Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Permission-414467145-06252021.xlsm

Microsoft Excel 2007+

initial sample

Details

Filetype:	Microsoft Excel 2007+
Entropy:	7.666395274852154
Filename:	Permission-414467145-06252021.xlsm
Filesize:	153750
MD5:	590ca0e597487dd5ad6c2f1fb64184dd
SHA1:	e141e27af930a2cdeafab2eb20727000de893629
SHA256:	20a72dc5350b296f2857911444fa065f5b0bb437be8d1bc61819cf29828a2955
SHA512:	fceb07823442eccaed6727b3c780fc7fbed475c15ac7131c7921505060b475d511e928c312d22980e40ebf12506d05308b55cc9fc0bc1509b244b435920fdc2e
SSDEEP:	3072:SmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZOYJ:p4P4346PgZw9gQaVJ
Preview:	PK..........!.........o.......[Content_Types].xml ...(.........................................................................................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Found Excel 4.0 Macro with suspicious formulas	System Summary	Scripting
Document is a ZIP file with path names indicative of goodware	System Summary

C:\Users\user\Desktop\~$Permission-414467145-06252021.xlsm

data

dropped

Details

File:	C:\Users\user\Desktop\~$Permission-414467145-06252021.xlsm
Category:	dropped
Dump:	~$Permission-414467145-06252021.xlsm.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	1.4377382811115937
Encrypted:	false
Ssdeep:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
Size:	330
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found Excel 4.0 Macro with suspicious formulas	System Summary	Scripting
Creates files inside the user directory	System Summary	Masquerading
Document is a ZIP file with path names indicative of goodware	System Summary

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4A07B784.jpg

[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2021:02:11 21:11:18], baseline, precision 8, 1860x1000, frames 3

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4A07B784.jpg
Category:	dropped
Dump:	4A07B784.jpg.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2021:02:11 21:11:18], baseline, precision 8, 1860x1000, frames 3
Entropy:	7.677272725029824
Encrypted:	false
Ssdeep:	3072:CmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZOy:54P4346PgZw9gQat
Size:	139381
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Downloads files	Networking	Ingress Tool Transfer

C:\Users\user\AppData\Local\Temp\BECE0000

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\BECE0000
Category:	dropped
Dump:	BECE0000.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	7.664520146264211
Encrypted:	false
Ssdeep:	3072:cnxmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZO46M:cng4P4346PgZw9gQad
Size:	153117
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Fri Jun 25 20:06:38 2021, atime=Fri Jun 25 20:06:38 2021, length=8192, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
Category:	dropped
Dump:	Desktop.LNK.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Fri Jun 25 20:06:38 2021, atime=Fri Jun 25 20:06:38 2021, length=8192, window=hide
Entropy:	4.501022480561873
Encrypted:	false
Ssdeep:	12:85QfLgXg/XAlCPCHaXtB8XzB/twX+WnicvbDS9bDtZ3YilMMEpxRljKHUmn6TdJU:85A/XTd6jkYeihDv3qGnirNru/
Size:	867
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Permission-414467145-06252021.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Fri Jun 25 20:06:38 2021, atime=Fri Jun 25 20:06:38 2021, length=153117, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Permission-414467145-06252021.LNK
Category:	dropped
Dump:	Permission-414467145-06252021.LNK.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Fri Jun 25 20:06:38 2021, atime=Fri Jun 25 20:06:38 2021, length=153117, window=hide
Entropy:	4.555970335453609
Encrypted:	false
Ssdeep:	48:8Hf1W/XT0jFL1SaRS8GiQh2Hf1W/XT0jFL1SaRS8GiQ/:8Hf1W/XojFLnGiQh2Hf1W/XojFLnGiQ/
Size:	2228
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Category:	dropped
Dump:	index.dat.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	ASCII text, with CRLF line terminators
Entropy:	4.642670559637109
Encrypted:	false
Ssdeep:	3:oyBVomxW+LxCRTnv5NUltLxCRTnv5NUlmxW+LxCRTnv5NUlv:djHC5vI/FC5vIaC5vI1
Size:	142
Whitelisted:	false
Reputation:	low

C:\Users\user\Desktop\4FCE0000

data

dropped

Details

File:	C:\Users\user\Desktop\4FCE0000
Category:	dropped
Dump:	4FCE0000.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	7.664520146264211
Encrypted:	false
Ssdeep:	3072:cnxmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZO46M:cng4P4346PgZw9gQad
Size:	153117
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2492
Target ID:	0
Parent PID:	584
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Size:	27641504
MD5:	5FB0A0F93382ECD19F5F499A5CAA59F0
Time:	14:06:35
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13fc50000
Modulesize:	27758592
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

regsvr32 ..\Kro.fis

Details

Is windows:	true
Is dropped:	false
PID:	1980
Target ID:	3
Parent PID:	2492
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	regsvr32 ..\Kro.fis
Size:	19456
MD5:	59BCE9F07985F8A4204F4D6554CFF708
Time:	14:06:40
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xffa70000
Modulesize:	32768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

regsvr32 ..\Kro.fis1

Details

Is windows:	true
Is dropped:	false
PID:	3032
Target ID:	4
Parent PID:	2492
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	regsvr32 ..\Kro.fis1
Size:	19456
MD5:	59BCE9F07985F8A4204F4D6554CFF708
Time:	14:06:40
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xffa70000
Modulesize:	32768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

regsvr32 ..\Kro.fis2

Details

Is windows:	true
Is dropped:	false
PID:	2244
Target ID:	5
Parent PID:	2492
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	regsvr32 ..\Kro.fis2
Size:	19456
MD5:	59BCE9F07985F8A4204F4D6554CFF708
Time:	14:06:41
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xffa70000
Modulesize:	32768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check

unknown

http://www.windows.com/pctv.

unknown

http://investor.msn.com

unknown

http://www.msnbc.com/news/ticker.txt

unknown

http://www.icra.org/vocabulary/.

unknown

http://185.183.99.120/44372.5879460648.dat

185.183.99.120

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.

unknown

http://190.14.37.3/44372.5879460648.dat

190.14.37.3

http://185.240.103.219/44372.5879460648.dat

185.240.103.219

http://investor.msn.com/

unknown

http://www.%s.comPA

unknown

http://windowsmedia.com/redir/services.asp?WMPFriendly=true

unknown

http://www.hotmail.com/oe

unknown

http://servername/isapibackend.dll

unknown

There are 4 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

190.14.37.3

unknown

Panama

Details

IP:	190.14.37.3
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Panama
Countrycode:	PAN
ASN number:	52469
ASN name:	OffshoreRacksSAPA
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

185.183.99.120

unknown

Netherlands

Details

IP:	185.183.99.120
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Netherlands
Countrycode:	NLD
ASN number:	60117
ASN name:	HSAE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

185.240.103.219

unknown

Russian Federation

Details

IP:	185.240.103.219
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Russian Federation
Countrycode:	RUS
ASN number:	57724
ASN name:	DDOS-GUARDRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

Registry

Path

Value

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

828

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

MTTT

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ReviewToken

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECA03

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

VBAFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DefaultSheetR2L

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseSystemSeparators

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ThousandsSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DecimalSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECD5D

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECE57

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECF22

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECFAE

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

:<8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

F8FB2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

F9212

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

LastPurgeTime

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EXCELFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SavedLegacySettings

There are 95 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

4562000

unkown

page readonly

2A0000

unkown

page read and write

1E6000

heap default

page read and write

30B000

unkown

page read and write

2BB000

unkown

page read and write

4696000

unkown

page readonly

1F0000

unkown

page write copy

2A6000

unkown

page read and write

3C50000

unkown

page readonly

48D2000

unkown

page readonly

44D5000

unkown

page readonly

24DE000

unkown

page read and write

2F6000

unkown

page read and write

4655000

unkown

page readonly

1E9000

unkown

page read and write

2A0000

unkown

page read and write

E4000

heap private

page read and write

386000

unkown

page read and write

32E000

unkown

page read and write

357000

unkown

page read and write

45E4000

unkown

page readonly

70000

unkown

page read and write

4872000

unkown

page readonly

36E000

unkown

page read and write

5B6000

unkown

page read and write

26C000

unkown

page read and write

4612000

unkown

page readonly

4910000

unkown

page readonly

1F0000

unkown

page write copy

4456000

unkown

page readonly

130000

unkown

page read and write

1B0000

unkown

page read and write

4672000

unkown

page readonly

22C0000

unkown

page read and write

48C5000

unkown

page readonly

4060000

unkown

page readonly

2339000

heap private

page read and write

47A2000

unkown

page readonly

21B0000

heap private

page read and write

5D0000

heap private

page read and write

170000

unkown

page read and write

4539000

unkown

page readonly

283000

heap default

page read and write

2335000

heap private

page read and write

3E0000

heap private

page read and write

2DD000

unkown

page read and write

4125000

heap private

page read and write

30D000

unkown

page read and write

36D000

unkown

page read and write

366000

unkown

page read and write

4750000

unkown

page readonly

4486000

unkown

page readonly

4815000

unkown

page readonly

4404000

unkown

page readonly

4569000

unkown

page readonly

2F0000

unkown

page read and write

4735000

unkown

page readonly

345000

unkown

page read and write

8C0000

unkown

page readonly

2100000

heap private

page read and write

4849000

unkown

page readonly

265000

unkown

page read and write

5D4000

heap private

page read and write

F9000

unkown

page read and write

460000

heap private

page read and write

B2F000

unkown

page read and write

170000

unkown

page read and write

29E000

unkown

page read and write

43C4000

unkown

page readonly

380000

unkown

page read and write

4970000

unkown

page readonly

4742000

unkown

page readonly

4977000

unkown

page readonly

44B6000

unkown

page readonly

44A5000

unkown

page readonly

4829000

unkown

page readonly

E9000

unkown

page read and write

20000

unkown

page readonly

4625000

unkown

page readonly

1D00000

unkown

page readonly

4895000

unkown

page readonly

160000

unkown

page read and write

28E000

unkown

page read and write

4749000

unkown

page readonly

4AB0000

unkown

page readonly

20000

unkown

page readonly

45A4000

unkown

page readonly

4462000

unkown

page readonly

570000

heap private

page read and write

294000

unkown

page read and write

46C9000

unkown

page readonly

2B2000

unkown

page read and write

3A70000

unkown

page readonly

482D000

unkown

page readonly

44ED000

unkown

page readonly

3FC9000

heap private

page read and write

3FC5000

heap private

page read and write

2C3000

unkown

page read and write

46CD000

unkown

page readonly

2160000

unkown

page readonly

386000

unkown

page read and write

190000

unkown

page execute and read and write

43E2000

unkown

page readonly

46B5000

unkown

page readonly

2520000

unkown

page read and write

2DE000

unkown

page read and write

2B5000

unkown

page read and write

47B5000

unkown

page readonly

45C4000

unkown

page readonly

4A70000

unkown

page readonly

213B000

heap private

page read and write

55F000

unkown

page read and write

4765000

unkown

page readonly

44E9000

unkown

page readonly

236B000

heap private

page read and write

386000

unkown

page read and write

3C0000

unkown

page read and write

29A000

unkown

page read and write

4525000

unkown

page readonly

2B5000

unkown

page read and write

4302000

unkown

page readonly

4742000

unkown

page readonly

4AD0000

unkown

page readonly

1EB000

heap default

page read and write

110000

unkown

page execute and read and write

4642000

unkown

page readonly

4492000

unkown

page readonly

2F0000

unkown

page read and write

464000

heap private

page read and write

1A0000

unkown

page readonly

720000

unkown

page readonly

47D2000

unkown

page readonly

3F0000

unkown

page read and write

2A0000

unkown

page read and write

1DD000

heap default

page read and write

314000

unkown

page read and write

6EF000

unkown

page read and write

5E0000

unkown

page readonly

374000

unkown

page read and write

2A6000

unkown

page read and write

190000

unkown

page execute and read and write

16D000

unkown

page read and write

262000

unkown

page read and write

4642000

unkown

page readonly

345000

unkown

page read and write

2440000

unkown

page readonly

2E4000

unkown

page read and write

2E0000

unkown

page read and write

3FC0000

heap private

page read and write

372000

unkown

page read and write

760000

unkown

page readonly

4702000

unkown

page readonly

265000

unkown

page read and write

21E000

heap default

page read and write

313000

heap default

page read and write

70000

unkown

page readonly

2C7000

heap default

page read and write

4636000

unkown

page readonly

20000

unkown

page readonly

4785000

unkown

page readonly

1A7000

heap default

page read and write

31A000

heap default

page read and write

46A2000

unkown

page readonly

1CC0000

unkown

page readonly

292000

unkown

page read and write

5A0000

unkown

page readonly

2B0000

unkown

page write copy

2A0000

unkown

page read and write

2335000

heap private

page read and write

4724000

unkown

page readonly

48A9000

unkown

page readonly

4445000

unkown

page readonly

574000

heap private

page read and write

2C7000

unkown

page read and write

4712000

unkown

page readonly

2F6000

unkown

page read and write

4532000

unkown

page readonly

32A000

unkown

page read and write

43E4000

unkown

page readonly

24A000

unkown

page read and write

4CB7000

unkown

page readonly

20E0000

unkown

page write copy

21B5000

heap private

page read and write

316000

unkown

page read and write

730000

heap private

page read and write

2620000

unkown

page readonly

4879000

unkown

page readonly

34C000

unkown

page read and write

43C2000

unkown

page readonly

21EB000

heap private

page read and write

580000

unkown

page read and write

3F6000

unkown

page read and write

F0000

unkown

page readonly

41C0000

unkown

page readonly

4719000

unkown

page readonly

4770000

unkown

page readonly

2F0000

unkown

page read and write

2BD000

unkown

page read and write

4129000

heap private

page read and write

23C0000

unkown

page readonly

2FE000

heap default

page read and write

330000

unkown

page read and write

2A0000

unkown

page read and write

4A90000

unkown

page readonly

4B57000

unkown

page readonly

590000

heap private

page read and write

2F6000

unkown

page read and write

46E9000

unkown

page readonly

F0000

unkown

page read and write

353000

unkown

page read and write

233000

heap default

page read and write

46C6000

unkown

page readonly

380000

unkown

page read and write

1E0000

heap default

page read and write

43E8000

unkown

page readonly

46E2000

unkown

page readonly

4548000

unkown

page readonly

4730000

unkown

page readonly

2F6000

unkown

page read and write

4842000

unkown

page readonly

45C2000

unkown

page readonly

4120000

heap private

page read and write

43E2000

unkown

page readonly

2BC000

unkown

page read and write

41A0000

unkown

page readonly

4A6000

unkown

page read and write

700000

unkown

page readonly

60000

unkown

page readonly

1E60000

unkown

page readonly

1A0000

heap default

page read and write

2105000

heap private

page read and write

28D000

unkown

page read and write

47C6000

unkown

page readonly

4432000

unkown

page readonly

120000

unkown

page readonly

4585000

unkown

page readonly

3E80000

unkown

page readonly

4722000

unkown

page readonly

2000000

unkown

page readonly

47F6000

unkown

page readonly

4475000

unkown

page readonly

46F2000

unkown

page readonly

4790000

unkown

page readonly

4685000

unkown

page readonly

380000

unkown

page read and write

2A6000

unkown

page read and write

4704000

unkown

page readonly

1FC0000

unkown

page readonly

426000

unkown

page read and write

3E60000

unkown

page readonly

2D6000

unkown

page read and write

44C2000

unkown

page readonly

3E4000

heap private

page read and write

230000

heap default

page read and write

2330000

heap private

page read and write

277000

unkown

page read and write

4555000

unkown

page readonly

386000

unkown

page read and write

39F0000

unkown

page readonly

4DBE000

unkown

page read and write

48A2000

unkown

page readonly

740000

unkown

page readonly

26E000

heap default

page read and write

2330000

heap private

page read and write

4950000

unkown

page readonly

4744000

unkown

page readonly

39D000

unkown

page read and write

45A2000

unkown

page readonly

4502000

unkown

page readonly

4802000

unkown

page readonly

E0000

heap private

page read and write

4F0000

unkown

page read and write

4402000

unkown

page readonly

4040000

unkown

page readonly

4509000

unkown

page readonly

1E7000

heap default

page read and write

E0000

unkown

page read and write

4772000

unkown

page readonly

470000

unkown

page read and write

2180000

unkown

page write copy

46E000

unkown

page read and write

734000

heap private

page read and write

380000

unkown

page read and write

44E6000

unkown

page readonly

4796000

unkown

page readonly

44E2000

unkown

page readonly

4705000

unkown

page readonly

39B000

unkown

page read and write

47E5000

unkown

page readonly

24E000

unkown

page read and write

4865000

unkown

page readonly

28A000

heap default

page read and write

4202000

unkown

page readonly

2230000

unkown

page read and write

4826000

unkown

page readonly

3A4000

unkown

page read and write

273000

unkown

page read and write

2E2000

unkown

page read and write

2A6000

unkown

page read and write

2C4000

unkown

page read and write

1B0000

unkown

page write copy

1A0000

unkown

page readonly

4208000

unkown

page readonly

237000

heap default

page read and write

2F0000

unkown

page read and write

4E1E000

unkown

page read and write

100000

unkown

page readonly

23A000

heap default

page read and write

4A32000

unkown

page readonly

2C0000

heap default

page read and write

342000

unkown

page read and write

4666000

unkown

page readonly

4930000

unkown

page readonly

4542000

unkown

page readonly

594000

heap private

page read and write

45E2000

unkown

page readonly

There are 306 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

IPs

Registry

Memdumps