Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

document-1771131239.xls

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Apr 1 10:53:30 2021, Security: 0

initial sample

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\0104[1].gif

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

downloaded

C:\Users\user\fikftkm.thj

HTML document, ASCII text, with very long lines

dropped

C:\Users\user\fikftkm.thj2

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, 58596 bytes, 1 file

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

data

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

data

dropped

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D6695CC-9529-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCF30F48-9528-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7092821-9528-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D6695CE-9529-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D6695D0-9529-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D6695D2-9529-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

modified

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCF30F4A-9528-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7092823-9528-11EB-ADCF-ECF4BBB5915B}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\HdepnBaFj-yarvouFUIlfV4Q9D8.gz[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\NGDGShwgz5vCvyjNFyZiaPlHGCE.gz[1].js

ASCII text, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\dnserror[1]

HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\httpErrorPagesScripts[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz[1].js

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js

ASCII text, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\2BKDOK08[1].htm

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\4JDAW1W1.htm

HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\5rqGloMo94v3vwNVR5OsxDNd8d0[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JDHEvZVDnqsG9UcxzgIdtGb6thw.gz[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\MstqcgNaYngCBavkktAoSE0--po.gz[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ULJCe4CXM2DCjZgELMGm2K4PcPo[1].png

PNG image data, 1642 x 116, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].ico

MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\suspendedpage[1].htm

HTML document, ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz[1].js

ASCII text, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\errorPageStrings[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\favicon[1].ico

MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\hsq54HXv3E6bOWi_58PaE6vwTYM.gz[1].js

exported SGML document, ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\6sxhavkE4_SZHA_K4rwWmg67vF0.gz[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\NewErrorPageTemplate[1]

UTF-8 Unicode (with BOM) text, with CRLF line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\aU[1].htm

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bLULVERLX4vU6bjspboNMw9vl_0.gz[1].js

very short file (no magic)

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\th[1].jpg

JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1920x1080, frames 3

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\urlblockindex[1].bin

data

downloaded

C:\Users\user\AppData\Local\Temp\05CE0000

data

dropped

C:\Users\user\AppData\Local\Temp\CabCD4F.tmp

Microsoft Cabinet archive data, 58596 bytes, 1 file

dropped

C:\Users\user\AppData\Local\Temp\TarCD50.tmp

data

dropped

C:\Users\user\AppData\Local\Temp\~DF0AFF9FFD650E40F3.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF0D3E41F0F821E6BD.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF0F9755593861B3EA.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF2ABEE36455B94053.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF41F1857FFE330BCF.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF56A129262371E0A4.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DF7CF03B8C0F417635.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFFB4690FF7436F266.TMP

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sun Apr 4 08:32:35 2021, atime=Sun Apr 4 08:32:35 2021, length=12288, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1771131239.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Sun Apr 4 08:32:35 2021, atime=Sun Apr 4 08:32:36 2021, length=185344, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\14HKUKTQ.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\2SCY25TS.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\460PAFDF.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6AQYXAJN.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6PRKYCQ0.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B711W0F3.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\D3LSEQT1.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FO92LQA2.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\J31WUCBG.txt

ASCII text

downloaded

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\N904USWI.txt

ASCII text

downloaded

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RYK07S53.txt

ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UIKK4OT4.txt

ASCII text

downloaded

C:\Users\user\Desktop\D5CE0000

Applesoft BASIC program data, first line number 16

dropped

There are 62 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

C:\Windows\System32\rundll32.exe

rundll32 ..\fikftkm.thj,DllRegisterServer

C:\Windows\System32\rundll32.exe

rundll32 ..\fikftkm.thj1,DllRegisterServer

C:\Windows\System32\rundll32.exe

rundll32 ..\fikftkm.thj2,DllRegisterServer

C:\Windows\SysWOW64\rundll32.exe

rundll32 ..\fikftkm.thj2,DllRegisterServer

C:\Windows\System32\rundll32.exe

rundll32 ..\fikftkm.thj3,DllRegisterServer

C:\Windows\System32\rundll32.exe

rundll32 ..\fikftkm.thj4,DllRegisterServer

C:\Program Files\Internet Explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:620 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3064 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:972 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:972 CREDAT:603152 /prefetch:2

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:972 CREDAT:1520647 /prefetch:2

There are 5 hidden processes, click here to show them.

URLs

Name

Malicious

http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check

unknown

http://www.windows.com/pctv.

unknown

http://investor.msn.com

unknown

http://urs-world.com/joomla/DzJ1zVBWb/1fmYW7HPNqRQhz6Za_2F/CEQgEHh67hkPdvwOSdi/nEqyJXm1CwTWVs2C

unknown

http://www.msnbc.com/news/ticker.txt

unknown

http://www.icra.org/vocabulary/.

unknown

http://investor.msn.com/

unknown

http://urs-world.com/joomla/DzJ1zVBWb/1fmYW7HPNqRQhz6Za_2F/CEQgEHh67hkPdvwOSdi/nEqyJXm1CwTWVs2C_2Fr_2/BvjUBKxN9qSpN/cMrTRJ9N/ryJsB4qGY2XHLtxrLDi6xNR/Qw5QsDCu2a/1byqzLlxunqNEdxwm/2jiPBdqZB0a1/q3egY2VhZv3/_2B8x5gL2kXG3P/aL1YXODRbtNtTkBrj3PS7/G.akk

185.186.244.95

http://urs-world.com/joomla/nFzk0Q7K/E1_2F1CEOHcU967kDpuCuCt/FPWRV6etYO/3uHaVD2_2B5fz4cnT/KUnSOvHj3DDx/LEjym6jOHzl/FeVIuhKblVVnxm/VI6rPV0WA0nCSJBKKjggZ/tlqJBc8y5_2Bbir_/2BCa9ubsQQgGaAg/T_2BNOyNXybfs33Qg4/rm7s6e4PI/6eyckn37N5jlypeo4jei/kAPiG95T_2BrCVeX6k0/F0E8zUcKkiS/aU.akk

185.186.244.95

http://windowsmedia.com/redir/services.asp?WMPFriendly=true

unknown

http://www.hotmail.com/oe

unknown

http://urs-world.com/joomla/3aDSi90Odm4t/ZQseS7mEKQ6/SSE8Q3crCb0l7w/wIvpan0x1HXuZM3ORESMa/ajJiFPV258iNRovg/KQl9frzLJWGuawc/zcW8IHCp_2F8n02ZSX/SkuilVzI4/iu_2BjoqlDfmKu_2BuVf/kGitIl_2Bi7_2Fz9R6X/Y0sd4k8W3UrfPrzXwVLvdK/7G4iHN0OcM5_2/FPqyROS_/2BKDOK08.akk

185.186.244.95

http://urs-world.com/favicon.ico

185.186.244.95

There are 3 hidden URLs, click here to show them.

Domains

Name

Malicious

urs-world.com

185.186.244.95

Details

Name:	urs-world.com
IP:	185.186.244.95
TargetID:	21
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Urls found in memory or binary data	Networking

accesslinksgroup.com

192.185.129.4

Details

Name:	accesslinksgroup.com
IP:	192.185.129.4
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Uses secure TLS version for HTTPS connections	Compliance, Networking

under17.com

185.243.114.196

Details

Name:	under17.com
IP:	185.243.114.196
TargetID:	15
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection

mundotecnologiasolar.com

162.241.62.4

Details

Name:	mundotecnologiasolar.com
IP:	162.241.62.4
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

ponchokhana.com

5.100.155.169

Details

Name:	ponchokhana.com
IP:	5.100.155.169
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

vts.us.com

207.174.213.126

Details

Name:	vts.us.com
IP:	207.174.213.126
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

comosairdoburaco.com.br

198.50.218.68

Details

Name:	comosairdoburaco.com.br
IP:	198.50.218.68
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

unknown

IPs

Domain

Country

Malicious

185.243.114.196

under17.com

Netherlands

Details

IP:	185.243.114.196
TargetID:	15
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	31400
ASN name:	ACCELERATED-ITDE
Private:	false
Domain:	under17.com

192.185.129.4

accesslinksgroup.com

United States

Details

IP:	192.185.129.4
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	accesslinksgroup.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

185.186.244.95

urs-world.com

Netherlands

Details

IP:	185.186.244.95
TargetID:	21
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	35415
ASN name:	WEBZILLANL
Private:	false
Domain:	urs-world.com

207.174.213.126

vts.us.com

United States

Details

IP:	207.174.213.126
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	394695
ASN name:	PUBLIC-DOMAIN-REGISTRYUS
Private:	false
Domain:	vts.us.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

162.241.62.4

mundotecnologiasolar.com

United States

Details

IP:	162.241.62.4
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	mundotecnologiasolar.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

5.100.155.169

ponchokhana.com

United Kingdom

Details

IP:	5.100.155.169
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United Kingdom
Countrycode:	GBR
ASN number:	394695
ASN name:	PUBLIC-DOMAIN-REGISTRYUS
Private:	false
Domain:	ponchokhana.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

198.50.218.68

comosairdoburaco.com.br

Canada

Details

IP:	198.50.218.68
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Canada
Countrycode:	CAN
ASN number:	16276
ASN name:	OVHFR
Private:	false
Domain:	comosairdoburaco.com.br

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

*(3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

MTTT

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ReviewToken

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC053

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

VBAFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DefaultSheetR2L

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseSystemSeparators

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ThousandsSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DecimalSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC330

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC478

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC5A0

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC6A9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

233

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\system32\qagentrt.dll,-10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\fveui.dll,-843

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\fveui.dll,-844

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\wuaueng.dll,-400

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

LastPurgeTime

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

104FC5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

105C72

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EXCELFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SavedLegacySettings

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Internet Explorer\iexplore.exe

{CCF30F48-9528-11EB-ADCF-ECF4BBB5915B}

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateLowDateTime

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateHighDateTime

C:\Program Files\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateLowDateTime

C:\Program Files\Internet Explorer\iexplore.exe

NextCheckForUpdateHighDateTime

C:\Program Files\Internet Explorer\iexplore.exe

DecayDateQueue

C:\Program Files\Internet Explorer\iexplore.exe

LastProcessed

C:\Program Files\Internet Explorer\iexplore.exe

NavTimeArray

C:\Program Files (x86)\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

{E7092821-9528-11EB-ADCF-ECF4BBB5915B}

C:\Program Files\Internet Explorer\iexplore.exe

ChangeNotice

C:\Program Files\Internet Explorer\iexplore.exe

FaviconPath

C:\Program Files\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977

C:\Program Files\Internet Explorer\iexplore.exe

2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81

C:\Program Files\Internet Explorer\iexplore.exe

88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977

C:\Program Files\Internet Explorer\iexplore.exe

2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81

C:\Program Files\Internet Explorer\iexplore.exe

DecayDateQueue

C:\Program Files\Internet Explorer\iexplore.exe

LastProcessed

C:\Program Files\Internet Explorer\iexplore.exe

NavTimeArray

C:\Program Files (x86)\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

{0D6695CC-9529-11EB-ADCF-ECF4BBB5915B}

C:\Program Files\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

DecayDateQueue

C:\Program Files\Internet Explorer\iexplore.exe

LastProcessed

C:\Program Files\Internet Explorer\iexplore.exe

Window_Placement

C:\Program Files\Internet Explorer\iexplore.exe

Count

C:\Program Files\Internet Explorer\iexplore.exe

Time

C:\Program Files\Internet Explorer\iexplore.exe

LoadTimeArray

C:\Program Files\Internet Explorer\iexplore.exe

DecayDateQueue

C:\Program Files\Internet Explorer\iexplore.exe

LastProcessed

C:\Program Files\Internet Explorer\iexplore.exe

NavTimeArray

C:\Program Files (x86)\Internet Explorer\iexplore.exe

SavedLegacySettings

C:\Program Files (x86)\Internet Explorer\iexplore.exe

SavedLegacySettings

There are 158 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2DD8000

heap private

page read and write

2C5B000

heap private

page read and write

2B5D000

heap private

page read and write

240000

unkown

page read and write

2A5F000

heap private

page read and write

2F0000

unkown

page read and write

2A50000

unkown

page readonly

2F0000

unkown

page read and write

28C6000

unkown

page readonly

60000

unkown

page readonly

20000

unkown

page readonly

2945000

unkown

page readonly

2F0000

unkown

page read and write

2902000

unkown

page readonly

110000

unkown

page readonly

60000

unkown

page readonly

2F0000

unkown

page read and write

2724000

unkown

page readonly

2A0000

unkown

page write copy

26E2000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

340000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

1CE0000

unkown

page readonly

2802000

unkown

page readonly

2109000

heap private

page read and write

2959000

unkown

page readonly

2905000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

B2F000

unkown

page read and write

2F0000

unkown

page read and write

1A4000

heap private

page read and write

450000

unkown

page write copy

580000

unkown

page readonly

2080000

unkown

page readonly

2AD2000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

28CE000

unkown

page read and write

21C0000

heap private

page read and write

35A2000

unkown

page read and write

2CD0000

unkown

page readonly

2F0000

unkown

page read and write

2528000

unkown

page readonly

2F0000

unkown

page read and write

4EA000

unkown

page read and write

280D000

unkown

page readonly

2220000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2889000

unkown

page readonly

2C90000

heap private

page read and write

25E8000

unkown

page readonly

5C0000

unkown

page readonly

60000

unkown

page readonly

2F0000

unkown

page read and write

2D05000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2896000

unkown

page readonly

2F0000

unkown

page read and write

1B0000

heap private

page read and write

2D59000

heap private

page read and write

2622000

unkown

page readonly

2F0000

unkown

page read and write

5B4000

heap private

page read and write

31D000

unkown

page read and write

160000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

29DE000

unkown

page read and write

2F0000

unkown

page read and write

1E97000

unkown

page readonly

2795000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

28D9000

unkown

page readonly

2F0000

unkown

page read and write

231F000

unkown

page read and write

2F0000

unkown

page read and write

2240000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2779000

heap private

page read and write

2975000

unkown

page readonly

2F0000

unkown

page read and write

28D6000

unkown

page readonly

F0000

heap private

page read and write

2F0000

unkown

page read and write

2960000

heap private

page read and write

2B70000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

1B30000

unkown

page readonly

22A0000

unkown

page readonly

400000

unkown

page readonly

10001000

unkown image

page execute and read and write

2400000

heap private

page read and write

2F0000

unkown

page read and write

23BE000

unkown

page read and write

474000

heap default

page read and write

2824000

unkown

page readonly

2205000

heap private

page read and write

2859000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2CCB000

heap private

page read and write

2949000

unkown

page readonly

1DB000

unkown

page read and write

3FB000

heap default

page read and write

30CD000

unkown

page read and write

2B45000

heap private

page read and write

27F8000

heap private

page read and write

28B5000

unkown

page readonly

58E000

unkown

page read and write

38E000

heap default

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2722000

unkown

page readonly

2FE0000

unkown

page read and write

2000000

heap private

page read and write

3B0000

heap default

page read and write

2F0000

unkown

page read and write

2765000

unkown

page readonly

3F6000

heap default

page read and write

3CE000

heap default

page read and write

2324000

heap private

page read and write

2F0000

unkown

page read and write

28C5000

unkown

page readonly

C1F000

unkown

page read and write

25E2000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

310000

unkown

page read and write

4C6000

unkown

page read and write

27C5000

unkown

page readonly

290000

unkown

page read and write

2F0000

unkown

page read and write

D0000

unkown

page read and write

2F0000

unkown

page read and write

8B000

unkown

page read and write

2875000

unkown

page readonly

2F0000

unkown

page read and write

14C000

unkown

page read and write

27C4000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

256000

unkown

page read and write

2F0000

unkown

page read and write

1B7000

heap default

page read and write

2280000

unkown

page readonly

28E9000

unkown

page readonly

25A2000

unkown

page readonly

2F0000

unkown

page read and write

311000

unkown

page execute read

2889000

unkown

page readonly

31C000

unkown

page readonly

2F0000

unkown

page read and write

20000

unkown

page readonly

190000

heap private

page read and write

160000

unkown

page read and write

10A000

unkown

page read and write

2812000

unkown

page readonly

2965000

unkown

page readonly

2F0000

unkown

page read and write

27A2000

unkown

page readonly

28F5000

unkown

page readonly

2F0000

unkown

page read and write

E0000

unkown

page read and write

5C0000

unkown

page readonly

770000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

28A5000

unkown

page readonly

3050000

unkown

page read and write

440000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

33B1000

unkown

page read and write

28A2000

unkown

page readonly

2F0000

unkown

page read and write

3F0000

heap private

page read and write

2782000

unkown

page readonly

2832000

unkown

page readonly

D0000

unkown

page read and write

2F70000

unkown

page read and write

1CB0000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

3B7000

heap default

page read and write

2B30000

unkown

page readonly

2F0000

unkown

page read and write

27E5000

unkown

page readonly

2F0000

unkown

page read and write

31B0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

1D60000

unkown

page readonly

48D000

heap default

page read and write

290D000

unkown

page readonly

27E4000

unkown

page readonly

310000

unkown

page read and write

2F0000

unkown

page read and write

2185000

heap private

page read and write

27D2000

unkown

page readonly

2F0000

unkown

page read and write

346000

unkown

page read and write

2F0000

unkown

page read and write

1E0000

unkown

page execute and read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

34B0000

unkown

page read and write

27E2000

unkown

page readonly

1EE000

heap default

page read and write

550000

unkown

page readonly

2F0000

unkown

page read and write

960000

unkown

page readonly

2882000

unkown

page readonly

30B0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2C6000

unkown

page read and write

35A0000

unkown

page read and write

2F0000

unkown

page read and write

27E000

heap default

page read and write

F0000

unkown

page readonly

2F0000

unkown

page read and write

10000000

unkown image

page readonly

2942000

unkown

page readonly

2B40000

heap private

page read and write

33B0000

unkown

page read and write

2F0000

unkown

page read and write

2822000

unkown

page readonly

27A6000

unkown

page readonly

2A53000

heap private

page read and write

1B0000

heap default

page read and write

220000

unkown

page read and write

20000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

E0000

unkown

page read and write

2919000

unkown

page readonly

27E4000

unkown

page readonly

7C0000

unkown

page readonly

180000

unkown

page read and write

1F47000

unkown

page readonly

1B20000

unkown

page readonly

2776000

unkown

page readonly

21A0000

unkown

page readonly

2D3B000

heap private

page read and write

2722000

unkown

page readonly

2F0000

unkown

page read and write

2DD8000

heap private

page read and write

2815000

unkown

page readonly

2F0000

unkown

page read and write

20F5000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2040000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

240000

heap default

page read and write

2F0000

unkown

page read and write

2522000

unkown

page readonly

228C000

unkown

page read and write

2822000

unkown

page readonly

25A8000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2DDA000

heap private

page read and write

2F0000

unkown

page read and write

2909000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

490000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

27F6000

unkown

page readonly

2C55000

heap private

page read and write

28A6000

unkown

page readonly

2B0000

unkown

page read and write

288D000

unkown

page readonly

27D6000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2836000

unkown

page readonly

1FD0000

heap private

page read and write

2909000

unkown

page readonly

32B0000

heap private

page read and write

2F0000

unkown

page read and write

2C95000

heap private

page read and write

2F0000

unkown

page read and write

F4000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2855000

unkown

page readonly

2885000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

29A5000

unkown

page readonly

2F0000

unkown

page read and write

2826000

unkown

page readonly

2F0000

unkown

page read and write

2B7B000

heap private

page read and write

2B50000

unkown

page readonly

357000

heap default

page read and write

20C0000

unkown

page readonly

170000

heap private

page read and write

2F0000

unkown

page read and write

2852000

unkown

page readonly

2F0000

unkown

page read and write

442000

unkown

page read and write

2F0000

unkown

page read and write

740000

unkown

page readonly

2F0000

unkown

page read and write

2189000

heap private

page read and write

2F0000

unkown

page read and write

2809000

unkown

page readonly

2F0000

unkown

page read and write

7EFDF000

unkown

page read and write

5B0000

heap private

page read and write

28B2000

unkown

page readonly

2F0000

unkown

page read and write

2E6000

unkown

page read and write

2C8B000

heap private

page read and write

2F0000

unkown

page read and write

33AE000

unkown

page read and write

27E2000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

1D0000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

24E000

heap default

page read and write

27B2000

unkown

page readonly

2AF0000

unkown

page readonly

2F0000

unkown

page read and write

26E2000

unkown

page readonly

710000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

28F5000

unkown

page readonly

1F00000

unkown

page write copy

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2762000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

1B60000

unkown

page readonly

20000

unkown

page readonly

2F0000

unkown

page read and write

2886000

unkown

page readonly

2105000

heap private

page read and write

3651000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

20F9000

heap private

page read and write

2F0000

unkown

page read and write

28D2000

unkown

page readonly

2806000

unkown

page readonly

2F0000

unkown

page read and write

2845000

unkown

page readonly

27A4000

unkown

page readonly

2912000

unkown

page readonly

194000

heap private

page read and write

2F0000

unkown

page read and write

397000

heap default

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2100000

heap private

page read and write

2B30000

unkown

page read and write

28A2000

unkown

page readonly

2D10000

unkown

page readonly

23D000

unkown

page execute and read and write

32B4000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2A92000

unkown

page readonly

10000000

unkown image

page readonly

2628000

unkown

page readonly

2F0000

unkown

page read and write

2B90000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2875000

unkown

page readonly

2F0000

unkown

page read and write

60000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2865000

unkown

page readonly

2A12000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

286E000

unkown

page read and write

26A2000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

640000

unkown

page readonly

2F0000

unkown

page read and write

270000

heap default

page read and write

60000

unkown

page readonly

2F0000

unkown

page read and write

2320000

heap private

page read and write

2F0000

unkown

page read and write

28CD000

unkown

page readonly

350000

heap default

page read and write

3F4000

heap private

page read and write

E0000

unkown

page read and write

20000

unkown

page readonly

2842000

unkown

page readonly

2F0000

unkown

page read and write

217000

heap default

page read and write

340000

unkown

page read and write

27F5000

unkown

page readonly

2F0000

unkown

page read and write

1A0000

unkown

page readonly

2B10000

unkown

page readonly

223D000

unkown

page read and write

2F0000

unkown

page read and write

2929000

unkown

page readonly

22CE000

unkown

page read and write

2856000

unkown

page readonly

2982000

unkown

page readonly

1C0000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2872000

unkown

page readonly

2180000

heap private

page read and write

2F0000

unkown

page read and write

410000

unkown

page readonly

487000

heap default

page read and write

2922000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2784000

unkown

page readonly

2BC0000

unkown

page readonly

2F0000

unkown

page read and write

247000

heap default

page read and write

2F0000

unkown

page read and write

3ED000

heap default

page read and write

2F0000

unkown

page read and write

2A70000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2935000

unkown

page readonly

2F0000

unkown

page read and write

2866000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

21BE000

unkown

page read and write

2F0000

unkown

page read and write

2704000

unkown

page readonly

457000

heap default

page read and write

2180000

unkown

page readonly

2825000

unkown

page readonly

2F0000

unkown

page read and write

28D000

unkown

page read and write

2862000

unkown

page readonly

2209000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2DE0000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2D00000

heap private

page read and write

2F0000

unkown

page read and write

2342000

heap private

page read and write

2F0000

unkown

page read and write

1EC7000

unkown

page readonly

510000

heap private

page read and write

2B10000

unkown

page readonly

450000

heap default

page read and write

28E2000

unkown

page readonly

D0000

unkown

page read and write

2B12000

unkown

page readonly

210000

heap default

page read and write

2906000

unkown

page readonly

760000

unkown

page readonly

32D2000

heap private

page read and write

2804000

unkown

page readonly

1A0000

heap private

page read and write

2895000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

26E4000

unkown

page readonly

2F0000

unkown

page read and write

2200000

unkown

page readonly

28C5000

unkown

page readonly

2B50000

unkown

page readonly

21B000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2622000

unkown

page readonly

2F0000

unkown

page read and write

28E2000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

27E2000

unkown

page readonly

2829000

unkown

page readonly

2AD0000

unkown

page readonly

28C9000

unkown

page readonly

376000

unkown

page read and write

2F0000

unkown

page read and write

260000

heap private

page read and write

2802000

unkown

page readonly

2F0000

unkown

page read and write

20000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

174000

heap private

page read and write

27A2000

unkown

page readonly

2F0000

unkown

page read and write

2852000

unkown

page readonly

2A90000

unkown

page readonly

2F0000

unkown

page read and write

1D7000

heap private

page read and write

2F0000

unkown

page read and write

40E000

unkown

page read and write

32E4000

heap private

page read and write

2F0000

unkown

page read and write

1D07000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2CA0000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2752000

unkown

page readonly

27A4000

unkown

page readonly

2876000

unkown

page readonly

6BF000

unkown

page read and write

2F0000

unkown

page read and write

290E000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2882000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2B70000

unkown

page readonly

2F0000

unkown

page read and write

29C000

unkown

page read and write

390000

unkown

page execute read

2925000

unkown

page readonly

2F0000

unkown

page read and write

2952000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

150000

unkown

page read and write

1F10000

unkown

page write copy

44D000

unkown

page read and write

590000

unkown

page readonly

336E000

unkown

page read and write

2F0000

unkown

page read and write

20F0000

heap private

page read and write

28A9000

unkown

page readonly

2200000

heap private

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

1F8000

unkown

page execute and read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

390000

heap default

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2C50000

heap private

page read and write

2845000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

2F0000

unkown

page read and write

27C2000

unkown

page readonly

2F0000

unkown

page read and write

1D47000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

110000

unkown

page readonly

190000

unkown

page readonly

2F0000

unkown

page read and write

2F0000

unkown

page read and write

EB000

unkown

page read and write

2F0000

unkown

page read and write

1D17000

unkown

page readonly

10005000

unkown image

page execute and read and write

2F0000

unkown

page read and write

2764000

unkown

page readonly

590000

unkown

page readonly

29E0000

heap private

page read and write

2D80000

unkown

page readonly

2F0000

unkown

page read and write

2702000

unkown

page readonly

60000

unkown

page readonly

2F0000

unkown

page read and write

2260000

unkown

page readonly

2F0000

unkown

page read and write

31F000

unkown

page readonly

2989000

unkown

page readonly

2F0000

unkown

page read and write

2782000

unkown

page readonly

There are 635 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps