Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

muk.ps1

ASCII text, with very long lines (57417), with CRLF line terminators

initial sample

Details

Filetype:	ASCII text, with very long lines (57417), with CRLF line terminators
Entropy:	5.294809995188637
Filename:	muk.ps1
Filesize:	57526
MD5:	a82e8cae85be5e15c845af79b80e8832
SHA1:	757d2d98a873a08250c9ec791a7b46763cd93e9d
SHA256:	65e84d001ae66162fc4a22f9c637098e0a63c4136f48f8f833265a97596a3608
SHA512:	0f9045ef5f7bb43d5cf0cb58589f5e1106da0b33d7d6744e2ca62e4beb9666936b80eb0b7976f023f017e9fe4ad9490595640fbfb6638d6d860733cc350d04d8
SSDEEP:	768:MeMkLhsS2Gq7cDZZwzjDWWbpmyOL7mDNQ7FzrtVmJJm43uNNxNe9Q+x9UTkeo:MLihsLI/wfDWWbpmyOL7mDI34eo
Preview:	$QAADCCDGDHFTRR=[IO.Path]::Combine($env:TEMP,"JXCJKXCJHKJHXCJHKXCXCJHK.exe")..[IO.File]::WriteAllBytes($QAADCCDGDHFTRR,[Convert]::FromBase64String("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGh

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample is known by Antivirus	System Summary	Access Token Manipulation

C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Category:	dropped
Dump:	JXCJKXCJHKJHXCJHKXCXCJHK.exe.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.845237138750524
Encrypted:	false
Ssdeep:	384:mlshxLrkzAodINa01JEUgXrQ0uGcX183dVXG210Nr1NJtJ1SUBRaepwRKJyXkWCU:aFdqabbQ82K3dVXRAfJkVYfWGgFS98
Size:	43008
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Contains functionality to bypass UAC (CMSTPLUA)	Privilege Escalation	Bypass User Account Control
Detected Remcos RAT	Remote Access Functionality	Remote Access Software
Sigma detected: Remcos	Stealing of Sensitive Information
Contains functionality to register a low level keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to steal Chrome passwords or cookies	Stealing of Sensitive Information	Credentials In Files OS Credential Dumping
Contains functionality to steal Firefox passwords or cookies	Stealing of Sensitive Information	Credentials In Files
Contains functionalty to change the wallpaper	Spam, unwanted Advertisements and Ransom Demands	Defacement
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Powershell drops PE file	System Summary	PowerShell
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to download and launch executables	Persistence and Installation Behavior	Ingress Tool Transfer
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to enumerate running services	Malware Analysis System Evasion	System Service Discovery
Contains functionality to launch a control a shell (cmd.exe)	Remote Access Functionality	Command and Scripting Interpreter
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found evasive API chain checking for process token information	Malware Analysis System Evasion	Native API
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities	Obfuscated Files or Information
Found potential string decryption / allocating functions	System Summary	Obfuscated Files or Information Deobfuscate/Decode Files or Information
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses Microsoft's Enhanced Cryptographic Provider	Cryptography	Encrypted Channel
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to modify services (start/stop/modify)	System Summary	Windows Service Service Execution
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Information Discovery System Time Discovery
Contains functionality to query local drives	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to register its own exception handler	Anti Debugging
Contains functionality to start windows services	Boot Survival	Service Execution
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Program exit points	Malware Analysis System Evasion
Public key (encryption) found	Cryptography	Archive Collected Data
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JXCJKXCJHKJHXCJHKXCXCJHK.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JXCJKXCJHKJHXCJHKXCXCJHK.exe.log
Category:	dropped
Dump:	JXCJKXCJHKJHXCJHKXCXCJHK.exe.log.5.dr
ID:	dr_6
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.350509596383769
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MIHK5HKlYHKh3oPtHo6hAHKzeR
Size:	942
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading
Public key (encryption) found	Cryptography	Archive Collected Data

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

JSON data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json
Category:	dropped
Dump:	json[1].json.10.dr
ID:	dr_7
Target ID:	10
Process:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Type:	JSON data
Entropy:	5.018722888793802
Encrypted:	false
Ssdeep:	12:tkluWJmnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zz2:qlupdRNuKyGX85jvXhNlT3/7XcV7Wro
Size:	963
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Category:	dropped
Dump:	StartupProfileData-NonInteractive.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	5.381429397209473
Encrypted:	false
Ssdeep:	24:39WSKco4KmBs4RPT6BmFoUebIlmjKcmZ9tXt/NK3R8e9rq:tWSU4y4RQmFoUeUmfmZ9tlNWR82m
Size:	1216
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4triemkc.rbt.ps1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4triemkc.rbt.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_4triemkc.rbt.ps1.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2javxcs.wj2.psm1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2javxcs.wj2.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_n2javxcs.wj2.psm1.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9O7A38Z8NHXX7KZ1G4ZX.temp

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9O7A38Z8NHXX7KZ1G4ZX.temp
Category:	dropped
Dump:	9O7A38Z8NHXX7KZ1G4ZX.temp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	3.7151436185414557
Encrypted:	false
Ssdeep:	48:peNS5R8kLzr3CUU2J5j8ukvhkvklCywXmdtkY5nL7opSogZoXrCNkY5nL7opSogf:Ahkz3Cl+5pkvhkvCCtNYlLFHOYlLFHd
Size:	6221
Whitelisted:	false
Reputation:	timeout

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
Category:	dropped
Dump:	9O7A38Z8NHXX7KZ1G4ZX.temp.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	3.7151436185414557
Encrypted:	false
Ssdeep:	48:peNS5R8kLzr3CUU2J5j8ukvhkvklCywXmdtkY5nL7opSogZoXrCNkY5nL7opSogf:Ahkz3Cl+5pkvhkvCCtNYlLFHOYlLFHd
Size:	6221
Whitelisted:	false
Reputation:	timeout

Processes

Path

Cmdline

Malicious

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\muk.ps1"

Details

Is windows:	true
Is dropped:	false
PID:	7960
Target ID:	0
Parent PID:	5312
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\muk.ps1"
Size:	433152
MD5:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Time:	06:02:56
Date:	14/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x940000
Modulesize:	446464
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe

"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7616
Target ID:	5
Parent PID:	7960
Name:	JXCJKXCJHKJHXCJHKXCXCJHK.exe
Path:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"
Size:	43008
MD5:	315CD40957F3E96C56AD91D296A1CE43
Time:	06:03:01
Date:	14/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x970000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Remcos	Stealing of Sensitive Information
Yara detected Remcos RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected UAC Bypass using CMSTP	Exploits
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Creates files inside the user directory	System Summary	Masquerading
Public key (encryption) found	Cryptography	Archive Collected Data
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe

"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"

Details

Is windows:	false
Is dropped:	true
PID:	2304
Target ID:	9
Parent PID:	7616
Name:	JXCJKXCJHKJHXCJHKXCXCJHK.exe
Path:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"
Size:	43008
MD5:	315CD40957F3E96C56AD91D296A1CE43
Time:	06:03:03
Date:	14/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x450000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Remcos	Stealing of Sensitive Information
Yara detected Remcos RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected UAC Bypass using CMSTP	Exploits
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Creates files inside the user directory	System Summary	Masquerading
Public key (encryption) found	Cryptography	Archive Collected Data
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe

"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"

Details

Is windows:	false
Is dropped:	true
PID:	3324
Target ID:	10
Parent PID:	7616
Name:	JXCJKXCJHKJHXCJHKXCXCJHK.exe
Path:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"
Size:	43008
MD5:	315CD40957F3E96C56AD91D296A1CE43
Time:	06:03:03
Date:	14/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x980000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Remcos	Stealing of Sensitive Information
Yara detected Remcos RAT	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected UAC Bypass using CMSTP	Exploits
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Creates files inside the user directory	System Summary	Masquerading
Public key (encryption) found	Cryptography	Archive Collected Data
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7980
Target ID:	1
Parent PID:	7960
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	06:02:57
Date:	14/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff62fc20000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Users\user\Desktop\muk.ps1"

Details

Is windows:	true
Is dropped:	false
PID:	7268
Target ID:	4
Parent PID:	3964
Name:	notepad.exe
Path:	C:\Windows\System32\notepad.exe
Commandline:	"C:\Windows\System32\notepad.exe" "C:\Users\user\Desktop\muk.ps1"
Size:	201216
MD5:	27F71B12CB585541885A31BE22F61C83
Time:	06:03:00
Date:	14/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d6920000
Modulesize:	229376
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://geoplugin.net/json.gp

178.237.33.50

http://nuget.org/NuGet.exe

unknown

http://176.65.144.3/dev/muk.exed

unknown

http://geoplugin.net/json.gp&

unknown

http://geoplugin.net/

unknown

http://pesterbdd.com/images/Pester.png

unknown

http://geoplugin.net/json.gp/C

unknown

http://geoplugin.net/json.gpl

unknown

http://geoplugin.net/json.gpwK

unknown

https://aka.ms/pscore6lB

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://contoso.com/License

unknown

http://176.65.144.3

unknown

https://contoso.com/Icon

unknown

http://176.65.144.3/dev/muk.exeP

unknown

http://176.65.144.3/dev/muk.exe

176.65.144.3

http://crl.micro6

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://github.com/Pester/Pester

unknown

http://geoplugin.net/json.gpSystem32

unknown

There are 12 hidden URLs, click here to show them.

Domains

Name

Malicious

geoplugin.net

178.237.33.50

Details

Name:	geoplugin.net
IP:	178.237.33.50
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

18.31.95.13.in-addr.arpa

unknown

IPs

Domain

Country

Malicious

198.23.227.212

unknown

United States

Details

IP:	198.23.227.212
TargetID:	10
Current Path:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Country:	United States
Countrycode:	USA
ASN number:	36352
ASN name:	AS-COLOCROSSINGUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

176.65.144.3

unknown

Germany

Details

IP:	176.65.144.3
TargetID:	5
Current Path:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Country:	Germany
Countrycode:	DEU
ASN number:	12975
ASN name:	PALTEL-ASPALTELAutonomousSystemPS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

178.237.33.50

geoplugin.net

Netherlands

Details

IP:	178.237.33.50
TargetID:	10
Current Path:	C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	8455
ASN name:	ATOM86-ASATOM86NL
Private:	false
Domain:	geoplugin.net

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Rmc-DJTZHJ

exepath

HKEY_CURRENT_USER\SOFTWARE\Rmc-DJTZHJ

licence

HKEY_CURRENT_USER\SOFTWARE\Rmc-DJTZHJ

time

HKEY_CURRENT_USER\SOFTWARE\Rmc-DJTZHJ

UID

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS

FileDirectory

There are 9 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

400000

remote allocation

page execute and read and write

DA8000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

7A20000

trusted library allocation

page read and write

2C6F000

trusted library allocation

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

7837000

heap

page read and write

17897734000

heap

page read and write

E2A000

heap

page read and write

17897734000

heap

page read and write

2C20000

trusted library allocation

page read and write

4D38000

trusted library allocation

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

783B000

heap

page read and write

EA0000

heap

page read and write

17897727000

heap

page read and write

87B0000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

4CB0000

trusted library allocation

page read and write

17897732000

heap

page read and write

4CB5000

trusted library allocation

page execute and read and write

17897726000

heap

page read and write

17897727000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

5416000

trusted library allocation

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

2A27000

trusted library allocation

page execute and read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

2B7E000

stack

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

7853000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

178976B8000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

17899070000

heap

page read and write

17897734000

heap

page read and write

2C30000

trusted library allocation

page read and write

17897732000

heap

page read and write

4C763C9000

stack

page read and write

34E0000

heap

page read and write

17897734000

heap

page read and write

7931000

heap

page read and write

17897732000

heap

page read and write

51DE000

stack

page read and write

47C000

remote allocation

page execute and read and write

17897740000

heap

page read and write

4465000

trusted library allocation

page read and write

17897734000

heap

page read and write

122F000

stack

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

2ADE000

stack

page read and write

562C000

trusted library allocation

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

7C20000

trusted library allocation

page read and write

17897740000

heap

page read and write

17899100000

trusted library allocation

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

4C68000

trusted library allocation

page read and write

17897740000

heap

page read and write

17897727000

heap

page read and write

17897732000

heap

page read and write

7540000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

E83000

heap

page read and write

D75000

heap

page read and write

17897726000

heap

page read and write

D75000

heap

page read and write

7A49000

trusted library allocation

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897727000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

5275000

heap

page execute and read and write

4D1E000

stack

page read and write

363F000

stack

page read and write

17897734000

heap

page read and write

2C61000

trusted library allocation

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897650000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

4C0D000

stack

page read and write

4DFE000

stack

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

52C1000

trusted library allocation

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

D39000

stack

page read and write

17897727000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

86DD000

stack

page read and write

4C70000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

7BC0000

trusted library allocation

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

2D3B000

stack

page read and write

17897734000

heap

page read and write

3108000

heap

page read and write

1789772B000

heap

page read and write

C3C000

stack

page read and write

D70000

heap

page read and write

17897732000

heap

page read and write

2CE5000

trusted library allocation

page read and write

1789772B000

heap

page read and write

7C40000

trusted library allocation

page read and write

EB6000

heap

page read and write

78B9000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

7A8D000

stack

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

17897726000

heap

page read and write

8720000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

44C9000

trusted library allocation

page read and write

7BF0000

trusted library allocation

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

78E0000

heap

page execute and read and write

4CD0000

trusted library allocation

page read and write

88B0000

heap

page read and write

8690000

trusted library allocation

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

ECA000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

3C61000

trusted library allocation

page read and write

F13000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

7C10000

trusted library allocation

page read and write

10C0000

heap

page read and write

17897734000

heap

page read and write

17899570000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

2D7D000

stack

page read and write

17897732000

heap

page read and write

737E000

stack

page read and write

17897726000

heap

page read and write

1250000

heap

page read and write

17897740000

heap

page read and write

34D0000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

772E000

stack

page read and write

5270000

heap

page execute and read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

517E000

stack

page read and write

17897734000

heap

page read and write

4C83000

trusted library allocation

page execute and read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

7B1E000

stack

page read and write

17897734000

heap

page read and write

2C50000

heap

page execute and read and write

178976FD000

heap

page read and write

17897734000

heap

page read and write

4D9F000

stack

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897727000

heap

page read and write

1789772B000

heap

page read and write

3C65000

trusted library allocation

page read and write

316F000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

17897727000

heap

page read and write

4E00000

heap

page read and write

1789772B000

heap

page read and write

7CCE000

stack

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

E47000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

3050000

heap

page read and write

178976E1000

heap

page read and write

1789772B000

heap

page read and write

774E000

stack

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

1789907C000

heap

page read and write

17897734000

heap

page read and write

17897727000

heap

page read and write

7ADE000

stack

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

8740000

trusted library allocation

page read and write

17897732000

heap

page read and write

ECE000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

3100000

heap

page read and write

17897740000

heap

page read and write

E10000

heap

page read and write

1789772B000

heap

page read and write

2A3B000

trusted library allocation

page execute and read and write

518E000

stack

page read and write

17897740000

heap

page read and write

8785000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

2A37000

trusted library allocation

page execute and read and write

D3D000

stack

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

30DE000

stack

page read and write

1789772B000

heap

page read and write

7877000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

17897726000

heap

page read and write

3156000

heap

page read and write

17897734000

heap

page read and write

2CDC000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

4D50000

heap

page read and write

17897736000

heap

page read and write

4C7667F000

stack

page read and write

17897732000

heap

page read and write

D90000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

11DF000

stack

page read and write

17897726000

heap

page read and write

DEE000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

7C30000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

3055000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897727000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

4C84000

trusted library allocation

page read and write

17897726000

heap

page read and write

972000

unkown

page readonly

17897734000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

4469000

trusted library allocation

page read and write

17899020000

heap

page read and write

17897727000

heap

page read and write

62C1000

trusted library allocation

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

7B8E000

stack

page read and write

778E000

stack

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

309E000

stack

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

7BA0000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

2A20000

trusted library allocation

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

4D30000

trusted library allocation

page read and write

782A000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

2A30000

trusted library allocation

page read and write

17897726000

heap

page read and write

4DDC000

stack

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

62E9000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

31F6000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

2C1F000

stack

page read and write

17897734000

heap

page read and write

87AE000

stack

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

2A3E000

stack

page read and write

8680000

trusted library allocation

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

970000

unkown

page readonly

17897734000

heap

page read and write

842E000

stack

page read and write

17897727000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897727000

heap

page read and write

17897734000

heap

page read and write

178976EB000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

4C60000

trusted library allocation

page read and write

4DF0000

trusted library allocation

page read and write

3162000

heap

page read and write

34E6000

heap

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

7C00000

trusted library allocation

page read and write

4C90000

trusted library allocation

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

871F000

stack

page read and write

73BE000

stack

page read and write

2C46000

trusted library allocation

page read and write

17897726000

heap

page read and write

E20000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

DA0000

heap

page read and write

2DF0000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

78A4000

trusted library allocation

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

E7A000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

7B5E000

stack

page read and write

E20000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

76EE000

stack

page read and write

784D000

heap

page read and write

17897726000

heap

page read and write

77AE000

stack

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

472000

remote allocation

page execute and read and write

2A03000

trusted library allocation

page execute and read and write

10EF000

stack

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

8640000

trusted library allocation

page execute and read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

2C7F000

stack

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

52B0000

heap

page execute and read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

1240000

trusted library allocation

page read and write

8730000

trusted library allocation

page execute and read and write

E22000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

52BE000

stack

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

86AE000

stack

page read and write

77B0000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897727000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

7B9D000

stack

page read and write

17897727000

heap

page read and write

2A50000

trusted library allocation

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

303E000

stack

page read and write

7E0E000

stack

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

527E000

stack

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

78C0000

trusted library allocation

page read and write

743A000

stack

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897727000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

78F0000

trusted library allocation

page read and write

17897740000

heap

page read and write

5323000

trusted library allocation

page read and write

17897734000

heap

page read and write

17899075000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

632A000

trusted library allocation

page read and write

74FE000

stack

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

DFF000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

4DE0000

trusted library allocation

page execute and read and write

4CB2000

trusted library allocation

page read and write

1789B1F0000

trusted library allocation

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

E55000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897727000

heap

page read and write

17897726000

heap

page read and write

7BCE000

stack

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

4C77000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17899223000

heap

page read and write

7BE0000

trusted library allocation

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

972000

unkown

page execute and read and write

2A04000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

521F000

stack

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

7C50000

trusted library allocation

page read and write

17897726000

heap

page read and write

2C40000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

72FD000

stack

page read and write

17897726000

heap

page read and write

10BE000

stack

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

F80000

heap

page read and write

1789772B000

heap

page read and write

77FD000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

747E000

stack

page read and write

1789772B000

heap

page read and write

7BB0000

trusted library allocation

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

178976EA000

heap

page read and write

DE0000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

4C80000

trusted library allocation

page read and write

17897732000

heap

page read and write

481000

remote allocation

page execute and read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897727000

heap

page read and write

17897736000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

475000

remote allocation

page execute and read and write

4C4F000

stack

page read and write

2A2A000

trusted library allocation

page execute and read and write

1789772B000

heap

page read and write

2D0A000

trusted library allocation

page read and write

17897734000

heap

page read and write

897B000

stack

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

7A50000

trusted library allocation

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

4BCE000

stack

page read and write

DA0000

heap

page read and write

353E000

stack

page read and write

2A9E000

stack

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897727000

heap

page read and write

776E000

stack

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

73FE000

stack

page read and write

17897740000

heap

page read and write

17897727000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

E62000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

330E000

stack

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

EE5000

heap

page read and write

1250000

heap

page read and write

17897740000

heap

page read and write

7A31000

trusted library allocation

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

52C0000

heap

page execute and read and write

17897740000

heap

page read and write

785B000

heap

page read and write

733B000

stack

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

1220000

heap

page read and write

17899950000

heap

page read and write

7900000

trusted library allocation

page execute and read and write

1789772B000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

17897727000

heap

page read and write

17897740000

heap

page read and write

54C8000

trusted library allocation

page read and write

17897732000

heap

page read and write

17899220000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897727000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

753B000

stack

page read and write

2AE0000

trusted library allocation

page execute and read and write

1789772B000

heap

page read and write

DEE000

stack

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

2CBE000

trusted library allocation

page read and write

17897732000

heap

page read and write

89BD000

stack

page read and write

F90000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

7A40000

trusted library allocation

page read and write

17897740000

heap

page read and write

78D0000

trusted library allocation

page read and write

4D20000

heap

page readonly

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

2B3F000

stack

page read and write

17897740000

heap

page read and write

E2E000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

2A0D000

trusted library allocation

page execute and read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

17897734000

heap

page read and write

17897727000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

2D78000

stack

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897726000

heap

page read and write

17897726000

heap

page read and write

2A00000

trusted library allocation

page read and write

17897726000

heap

page read and write

7C60000

trusted library allocation

page read and write

17897726000

heap

page read and write

4B8D000

stack

page read and write

17897726000

heap

page read and write

17897740000

heap

page read and write

852E000

stack

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

4C8D000

trusted library allocation

page execute and read and write

1789772B000

heap

page read and write

74BA000

stack

page read and write

78C5000

trusted library allocation

page read and write

3040000

heap

page read and write

4D3A000

trusted library allocation

page read and write

17897727000

heap

page read and write

4C99000

trusted library allocation

page read and write

2AF0000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897727000

heap

page read and write

17897732000

heap

page read and write

7BD0000

trusted library allocation

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897726000

heap

page read and write

17897734000

heap

page read and write

178976B0000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

866F000

stack

page read and write

1789772B000

heap

page read and write

17897732000

heap

page read and write

17897740000

heap

page read and write

D70000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

17897740000

heap

page read and write

788E000

stack

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

78B6000

trusted library allocation

page read and write

1789772B000

heap

page read and write

7D0D000

stack

page read and write

17897740000

heap

page read and write

2C6B000

trusted library allocation

page read and write

17897726000

heap

page read and write

17897726000

heap

page read and write

856E000

stack

page read and write

7894000

trusted library allocation

page read and write

2B10000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

E14000

heap

page read and write

4B30000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

17897734000

heap

page read and write

1789772B000

heap

page read and write

17897734000

heap

page read and write

17897732000

heap

page read and write

782D000

heap

page read and write

17897732000

heap

page read and write

17897726000

heap

page read and write

2A10000

trusted library allocation

page read and write

17897732000

heap

page read and write

E7F000

heap

page read and write

17897740000

heap

page read and write

17897727000

heap

page read and write

DF0000

heap

page read and write

C3C000

stack

page read and write

17897660000

heap

page read and write

17897732000

heap

page read and write

17897732000

heap

page read and write

17897734000

heap

page read and write

17897740000

heap

page read and write

1789772B000

heap

page read and write

112E000

stack

page read and write

17897734000

heap

page read and write

315B000

heap

page read and write

17897732000

heap

page read and write

1789772B000

heap

page read and write

17897740000

heap

page read and write

There are 893 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
muk.ps1

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmuk.ps1

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
muk.ps1