org/xdg/xdgmime

unknown

http://anglebug.com/3625

unknown

http://anglebug.com/3624

unknown

http://www.unicode.org/copyright.html

unknown

https://beacons.gcp.gvt2.com/domainreliability/upload

unknown

http://anglebug.com/2894

unknown

http://anglebug.com/3862

unknown

http://anglebug.com/4836

unknown

https://issuetracker.google.com/issues/166475273

unknown

https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.

unknown

https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.

unknown

https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom

unknown

https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor

unknown

https://heycam.github.io/webidl/#es-iterable-entries

unknown

https://github.com/wasdk/wasmparser

unknown

https://heycam.github.io/webidl/#es-interfaces

unknown

http://www.xfa.org/schema/xfa-template/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

chrome.cloudflare-dns.com

162.159.61.3

Details

Name:	chrome.cloudflare-dns.com
IP:	162.159.61.3
TargetID:	19
Current Path:	C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

ipinfo.io

34.117.186.192

Details

Name:	ipinfo.io
IP:	34.117.186.192
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

illitluckygirl.com

unknown

IPs

Domain

Country

Malicious

34.117.186.192

ipinfo.io

United States

162.159.61.3

chrome.cloudflare-dns.com

United States

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\d8b49fe8-42ea-5121-a0ba-899ad0437a85

InstallLocation

HKEY_CURRENT_USER\SOFTWARE\d8b49fe8-42ea-5121-a0ba-899ad0437a85

KeepShortcuts

HKEY_CURRENT_USER\SOFTWARE\d8b49fe8-42ea-5121-a0ba-899ad0437a85

ShortcutName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

DisplayName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

UninstallString

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

QuietUninstallString

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

DisplayVersion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

DisplayIcon

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

Publisher

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

NoModify

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

NoRepair

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer

GlobalAssocChangedCounter

There are 3 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

8D6000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

2E21000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

2D2D000

stack

page read and write

6370000

heap

page read and write

6970000

direct allocation

page read and write

5729000

heap

page read and write

3DB1000

unkown

page execute read

72D7000

unkown

page readonly

60B0000

heap

page read and write

8D6000

heap

page read and write

1B0000

unkown

page readonly

5728000

heap

page read and write

8DC000

heap

page read and write

5868000

heap

page read and write

2A6D000

stack

page read and write

6C74000

unkown

page readonly

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

61F0000

heap

page read and write

2F2F000

heap

page read and write

884000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

742B000

unkown

page readonly

3DB1000

unkown

page execute read

72CC000

unkown

page readonly

6031000

heap

page read and write

5020000

direct allocation

page read and write

3DB1000

unkown

page execute read

8D6000

heap

page read and write

8DC000

heap

page read and write

60F0000

heap

page read and write

8DC000

heap

page read and write

899000

heap

page read and write

7432000

unkown

page readonly

8D6000

heap

page read and write

7462000

unkown

page readonly

50A0000

direct allocation

page read and write

8DC000

heap

page read and write

742B000

unkown

page readonly

8DC000

heap

page read and write

8DC000

heap

page read and write

87C000

heap

page read and write

8DC000

heap

page read and write

850F000

unkown

page readonly

5728000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

5560000

heap

page read and write

1B1000

unkown

page execute read

8DC000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

57E8000

heap

page read and write

60F0000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

6830000

direct allocation

page read and write

2DA0000

heap

page read and write

2D90000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

2EA1000

heap

page read and write

5521000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

6EB0000

direct allocation

page read and write

56A1000

heap

page read and write

8DC000

heap

page read and write

72BD000

unkown

page readonly

8DC000

heap

page read and write

8DC000

heap

page read and write

5660000

heap

page read and write

57A3000

heap

page read and write

8B0000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

56A0000

heap

page read and write

5728000

heap

page read and write

3185000

heap

page read and write

8D6000

heap

page read and write

55A0000

heap

page read and write

8D6000

heap

page read and write

1FB1000

unkown

page execute read

8D6000

heap

page read and write

8D6000

heap

page read and write

5620000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

6132000

heap

page read and write

1B0000

unkown

page readonly

7460000

unkown

page readonly

7462000

unkown

page readonly

8D6000

heap

page read and write

7537000

direct allocation

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

89C000

heap

page read and write

61B1000

heap

page read and write

8D6000

heap

page read and write

15B1000

unkown

page execute read

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

6C7D000

unkown

page readonly

BB1000

unkown

page execute read

55E0000

heap

page read and write

8A8000

heap

page read and write

8D6000

heap

page read and write

40A000

unkown

page write copy

62F0000

heap

page read and write

8DC000

heap

page read and write

6330000

heap

page read and write

72B7000

unkown

page readonly

8DC000

heap

page read and write

8D6000

heap

page read and write

55A1000

heap

page read and write

5450000

direct allocation

page read and write

8DC000

heap

page read and write

62B1000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

5829000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

4D60000

direct allocation

page read and write

8D6000

heap

page read and write

898000

heap

page read and write

3183000

heap

page read and write

8DC000

heap

page read and write

15B1000

unkown

page execute read

8D6000

heap

page read and write

8DC000

heap

page read and write

5728000

heap

page read and write

60B1000

heap

page read and write

8DC000

heap

page read and write

8B0000

heap

page read and write

8D6000

heap

page read and write

5728000

heap

page read and write

8DC000

heap

page read and write

6230000

heap

page read and write

8D6000

heap

page read and write

2B10000

heap

page read and write

2CF0000

direct allocation

page read and write

8DC000

heap

page read and write

62B2000

heap

page read and write

8DC000

heap

page read and write

2D21000

heap

page read and write

8D6000

heap

page read and write

60B1000

heap

page read and write

5823000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8DF000

heap

page read and write

8DC000

heap

page read and write

5828000

heap

page read and write

8D6000

heap

page read and write

56A0000

heap

page read and write

8DC000

heap

page read and write

5920000

direct allocation

page read and write

8D6000

heap

page read and write

58A9000

heap

page read and write

47B1000

unkown

page execute read

5020000

heap

page read and write

5661000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

850E000

unkown

page execute read

8D6000

heap

page read and write

8D6000

heap

page read and write

6332000

heap

page read and write

8A1000

heap

page read and write

401000

unkown

page execute read

6170000

heap

page read and write

8D6000

heap

page read and write

2C74000

heap

page read and write

BB1000

unkown

page execute read

8D6000

heap

page read and write

7432000

unkown

page readonly

5862000

heap

page read and write

8DC000

heap

page read and write

56A0000

heap

page read and write

62F1000

heap

page read and write

61B0000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

2CF8000

heap

page read and write

6C85000

unkown

page readonly

5029000

heap

page read and write

33B1000

unkown

page execute read

8DC000

heap

page read and write

8DC000

heap

page read and write

72B7000

unkown

page readonly

15B1000

unkown

page execute read

2E1F000

stack

page read and write

72AC000

unkown

page readonly

6070000

heap

page read and write

8A8000

heap

page read and write

8DC000

heap

page read and write

7447000

unkown

page readonly

8DC000

heap

page read and write

8DC000

heap

page read and write

5722000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

61B1000

heap

page read and write

8DC000

heap

page read and write

896000

heap

page read and write

5728000

heap

page read and write

5822000

heap

page read and write

55A0000

heap

page read and write

2C74000

heap

page read and write

7E5F000

unkown

page readonly

8A0000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8E9000

heap

page read and write

65B1000

unkown

page execute read

850F000

unkown

page readonly

2D5E000

stack

page read and write

72C1000

unkown

page readonly

2E20000

heap

page read and write

8DC000

heap

page read and write

72AC000

unkown

page readonly

2DDE000

stack

page read and write

2C74000

heap

page read and write

6070000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

850B000

unkown

page execute read

3660000

heap

page read and write

5BB1000

unkown

page execute read

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

6271000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

72D7000

unkown

page readonly

515E000

direct allocation

page read and write

2DE0000

heap

page read and write

1B1000

unkown

page execute read

1FB1000

unkown

page execute read

5120000

direct allocation

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

29B1000

unkown

page execute read

8B0000

heap

page read and write

8DC000

heap

page read and write

33B1000

unkown

page execute read

51B1000

unkown

page execute read

313E000

stack

page read and write

47B1000

unkown

page execute read

61F0000

heap

page read and write

896000

heap

page read and write

8DC000

heap

page read and write

850E000

unkown

page execute read

812A000

unkown

page write copy

5E20000

direct allocation

page read and write

8D6000

heap

page read and write

5621000

heap

page read and write

8D6000

heap

page read and write

1FB1000

unkown

page execute read

8DC000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

5C20000

direct allocation

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

65B1000

unkown

page execute read

63B0000

heap

page read and write

8DC000

heap

page read and write

8F5000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

2C00000

heap

page read and write

2BF0000

trusted library allocation

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

33B1000

unkown

page execute read

8DC000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8141000

unkown

page write copy

8D6000

heap

page read and write

62B1000

heap

page read and write

8DC000

heap

page read and write

6C85000

unkown

page readonly

8DC000

heap

page read and write

6270000

heap

page read and write

7E5F000

unkown

page readonly

8DC000

heap

page read and write

8A0000

heap

page read and write

72BD000

unkown

page readonly

72E1000

unkown

page readonly

5123000

heap

page read and write

56A1000

heap

page read and write

3182000

heap

page read and write

8DC000

heap

page read and write

2D21000

heap

page read and write

8D6000

heap

page read and write

2C33000

heap

page read and write

57A8000

heap

page read and write

2CF0000

direct allocation

page read and write

742E000

unkown

page readonly

1B1000

unkown

page execute read

8DC000

heap

page read and write

8D6000

heap

page read and write

5233000

heap

page read and write

5BB1000

unkown

page execute read

8D6000

heap

page read and write

54D0000

direct allocation

page read and write

8E3000

heap

page read and write

562A000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

2DF0000

heap

page read and write

5026000

heap

page read and write

60F0000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

60F1000

heap

page read and write

8D6000

heap

page read and write

7460000

unkown

page readonly

73F0000

direct allocation

page read and write

2F90000

heap

page read and write

8DC000

heap

page read and write

6371000

heap

page read and write

8DC000

heap

page read and write

817D000

unkown

page write copy

8D6000

heap

page read and write

352F000

stack

page read and write

8D6000

heap

page read and write

29B1000

unkown

page execute read

8A8000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

2DA0000

heap

page read and write

29B1000

unkown

page execute read

8B0000

heap

page read and write

5728000

heap

page read and write

342F000

unkown

page read and write

6970000

direct allocation

page read and write

8A8000

heap

page read and write

5822000

heap

page read and write

8E9000

heap

page read and write

57A9000

heap

page read and write

61F1000

heap

page read and write

8E9000

heap

page read and write

72E1000

unkown

page readonly

8DC000

heap

page read and write

5521000

heap

page read and write

8DC000

heap

page read and write

15B1000

unkown

page execute read

2DE0000

heap

page read and write

8D6000

heap

page read and write

817D000

unkown

page write copy

8DC000

heap

page read and write

5C20000

direct allocation

page read and write

3160000

heap

page read and write

62F1000

heap

page read and write

8DC000

heap

page read and write

5025000

heap

page read and write

6C30000

direct allocation

page read and write

2EA1000

heap

page read and write

850B000

unkown

page execute read

8D6000

heap

page read and write

8A1000

heap

page read and write

59B000

unkown

page readonly

57A2000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

5228000

heap

page read and write

2C34000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

58A9000

heap

page read and write

2D9F000

stack

page read and write

8141000

unkown

page write copy

8D6000

heap

page read and write

5560000

heap

page read and write

2C20000

heap

page read and write

8D6000

heap

page read and write

5722000

heap

page read and write

742E000

unkown

page readonly

8D6000

heap

page read and write

8A0000

heap

page read and write

1B1000

unkown

page execute read

51B1000

unkown

page execute read

60B1000

heap

page read and write

6C74000

unkown

page readonly

8D6000

heap

page read and write

5728000

heap

page read and write

8A1000

heap

page read and write

8D6000

heap

page read and write

2C34000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

56A0000

heap

page read and write

6131000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

BB1000

unkown

page execute read

1B0000

unkown

page readonly

8D6000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

60F1000

heap

page read and write

8A0000

heap

page read and write

316A000

heap

page read and write

8A0000

heap

page read and write

55E0000

heap

page read and write

56A0000

heap

page read and write

56A0000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

2DA1000

heap

page read and write

1B0000

unkown

page readonly

5622000

heap

page read and write

8DF000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

8A0000

heap

page read and write

8DC000

heap

page read and write

7447000

unkown

page readonly

8DC000

heap

page read and write

52CA000

direct allocation

page read and write

61F1000

heap

page read and write

8DC000

heap

page read and write

8B0000

heap

page read and write

534D000

heap

page read and write

8D6000

heap

page read and write

408000

unkown

page readonly

8D6000

heap

page read and write

887000

heap

page read and write

5560000

heap

page read and write

47B1000

unkown

page execute read

8DC000

heap

page read and write

8B0000

heap

page read and write

8DC000

heap

page read and write

2DDE000

unkown

page read and write

60F0000

heap

page read and write

30FD000

stack

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

56A0000

heap

page read and write

2AAD000

stack

page read and write

8D6000

heap

page read and write

BB1000

unkown

page execute read

8A0000

heap

page read and write

502D000

heap

page read and write

8D6000

heap

page read and write

55A1000

heap

page read and write

5222000

heap

page read and write

6031000

heap

page read and write

5723000

heap

page read and write

72CC000

unkown

page readonly

8DC000

heap

page read and write

5662000

heap

page read and write

8D6000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

8A8000

heap

page read and write

8D6000

heap

page read and write

6230000

heap

page read and write

2B20000

heap

page read and write

8D6000

heap

page read and write

400000

unkown

page readonly

8D6000

heap

page read and write

2C2D000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

5822000

heap

page read and write

2C27000

heap

page read and write

812A000

unkown

page write copy

72C1000

unkown

page readonly

6C7D000

unkown

page readonly

8DC000

heap

page read and write

8DC000

heap

page read and write

8DC000

heap

page read and write

87C000

heap

page read and write

5728000

heap

page read and write

56E0000

heap

page read and write

8B0000

heap

page read and write

768F000

direct allocation

page read and write

8D6000

heap

page read and write

57E2000

heap

page read and write

8DC000

heap

page read and write

8D6000

heap

page read and write

5721000

heap

page read and write

6130000

heap

page read and write

There are 521 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ShadowFury.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportShadowFury.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
ShadowFury.exe