Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe

"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6188
Target ID:	0
Parent PID:	4056
Name:	INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Path:	C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Commandline:	"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
Size:	761864
MD5:	A20E41F9774504D4BACE9A2A8A7989C6
Time:	07:40:56
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe70000
Modulesize:	770048
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe

"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3720
Target ID:	3
Parent PID:	6188
Name:	INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Path:	C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Commandline:	"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
Size:	761864
MD5:	A20E41F9774504D4BACE9A2A8A7989C6
Time:	07:40:57
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	770048
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe

"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5652
Target ID:	4
Parent PID:	6188
Name:	INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Path:	C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe
Commandline:	"C:\Users\user\Desktop\INQ No. HDPE-16-GM-00- PI-INQ-3001.exe"
Size:	761864
MD5:	A20E41F9774504D4BACE9A2A8A7989C6
Time:	07:40:57
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	270336
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe

"C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3652
Target ID:	20
Parent PID:	5652
Name:	yTVsQcNOAKqLIKj.exe
Path:	C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
Commandline:	"C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	07:41:16
Date:	26/04/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x810000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\replace.exe

"C:\Windows\SysWOW64\replace.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7644
Target ID:	21
Parent PID:	3652
Name:	replace.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\replace.exe
Commandline:	"C:\Windows\SysWOW64\replace.exe"
Size:	18944
MD5:	A7F2E9DD9DE1396B1250F413DA2F6C08
Time:	07:41:18
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x610000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe

"C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2912
Target ID:	22
Parent PID:	7644
Name:	yTVsQcNOAKqLIKj.exe
Path:	C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe
Commandline:	"C:\Program Files (x86)\BWNcXboUArXjpcYYhgQQHYMSOdiQYmJVkPEFMgIoTAWDCggbmmanhWchB\yTVsQcNOAKqLIKj.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	08:45:09
Date:	26/04/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x810000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7876
Target ID:	24
Parent PID:	7644
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	08:45:22
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff722870000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 1380

Details

Is windows:	true
Is dropped:	false
PID:	5376
Target ID:	7
Parent PID:	6188
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 1380
Size:	483680
MD5:	C31336C1EFC2CCB44B4326EA793040F2
Time:	07:40:57
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x140000
Modulesize:	499712
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.solesense.pro/aleu/

91.195.240.19

http://www.paydayloans3.shop/aleu/?MzYDklf=jXFvQTK4oWsNW5HaVP0aKlBegUUeN16TTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZnRruwwT6g/D0s8W22E0wG3Y43Svl+j8+gYa6G242ZIg/F531ut75LnnH&PHaLL=ePmHKpKXdtoDqXh

64.190.62.22

http://www.solesense.pro/aleu/?MzYDklf=Fsk+9Ugrf6MFs9mchnETM+3QD2cthhCQsqu2PahB1CBPiKPkA/hmNXSF9ivWSGs/4CiX0i2cy0l6l8SVSxzUF3Q4RMAPDGkyPIDahDw1KMSvyAVfpPYGa57LB1vixmbDZ7oyoAgNkZW7&PHaLL=ePmHKpKXdtoDqXh

91.195.240.19

http://www.theertyuiergthjk.homes/aleu/?MzYDklf=KKNe6rdgfNo6Wq6sMccsECj9DruDiqz0V/YBvfR/8knlzlDvcza3RWVYHFV7uOHMzESi0Z4HuGcox/fHqa9ciWlD8AlULX7tFKEX0vEvV/3H5nGwz5PpKkk9QKafXX45AA2PEYjdzWMv&PHaLL=ePmHKpKXdtoDqXh

205.234.233.38

http://www.theertyuiergthjk.homes/aleu/

205.234.233.38

http://www.valentinaetommaso.it/aleu/?MzYDklf=qJYbYwaLgLDJAMSHMJQaEOr73chNsD5VMq73qeoAA4dzyQoAh+hTVoh+ah/e183iVnKHGTOXkcX7G8t3YRyjXe/ogXVNID+KtV4n0lPZ2DbPfuvRPmVg0GTYTl/4fOclA5m+2/uM8Ymx&PHaLL=ePmHKpKXdtoDqXh

3.125.172.46

http://www.skibinscy-finanse.pl/aleu/?MzYDklf=N0v49flUUQfEWOo/aE7OdIaJv4xdfmBs7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sN/a7W8oTa9PDfIw3FkTWG11zhaPiohVHadQfG1I8c2eUqprtDPLWhOJ9&PHaLL=ePmHKpKXdtoDqXh

178.211.137.59

http://www.paydayloans3.shop/aleu/

64.190.62.22

http://www.colchondealquiler.com/aleu/

217.76.128.34

http://www.polhi.lol/aleu/

91.195.240.19

http://www.fairmarty.top/aleu/

203.161.46.103

http://www.83634.cn/aleu/

103.93.124.160

http://www.skibinscy-finanse.pl/aleu/

178.211.137.59

http://www.colchondealquiler.com/aleu/?MzYDklf=heiUU9lLv45IJG5Wd6LJBmuSZbtDNHx122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUglop6X2S27Gspv7OD0R2VJ9wdDlZRLUHIVLQGAdIrEvlBBmGQJQcRJvk2sI&PHaLL=ePmHKpKXdtoDqXh

217.76.128.34

http://www.83634.cn/aleu/?MzYDklf=/mfxaTJBOgt3JDZkoxaXbiWRJO3cof11tbJm5eA1/p+8DdahBUuKuoWdPETp4wIg5O58ph7A0hS6+wjYiiGEtJ1bmNcMNYXAdylBBvNZ9o6IpjigtOzYHQeGXYHcYUjCnGBIU602CyDs&PHaLL=ePmHKpKXdtoDqXh

103.93.124.160

http://www.aprovapapafox.com/aleu/?MzYDklf=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5GrlDAC6fqoF7t8GqbmfMFKfVEQELjrUu0IX3uTvnqRm05V4BpU+RhfzS&PHaLL=ePmHKpKXdtoDqXh

162.240.81.18

http://www.valentinaetommaso.it/aleu/

3.125.172.46

http://www.fairmarty.top/aleu/?MzYDklf=1EzsQVnX0vVrGxBYNXB1u7fNxljhjRHJWEXTYZCw6Y45y9QSTO9z6ggEQaWzMFMNeg7sTl3Zf11WKrZHAcHpX9hrZ8kVd6B8qbB5+OCtdAqRU7IipAokYiIG2rDB/a+dgcBIv0Zff4BY&PHaLL=ePmHKpKXdtoDqXh

203.161.46.103

http://www.aprovapapafox.com/aleu/

162.240.81.18

https://duckduckgo.com/chrome_newtab

unknown

https://assets.iv.lt/header.html

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/0q/0q2/0q229t.css?ph=cb3a78e957

unknown

https://duckduckgo.com/ac/?q=

unknown

https://ogp.me/ns#

unknown

https://d1di2lzuh97fh2.cloudfront.net/client/js.polyfill/container-query-polyfill.modern.js

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/2q/2qj/2qjoy2.css?ph=cb3a78e957

unknown

https://www.iv.lt/domenai/

unknown

http://nginx.net/

unknown

https://oblzpezqqfxqijsk.app

unknown

http://fedoraproject.org/

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/2d/2di/2div3h.svg?ph=cb3a78e957

unknown

https://www.webnode.it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campaign=signature

unknown

https://www.arsys.es/herramientas/sms?utm_source=parking&utm_medium=link&utm_campaign=sms

unknown

https://www.arsys.es/soluciones?utm_source=parking&utm_medium=link&utm_campaign=solutions

unknown

https://assets.iv.lt/images/thumbnail.png

unknown

https://www.iv.lt/duomenu-centras/

unknown

https://www.arsys.es/hosting/wordpress?utm_source=parking&utm_medium=link&utm_campaign=wordp

unknown

https://www.iv.lt/profesionalus-hostingas/

unknown

https://www.arsys.es/dominios/buscar?utm_source=parking&utm_medium=link&utm_campaign=dominio

unknown

https://api2.wanjd.cn/h5_share/ads/zs

unknown

https://www.valentinaetommaso.it/page-not-found-404/

unknown

https://assets.iv.lt/footer.html

unknown

https://www.arsys.es/servidores/vps?utm_source=parking&utm_medium=link&utm_campaign=vps

unknown

https://d1di2lzuh97fh2.cloudfront.net

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://www.iv.lt/

unknown

https://www.ecosia.org/newtab/

unknown

https://www.arsys.es/dominios?utm_source=parking&utm_medium=link&utm_campaign=dominios

unknown

https://oss.wanjd.cn/owx/read/20230906001.png

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/2j/2jh/2jh1ov.css?ph=cb3a78e957

unknown

https://www.iv.lt/vps-serveriai/

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/32/32i/32i65q.css?ph=cb3a78e957

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/4a/4a3/4a3t1k.css?ph=cb3a78e957

unknown

https://klientams.iv.lt/

unknown

https://arsys.es/css/parking2.css

unknown

https://www.webnode.com/it/?utm_source=text&utm_medium=footer&utm_content=wnd2&utm_campa

unknown

https://oss.wanjd.cn/owx/read/wx-read/cos/js/flexible.js

unknown

https://www.arsys.es/hosting/revendedores?utm_source=parking&utm_medium=link&utm_campaign=re

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/13/13s/13s9j7.css?ph=cb3a78e957

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/01/01h/01hx1m.css?ph=cb3a78e957

unknown

https://www.arsys.es?utm_source=parking&utm_medium=link&utm_campaign=arsys

unknown

https://www.arsys.es/servidores/cloud?utm_source=parking&utm_medium=link&utm_campaign=cloud

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/04/04p/04pi85.css?ph=cb3a78e957

unknown

https://www.arsys.es/servidores/dedicados?utm_source=parking&utm_medium=link&utm_campaign=de

unknown

https://events.webnode.com/projects/-/events/

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/07/07f/07fzq8.svg?ph=cb3a78e957

unknown

https://assets.iv.lt/default.css

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/1e/1em/1empxr.js?ph=cb3a78e957

unknown

https://oss.wanjd.cn/owx/read/wx-read/cos/css/llc.css?ver=0002

unknown

https://assets.iv.lt/images/icon.png

unknown

https://oss.wanjd.cn/owx/read/wx-read/cos/css/index.css?ver=0009

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://oss.wanjd.cn/owx/read/wx-read/cos/css/hui/hui.css?v=0001

unknown

https://www.arsys.es/backup?utm_source=parking&utm_medium=link&utm_campaign=backup

unknown

https://www.arsys.es/hosting?utm_source=parking&utm_medium=link&utm_campaign=hosting

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=cb3a78e957

unknown

https://www.iv.lt/talpinimo-planai/

unknown

https://www.arsys.es/dominios/gestion?utm_source=parking&utm_medium=link&utm_campaign=resell

unknown

https://www.arsys.es/dominios/ssl?utm_source=parking&utm_medium=link&utm_campaign=ssl

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/2j/2jy/2jy5g9.css?ph=cb3a78e957

unknown

https://www.iv.lt/neribotas-svetainiu-talpinimas/

unknown

http://upx.sf.net

unknown

https://www.iv.lt/svetainiu-kurimo-irankis/

unknown

https://www.arsys.es/crear/tienda?utm_source=parking&utm_medium=link&utm_campaign=tiendas

unknown

https://oss.wanjd.cn/owx/ys_share/daily/back1.png

unknown

https://www.chiark.greenend.org.uk/~sgtatham/putty/0

unknown

https://www.arsys.es/partners?utm_source=parking&utm_medium=link&utm_campaign=partners

unknown

https://www.iv.lt/el-pasto-filtras/

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://www.arsys.es/herramientas/seo?utm_source=parking&utm_medium=link&utm_campaign=seo

unknown

https://oss.wanjd.cn/owx/read/wx-read/cos/css/animate.min.css?v=20230919001

unknown

https://www.arsys.es/correo?utm_source=parking&utm_medium=link&utm_campaign=correo

unknown

https://d1di2lzuh97fh2.cloudfront.net/files/0e/0e7/0e7xip.css?ph=cb3a78e957

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://www.solesense.pro

unknown

https://www.iv.lt/sertifikatai/

unknown

There are 87 hidden URLs, click here to show them.

Domains

Name

Malicious

www.theertyuiergthjk.homes

205.234.233.38

www.maxiwalls.com

79.98.25.1

www.skibinscy-finanse.pl

178.211.137.59

www.paydayloans3.shop

64.190.62.22

aprovapapafox.com

162.240.81.18

vf3ba6qx.as22566.com

103.93.124.160

lb.webnode.io

3.125.172.46

www.colchondealquiler.com

217.76.128.34

www.fairmarty.top

203.161.46.103

www.choosejungmann.com

unknown

www.toyzonetshirts.com

unknown

www.83634.cn

unknown

www.aprovapapafox.com

unknown

www.www60270.xyz

unknown

www.avoshield.com

unknown

www.polhi.lol

unknown

www.valentinaetommaso.it

unknown

www.onitsuka-ksa.com

unknown

www.solesense.pro

unknown

parkingpage.namecheap.com

91.195.240.19

fix01.pfw.djamxtvyk.cloudland3.com

52.175.38.24

There are 11 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

162.240.81.18

aprovapapafox.com

United States

205.234.233.38

www.theertyuiergthjk.homes

United States

79.98.25.1

www.maxiwalls.com

Lithuania

217.76.128.34

www.colchondealquiler.com

Spain

178.211.137.59

www.skibinscy-finanse.pl

Ukraine

3.125.172.46

lb.webnode.io

United States

64.190.62.22

www.paydayloans3.shop

United States

203.161.46.103

www.fairmarty.top

Malaysia

103.93.124.160

vf3ba6qx.as22566.com

Hong Kong

52.175.38.24

fix01.pfw.djamxtvyk.cloudland3.com

United States

91.195.240.19

parkingpage.namecheap.com

Germany

There are 1 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

ProgramId

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

FileId

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

LowerCaseLongPath

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

LongPathHash

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

Name

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

OriginalFileName

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

Publisher

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

Version

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

BinFileVersion

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

BinaryType

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

ProductName

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

ProductVersion

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

LinkDate

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

BinProductVersion

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

AppxPackageFullName

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

AppxPackageRelativeId

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

Size

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

Language

\REGISTRY\A\{f105419b-87db-b154-2243-09046bad9622}\Root\InventoryApplicationFile\inq no. hdpe-16-|2f0a13c7b725aa96

Usn

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount

There are 11 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

4219000

trusted library allocation

page read and write

58F0000

system

page execute and read and write

2930000

system

page execute and read and write

E40000

unclassified section

page execute and read and write

400000

remote allocation

page execute and read and write

2FE0000

trusted library allocation

page read and write

2790000

unclassified section

page execute and read and write

91B0000

trusted library section

page read and write

3AF0000

unkown

page execute and read and write

3020000

trusted library allocation

page read and write

2E2A000

heap

page read and write

B6F0000

trusted library allocation

page read and write

2EE1000

heap

page read and write

28BB000

stack

page read and write

3211000

trusted library allocation

page read and write

11E8000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

F50000

unkown

page readonly

2EE1000

heap

page read and write

800000

unkown

page read and write

7DD2000

heap

page read and write

2EE1000

heap

page read and write

3180000

trusted library allocation

page read and write

580000

unkown

page readonly

35A2000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

7DDA000

heap

page read and write

4211000

trusted library allocation

page read and write

827000

unkown

page readonly

570000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

7D89000

heap

page read and write

2EE1000

heap

page read and write

2DA7000

heap

page read and write

30F0000

unkown

page execute and read and write

4B0000

unkown

page readonly

16F0000

trusted library allocation

page read and write

2EE1000

heap

page read and write

16B0000

unkown

page readonly

2EE1000

heap

page read and write

53AA000

stack

page read and write

2EE1000

heap

page read and write

7D74000

heap

page read and write

58B3000

heap

page read and write

651F000

stack

page read and write

811000

unkown

page execute read

2EE1000

heap

page read and write

2491FE0F000

trusted library allocation

page read and write

5E20000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

827000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

49EA000

unkown

page read and write

E3F000

stack

page read and write

5790000

heap

page read and write

F50000

unkown

page readonly

2E41000

heap

page read and write

2EE1000

heap

page read and write

1814000

trusted library allocation

page read and write

7D40000

trusted library allocation

page read and write

13D0000

heap

page read and write

16B0000

heap

page read and write

2DAB000

heap

page read and write

EA0000

direct allocation

page execute and read and write

1391000

unkown

page readonly

2E4A000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EEF000

heap

page read and write

5B20000

trusted library section

page readonly

2EE1000

heap

page read and write

14AE000

stack

page read and write

18C8000

heap

page read and write

2EE1000

heap

page read and write

5952000

system

page execute and read and write

5AEC000

unkown

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2491E2F0000

heap

page read and write

B800000

trusted library section

page read and write

77B0000

trusted library section

page read and write

825000

unkown

page read and write

2EE1000

heap

page read and write

32A2000

unkown

page read and write

2491FFCE000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2DBC000

heap

page read and write

1000000

unkown

page readonly

57B0000

heap

page execute and read and write

393C000

unclassified section

page read and write

31EB000

stack

page read and write

13E8000

heap

page read and write

14F0000

heap

page read and write

2EE1000

heap

page read and write

5711000

trusted library allocation

page read and write

2EE1000

heap

page read and write

31E2000

unkown

page read and write

2DB0000

heap

page read and write

1000000

unkown

page readonly

57C0000

trusted library allocation

page execute and read and write

2491E1F0000

heap

page read and write

2F40000

heap

page read and write

2EE1000

heap

page read and write

3060000

trusted library allocation

page read and write

54C000

stack

page read and write

2EE1000

heap

page read and write

7D5B000

heap

page read and write

2EE1000

heap

page read and write

3012000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

16AF000

stack

page read and write

2EE1000

heap

page read and write

1E092000

system

page read and write

2DB2000

heap

page read and write

244E000

stack

page read and write

2EE1000

heap

page read and write

9D0000

direct allocation

page read and write

4858000

unkown

page read and write

13A0000

unkown

page read and write

2EE1000

heap

page read and write

5E30000

trusted library allocation

page execute and read and write

59B0000

trusted library allocation

page read and write

6520000

heap

page read and write

7D65000

heap

page read and write

1E152000

system

page read and write

FCA000

stack

page read and write

81E000

unkown

page readonly

2DB6000

heap

page read and write

800000

unkown

page read and write

2EE1000

heap

page read and write

49B4000

unclassified section

page read and write

7BE0000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

12FC000

stack

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

1840000

trusted library allocation

page read and write

2EE1000

heap

page read and write

560000

unkown

page readonly

2EE1000

heap

page read and write

81E000

unkown

page readonly

1587000

heap

page read and write

3EEC000

unkown

page read and write

3531000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

407E000

unkown

page read and write

2EE1000

heap

page read and write

7DA75FF000

stack

page read and write

7D49000

heap

page read and write

2C53000

unclassified section

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

7860000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

1380000

heap

page read and write

2E76000

heap

page read and write

7D68000

heap

page read and write

2491E321000

heap

page read and write

E00000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

1830000

trusted library allocation

page read and write

FCA000

stack

page read and write

2EE1000

heap

page read and write

1390000

unclassified section

page execute and read and write

1320000

unkown

page readonly

5C8E000

stack

page read and write

2600000

unkown

page readonly

181D000

trusted library allocation

page execute and read and write

33FE000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

5218000

trusted library allocation

page read and write

2EE1000

heap

page read and write

7D94000

heap

page read and write

38A4000

unkown

page read and write

811000

unkown

page execute read

2EE1000

heap

page read and write

D3F000

stack

page read and write

2EA0000

unkown

page read and write

3497000

trusted library allocation

page read and write

2EE1000

heap

page read and write

76AE000

heap

page read and write

1847000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

6530000

heap

page read and write

35B0000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EA0000

unkown

page read and write

EBCE000

stack

page read and write

1A41000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

7CBC000

heap

page read and write

2491FAF0000

heap

page read and write

56F4000

trusted library allocation

page read and write

6EDD1000

unkown

page execute read

7DD2000

heap

page read and write

2EE1000

heap

page read and write

3722000

unclassified section

page read and write

2EE1000

heap

page read and write

CE0000

heap

page read and write

4C0000

unkown

page readonly

2EE1000

heap

page read and write

1391000

unkown

page readonly

13E8000

heap

page read and write

14BB000

heap

page read and write

2E3A000

heap

page read and write

A40000

heap

page read and write

2E7C000

heap

page read and write

2EE1000

heap

page read and write

4B46000

unclassified section

page read and write

2EE1000

heap

page read and write

34BC000

unkown

page read and write

590000

heap

page read and write

2EE1000

heap

page read and write

7DBF000

heap

page read and write

5E0000

unkown

page read and write

2EE1000

heap

page read and write

3BC8000

unkown

page read and write

2E8E000

stack

page read and write

7DD5000

heap

page read and write

316F000

stack

page read and write

7D60000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

D00000

heap

page read and write

116D000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

1151000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

851E000

stack

page read and write

7810000

trusted library allocation

page read and write

2EE1000

heap

page read and write

31F0000

trusted library allocation

page read and write

57A0000

heap

page read and write

2EE1000

heap

page read and write

1166000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

5B45000

heap

page read and write

183A000

trusted library allocation

page execute and read and write

595C000

system

page execute and read and write

3D5A000

unkown

page read and write

2E44000

heap

page read and write

2EE1000

heap

page read and write

4FFC000

unclassified section

page read and write

2EE1000

heap

page read and write

34B0000

trusted library allocation

page read and write

2EE1000

heap

page read and write

E70000

unkown

page readonly

2E13000

heap

page read and write

5DE000

stack

page read and write

5F1000

unkown

page readonly

5899000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2491FFAE000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2E09000

heap

page read and write

2EE1000

heap

page read and write

2E04000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

8FA000

stack

page read and write

2EE1000

heap

page read and write

7CB8000

heap

page read and write

2EE1000

heap

page read and write

825000

unkown

page read and write

5870000

trusted library allocation

page read and write

31E2000

unkown

page read and write

2F44000

heap

page read and write

2EE1000

heap

page read and write

5DCE000

stack

page read and write

1396000

heap

page read and write

2F44000

heap

page read and write

81E000

unkown

page readonly

30B8000

heap

page read and write

31A0000

heap

page execute and read and write

2C94000

heap

page read and write

810000

unkown

page readonly

93C000

stack

page read and write

F40000

unkown

page readonly

2EE1000

heap

page read and write

5B40000

heap

page read and write

4822000

unclassified section

page read and write

B20000

unkown

page readonly

2EE1000

heap

page read and write

1300000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

7DCC000

heap

page read and write

18AE000

stack

page read and write

2EE1000

heap

page read and write

CF0000

unkown

page read and write

44FE000

unclassified section

page read and write

28F8000

stack

page read and write

7CA0000

heap

page read and write

2EE1000

heap

page read and write

3180000

trusted library allocation

page read and write

F40000

unkown

page readonly

2E90000

heap

page read and write

2EE1000

heap

page read and write

2E09000

heap

page read and write

13D6000

heap

page read and write

2EE1000

heap

page read and write

2491E2FA000

heap

page read and write

2EE1000

heap

page read and write

3742000

trusted library allocation

page read and write

25F0000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

12FC000

stack

page read and write

81E000

unkown

page readonly

14F2000

heap

page read and write

2E16000

heap

page read and write

2491FE00000

trusted library allocation

page read and write

91AF000

stack

page read and write

2EE1000

heap

page read and write

13C0000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

46C6000

unkown

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

5E0E000

stack

page read and write

7D8F000

heap

page read and write

52A000

stack

page read and write

3260000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

180E000

stack

page read and write

4A0000

unkown

page readonly

855F000

stack

page read and write

7DCF000

heap

page read and write

5B30000

heap

page read and write

1330000

heap

page read and write

7820000

trusted library section

page read and write

2EE1000

heap

page read and write

810000

unkown

page readonly

2EE1000

heap

page read and write

7DBC000

heap

page read and write

2E58000

heap

page read and write

18C0000

heap

page read and write

B30000

heap

page read and write

2E1D000

heap

page read and write

2EE1000

heap

page read and write

D29000

unkown

page read and write

D28000

unkown

page read and write

2EE1000

heap

page read and write

D00000

heap

page read and write

14D8000

heap

page read and write

1310000

unkown

page readonly

2EE1000

heap

page read and write

3D24000

unclassified section

page read and write

811000

unkown

page execute read

30EF000

stack

page read and write

5E50000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

2FE0000

trusted library allocation

page read and write

7CAC000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2491E31F000

heap

page read and write

2EE1000

heap

page read and write

1380000

unkown

page read and write

137E000

stack

page read and write

2EE1000

heap

page read and write

5CCE000

stack

page read and write

2EE1000

heap

page read and write

4CD8000

unclassified section

page read and write

7DA85FE000

stack

page read and write

5890000

trusted library allocation

page read and write

5320000

unclassified section

page read and write

D24000

heap

page read and write

3060000

heap

page read and write

2EE1000

heap

page read and write

2491E330000

heap

page read and write

5F1000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

810000

unkown

page readonly

2EE1000

heap

page read and write

2F40000

heap

page read and write

1823000

trusted library allocation

page read and write

810000

unkown

page readonly

3389000

direct allocation

page execute and read and write

1E36C000

system

page read and write

30B9000

heap

page read and write

77C1000

trusted library allocation

page read and write

FC9000

direct allocation

page execute and read and write

5B8E000

stack

page read and write

13C0000

unkown

page readonly

B20000

unkown

page readonly

4E6A000

unclassified section

page read and write

2DAA000

heap

page read and write

58A0000

trusted library allocation

page execute and read and write

2EE0000

heap

page read and write

811000

unkown

page execute read

F60000

unkown

page readonly

2EE1000

heap

page read and write

26F0000

unkown

page execute and read and write

4B7C000

unkown

page read and write

184B000

trusted library allocation

page execute and read and write

436C000

unclassified section

page read and write

2491FE03000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2C94000

heap

page read and write

182D000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

14B0000

heap

page read and write

254F000

stack

page read and write

CE4000

heap

page read and write

2EE1000

heap

page read and write

3662000

unclassified section

page read and write

7DA7DFE000

stack

page read and write

78D0000

trusted library allocation

page execute and read and write

90AE000

stack

page read and write

2F1C000

unkown

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

77A0000

trusted library allocation

page execute and read and write

7D50000

heap

page read and write

2EE1000

heap

page read and write

1836000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

4048000

unclassified section

page read and write

43A2000

unkown

page read and write

2EE1000

heap

page read and write

52A000

stack

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

153B000

heap

page read and write

CE0000

heap

page read and write

5750000

trusted library allocation

page read and write

5730000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

14E5000

heap

page read and write

78BE000

stack

page read and write

2EE1000

heap

page read and write

2DAB000

heap

page read and write

2EE1000

heap

page read and write

7DC3000

heap

page read and write

2EE1000

heap

page read and write

12F7000

stack

page read and write

59C0000

trusted library allocation

page read and write

2EE1000

heap

page read and write

30A0000

heap

page read and write

659E000

stack

page read and write

6EDEF000

unkown

page readonly

7E50000

trusted library allocation

page read and write

4A80000

trusted library allocation

page read and write

2EE1000

heap

page read and write

13FF000

heap

page read and write

62A0000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

1E754000

system

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

34BC000

unkown

page read and write

7DC4000

heap

page read and write

2E72000

heap

page read and write

2C94000

heap

page read and write

7D99000

heap

page read and write

7D51000

heap

page read and write

76A0000

heap

page read and write

B658000

heap

page read and write

2FE0000

heap

page read and write

2EE1000

heap

page read and write

7870000

trusted library allocation

page read and write

590000

heap

page read and write

4C0000

unkown

page readonly

7DAE000

heap

page read and write

1330000

heap

page read and write

58B0000

heap

page read and write

7DA8DFF000

stack

page read and write

2EE1000

heap

page read and write

2491FE21000

trusted library allocation

page read and write

56F0000

trusted library allocation

page read and write

30F0000

unkown

page readonly

1390000

heap

page read and write

2EE1000

heap

page read and write

7DB0000

heap

page read and write

825000

unkown

page read and write

5E40000

trusted library allocation

page read and write

1320000

heap

page read and write

2E34000

heap

page read and write

2E6C000

heap

page read and write

1380000

unkown

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

59CF000

system

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

D08000

heap

page read and write

2EE1000

heap

page read and write

4A0000

unkown

page readonly

1D90000

unclassified section

page execute and read and write

5E0000

unkown

page read and write

7875000

trusted library allocation

page read and write

A48000

heap

page read and write

7DB6000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2491FB10000

trusted library allocation

page read and write

580000

unkown

page readonly

2E2A000

heap

page read and write

655E000

stack

page read and write

2491FB10000

trusted library allocation

page read and write

11E8000

unkown

page read and write

2DB7000

heap

page read and write

2EE1000

heap

page read and write

E9D0000

heap

page read and write

570000

unkown

page readonly

3060000

trusted library allocation

page read and write

2EE1000

heap

page read and write

31E6000

heap

page read and write

2491FC40000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

6EDED000

unkown

page read and write

2EE1000

heap

page read and write

CF0000

unkown

page read and write

2EE1000

heap

page read and write

2C90000

heap

page read and write

2EE1000

heap

page read and write

2DBC000

heap

page read and write

4B0000

unkown

page readonly

93C000

stack

page read and write

7CE2000

heap

page read and write

2FE0000

heap

page read and write

560000

unkown

page readonly

29F0000

heap

page read and write

13D0000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

34C8000

trusted library allocation

page read and write

5A1C000

stack

page read and write

2EE1000

heap

page read and write

2491E100000

system

page execute and read and write

31E2000

heap

page read and write

827000

unkown

page readonly

18B0000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

6EDE6000

unkown

page readonly

2491FF01000

trusted library allocation

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

825000

unkown

page read and write

2EE1000

heap

page read and write

14BE000

heap

page read and write

2491FFC4000

trusted library allocation

page read and write

7DC6000

heap

page read and write

137E000

stack

page read and write

2EE1000

heap

page read and write

F28000

unkown

page readonly

460000

heap

page read and write

E00000

unkown

page readonly

B5CA000

heap

page read and write

2EB0000

unkown

page read and write

4534000

unkown

page read and write

2DA0000

heap

page read and write

2491E15C000

system

page execute and read and write

2EE1000

heap

page read and write

4C0000

heap

page read and write

D1B000

heap

page read and write

2EE1000

heap

page read and write

2491FD00000

trusted library allocation

page read and write

B30000

heap

page read and write

2E13000

heap

page read and write

1330000

heap

page read and write

1300000

unkown

page readonly

2491FB10000

trusted library allocation

page read and write

2DB6000

heap

page read and write

2491FFBE000

trusted library allocation

page read and write

2600000

unkown

page readonly

2EE1000

heap

page read and write

B0F000

stack

page read and write

3060000

trusted library allocation

page read and write

1842000

trusted library allocation

page read and write

1820000

trusted library allocation

page read and write

13E0000

heap

page read and write

2EE1000

heap

page read and write

E72000

unkown

page readonly

29A0000

heap

page read and write

338D000

direct allocation

page execute and read and write

5B1E000

stack

page read and write

2EE1000

heap

page read and write

7DA6DFB000

stack

page read and write

30F0000

unkown

page readonly

2EE1000

heap

page read and write

2491E15A000

system

page execute and read and write

2EE1000

heap

page read and write

1700000

heap

page read and write

16AF000

stack

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

F60000

unkown

page readonly

2EE1000

heap

page read and write

6EDD0000

unkown

page readonly

2EE1000

heap

page read and write

1320000

unkown

page readonly

1A40000

unkown

page readonly

CE4000

heap

page read and write

2EE1000

heap

page read and write

827000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2E2F000

heap

page read and write

352D000

direct allocation

page execute and read and write

3257000

heap

page read and write

5BE000

stack

page read and write

B40000

heap

page read and write

4EA0000

unkown

page read and write

2EE1000

heap

page read and write

570E000

trusted library allocation

page read and write

2E4E000

heap

page read and write

2DB6000

heap

page read and write

7DC9000

heap

page read and write

2EC0000

unkown

page read and write

2EE1000

heap

page read and write

5716000

trusted library allocation

page read and write

2EE1000

heap

page read and write

4C07000

trusted library allocation

page read and write

25F0000

heap

page read and write

2EE1000

heap

page read and write

1860000

trusted library allocation

page read and write

2E16000

heap

page read and write

4B1C000

trusted library allocation

page read and write

5978000

system

page execute and read and write

2EE1000

heap

page read and write

1832000

trusted library allocation

page read and write

2EE1000

heap

page read and write

571D000

trusted library allocation

page read and write

2D70000

heap

page read and write

5FE000

stack

page read and write

2491E31A000

heap

page read and write

3170000

trusted library allocation

page read and write

1810000

trusted library allocation

page read and write

5E10000

heap

page read and write

596C000

system

page execute and read and write

3190000

trusted library allocation

page read and write

3FB3000

unkown

page execute and read and write

31F5000

trusted library allocation

page read and write

D08000

heap

page read and write

1813000

trusted library allocation

page execute and read and write

2EE1000

heap

page read and write

13E0000

heap

page read and write

2491E30C000

heap

page read and write

2DC1000

heap

page read and write

41DA000

unclassified section

page read and write

4D0000

heap

page read and write

4ACE000

trusted library allocation

page read and write

3200000

heap

page read and write

FCD000

direct allocation

page execute and read and write

2EE1000

heap

page read and write

2DAD000

heap

page read and write

2E04000

heap

page read and write

FBA000

stack

page read and write

2E9A000

heap

page read and write

2EE1000

heap

page read and write

16B0000

unkown

page readonly

2EE1000

heap

page read and write

2EE1000

heap

page read and write

2EE1000

heap

page read and write

103E000

direct allocation

page execute and read and write

7850000

trusted library allocation

page read and write

13A0000

unkown

page read and write

2EE1000

heap

page read and write

7D56000

heap

page read and write

1310000

unkown

page readonly

2E1D000

heap

page read and write

There are 684 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
INQ No. HDPE-16-GM-00- PI-INQ-3001.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportINQ No. HDPE-16-GM-00- PI-INQ-3001.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
INQ No. HDPE-16-GM-00- PI-INQ-3001.exe