IOCReport

loading gif

Files

File Path
Type
Category
Malicious
lT2TTQACRLGKK8w.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lT2TTQACRLGKK8w.exe.log
ASCII text, with CRLF line terminators
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe
'C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe'
malicious
C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe
C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe
malicious

URLs

Name
IP
Malicious
http://127.0.0.1:HTTP/1.1
unknown
clean
http://iykmoreentrprise.org
unknown
clean
http://DynDns.comDynDNS
unknown
clean
http://vbcity.com/forums/t/51894.aspx
unknown
clean
http://cps.letsencrypt.org0
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
clean
http://go.microsoft.cz
unknown
clean
https://wl0H8jlTH4n9kj.org
unknown
clean
http://r3.o.lencr.org0
unknown
clean
https://api.ipify.org%GETMozilla/5.0
unknown
clean
http://NdOlex.com
unknown
clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
unknown
clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
clean
http://mail.iykmoreentrprise.org
unknown
clean
https://api.ipify.org%$
unknown
clean
http://cps.root-x1.letsencrypt.org0
unknown
clean
http://r3.i.lencr.org/0
unknown
clean
https://github.com/MrCylops
unknown
clean
There are 9 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
iykmoreentrprise.org
66.70.204.222
malicious
mail.iykmoreentrprise.org
unknown
malicious

IPs

IP
Domain
Country
Malicious
66.70.204.222
iykmoreentrprise.org
Canada
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
unkown
page execute and read and write
malicious
4129000
unkown
page read and write
malicious
3174000
unkown
page read and write
malicious
7FF5E0521000
unkown
page readonly
clean
5231000
unkown
page read and write
clean
7FF56D7CE000
unkown
page readonly
clean
CF0000
unkown
page read and write
clean
5C40000
unkown
page read and write
clean
2D173210000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
20B2A63F000
unkown
page read and write
clean
1CFEC95B000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
4FD0000
unkown
page read and write
clean
7FF59C489000
unkown
page readonly
clean
5231000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5180000
unkown
page read and write
clean
5C40000
unkown
page read and write
clean
145B000
unkown
page read and write
clean
50D0000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5C40000
unkown
page read and write
clean
C70000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
201916D0000
unkown
page readonly
clean
5231000
unkown
page read and write
clean
5170000
unkown
page read and write
clean
7FF5A2D1F000
unkown
page readonly
clean
5480000
unkown
page read and write
clean
1270000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
100FCFE000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
5231000
unkown
page read and write
clean
D30000
unkown
page read and write
clean
7FF5E0700000
unkown
page readonly
clean