Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Permission-1532161794-06252021.xlsm

Microsoft Excel 2007+

initial sample

Details

Filetype:	Microsoft Excel 2007+
Entropy:	7.666395274852154
Filename:	Permission-1532161794-06252021.xlsm
Filesize:	153750
MD5:	bff78ca6421651b824c41ff73cd63a4d
SHA1:	8a439fe82292dfb61092daa32af6f0152400f002
SHA256:	b4c8a880fae666add98f9a871210d75f7addd4a00a334fb758c791c5ad1d3711
SHA512:	728a7ba287c987f67b480e07d8d947f784c51516743c17dfd5737eb9f4be958b2526452011418bc97c77fc1ff43f35e9bb6d5835d605b3905c96452392d5f183
SSDEEP:	3072:ymKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZOYJ:J4P4346PgZw9gQaVJ
Preview:	PK..........!.........o.......[Content_Types].xml ...(.........................................................................................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Found Excel 4.0 Macro with suspicious formulas	System Summary	Scripting Exploitation for Client Execution
Document is a ZIP file with path names indicative of goodware	System Summary

C:\Users\user\Desktop\~$Permission-1532161794-06252021.xlsm

data

dropped

Details

File:	C:\Users\user\Desktop\~$Permission-1532161794-06252021.xlsm
Category:	dropped
Dump:	~$Permission-1532161794-06252021.xlsm.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	1.4377382811115937
Encrypted:	false
Ssdeep:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
Size:	330
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found Excel 4.0 Macro with suspicious formulas	System Summary	Scripting
Creates files inside the user directory	System Summary	Masquerading
Document is a ZIP file with path names indicative of goodware	System Summary

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1D80F52D.jpg

[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2021:02:11 21:11:18], baseline, precision 8, 1860x1000, frames 3

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1D80F52D.jpg
Category:	dropped
Dump:	1D80F52D.jpg.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2021:02:11 21:11:18], baseline, precision 8, 1860x1000, frames 3
Entropy:	7.677272725029824
Encrypted:	false
Ssdeep:	3072:CmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZOy:54P4346PgZw9gQat
Size:	139381
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Downloads files	Networking	Ingress Tool Transfer

C:\Users\user\AppData\Local\Temp\6CCE0000

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\6CCE0000
Category:	dropped
Dump:	6CCE0000.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	7.664485795476707
Encrypted:	false
Ssdeep:	3072:cnxmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZO4O4:cng4P4346PgZw9gQap
Size:	153117
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sat Jun 26 00:24:37 2021, atime=Sat Jun 26 00:24:37 2021, length=8192, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
Category:	dropped
Dump:	Desktop.LNK.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sat Jun 26 00:24:37 2021, atime=Sat Jun 26 00:24:37 2021, length=8192, window=hide
Entropy:	4.491100138549876
Encrypted:	false
Ssdeep:	12:85Qe+LgXg/XAlCPCHaXtB8XzB/WRlvX+WnicvbOdlbDtZ3YilMMEpxRljKiTdJP8:85I/XTd6jOxYeqvDv3q/rNru/
Size:	867
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Permission-1532161794-06252021.LNK

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Sat Jun 26 00:24:37 2021, atime=Sat Jun 26 00:24:37 2021, length=153117, window=hide

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Permission-1532161794-06252021.LNK
Category:	dropped
Dump:	Permission-1532161794-06252021.LNK.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Sat Jun 26 00:24:37 2021, atime=Sat Jun 26 00:24:37 2021, length=153117, window=hide
Entropy:	4.530521818280758
Encrypted:	false
Ssdeep:	48:8Zk/XT0jkK1RDJZ66R8/Qh2Zk/XT0jkK1RDJZ66R8/Q/:8Zk/XojkKWl/Qh2Zk/XojkKWl/Q/
Size:	2238
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Category:	dropped
Dump:	index.dat.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	ASCII text, with CRLF line terminators
Entropy:	4.723147476288188
Encrypted:	false
Ssdeep:	3:oyBVomxW+LxbLgIVTAXsUltLxbLgIVTAXsUlmxW+LxbLgIVTAXsUlv:djHbMoTAZ/FbMoTAZabMoTAZ1
Size:	145
Whitelisted:	false
Reputation:	low

C:\Users\user\Desktop\FCCE0000

data

dropped

Details

File:	C:\Users\user\Desktop\FCCE0000
Category:	dropped
Dump:	FCCE0000.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	7.664485795476707
Encrypted:	false
Ssdeep:	3072:cnxmKZQmKZ3KNhPQnVbJ2O1gZMys2g4D5JhoD4ZO4O4:cng4P4346PgZw9gQap
Size:	153117
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	1144
Target ID:	0
Parent PID:	584
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Size:	27641504
MD5:	5FB0A0F93382ECD19F5F499A5CAA59F0
Time:	18:24:35
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13fe00000
Modulesize:	27758592
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

regsvr32 ..\Kro.fis

Details

Is windows:	true
Is dropped:	false
PID:	2740
Target ID:	3
Parent PID:	1144
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	regsvr32 ..\Kro.fis
Size:	19456
MD5:	59BCE9F07985F8A4204F4D6554CFF708
Time:	18:24:42
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff050000
Modulesize:	32768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

regsvr32 ..\Kro.fis1

Details

Is windows:	true
Is dropped:	false
PID:	2636
Target ID:	4
Parent PID:	1144
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	regsvr32 ..\Kro.fis1
Size:	19456
MD5:	59BCE9F07985F8A4204F4D6554CFF708
Time:	18:24:42
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff050000
Modulesize:	32768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

regsvr32 ..\Kro.fis2

Details

Is windows:	true
Is dropped:	false
PID:	2924
Target ID:	5
Parent PID:	1144
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	regsvr32 ..\Kro.fis2
Size:	19456
MD5:	59BCE9F07985F8A4204F4D6554CFF708
Time:	18:24:42
Date:	25/06/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff050000
Modulesize:	32768
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Microsoft Office Product Spawning Windows Shell	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check

unknown

http://www.windows.com/pctv.

unknown

http://investor.msn.com

unknown

http://www.msnbc.com/news/ticker.txt

unknown

http://www.icra.org/vocabulary/.

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.

unknown

http://190.14.37.3/44372.7671056713.dat

190.14.37.3

http://investor.msn.com/

unknown

http://www.%s.comPA

unknown

http://windowsmedia.com/redir/services.asp?WMPFriendly=true

unknown

http://www.hotmail.com/oe

unknown

http://185.183.99.120/44372.7671056713.dat

185.183.99.120

http://servername/isapibackend.dll

unknown

There are 3 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

190.14.37.3

unknown

Panama

Details

IP:	190.14.37.3
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Panama
Countrycode:	PAN
ASN number:	52469
ASN name:	OffshoreRacksSAPA
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

185.183.99.120

unknown

Netherlands

Details

IP:	185.183.99.120
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Netherlands
Countrycode:	NLD
ASN number:	60117
ASN name:	HSAE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

185.240.103.219

unknown

Russian Federation

Details

IP:	185.240.103.219
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	Russian Federation
Countrycode:	RUS
ASN number:	57724
ASN name:	DDOS-GUARDRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

#=8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

MTTT

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ReviewToken

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC7F1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

VBAFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DefaultSheetR2L

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseSystemSeparators

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ThousandsSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DecimalSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECB3B

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECC06

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECCD1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECD6D

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ie8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

F9119

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

F9369

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

LastPurgeTime

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EXCELFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SavedLegacySettings

There are 95 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

4358000

unkown

page readonly

1DB0000

unkown

page readonly

4582000

unkown

page readonly

356000

heap default

page read and write

44F2000

unkown

page readonly

266000

unkown

page read and write

34D000

heap default

page read and write

3E2F000

unkown

page read and write

3F70000

unkown

page readonly

47E2000

unkown

page readonly

2170000

unkown

page read and write

4C6000

unkown

page read and write

45F9000

unkown

page readonly

44D2000

unkown

page readonly

20C0000

unkown

page write copy

2120000

heap private

page read and write

2D6000

unkown

page read and write

4840000

unkown

page readonly

810000

unkown

page readonly

45B2000

unkown

page readonly

20E000

unkown

page read and write

3F4000

heap private

page read and write

156000

unkown

page read and write

3F50000

unkown

page readonly

24D000

unkown

page read and write

4C1F000

unkown

page read and write

45C5000

unkown

page readonly

4645000

unkown

page readonly

4422000

unkown

page readonly

4622000

unkown

page readonly

3ED9000

heap private

page read and write

4A0000

unkown

page execute and read and write

2370000

unkown

page readonly

299000

unkown

page read and write

DE000

unkown

page read and write

215B000

heap private

page read and write

4534000

unkown

page readonly

146000

unkown

page read and write

3FD0000

unkown

page readonly

3ED5000

heap private

page read and write

C3000

heap default

page read and write

BDE000

unkown

page read and write

4659000

unkown

page readonly

44E2000

unkown

page readonly

4629000

unkown

page readonly

4B4000

unkown

page read and write

60000

unkown

page readonly

4AD000

unkown

page read and write

39A0000

unkown

page readonly

3D5000

heap private

page read and write

45D6000

unkown

page readonly

680000

unkown

page readonly

4E4000

unkown

page read and write

4559000

unkown

page readonly

4A67000

unkown

page readonly

2320000

unkown

page readonly

280000

unkown

page read and write

120000

unkown

page read and write

3E00000

heap private

page read and write

4552000

unkown

page readonly

46E000

unkown

page read and write

4554000

unkown

page readonly

46D5000

unkown

page readonly

AE000

heap default

page read and write

2270000

unkown

page read and write

310000

heap default

page read and write

4C0000

unkown

page read and write

4625000

unkown

page readonly

260000

unkown

page read and write

3950000

unkown

page readonly

170000

unkown

page readonly

4452000

unkown

page readonly

4B0000

unkown

page readonly

46A5000

unkown

page readonly

1F0000

unkown

page read and write

1C50000

unkown

page readonly

3EA0000

unkown

page readonly

40B000

heap private

page read and write

590000

unkown

page readonly

20A000

unkown

page read and write

482000

unkown

page read and write

FC000

unkown

page read and write

2360000

unkown

page readonly

4452000

unkown

page readonly

70000

heap default

page read and write

690000

unkown

page readonly

407000

heap default

page read and write

114000

heap private

page read and write

11E000

unkown

page read and write

11D000

unkown

page read and write

4595000

unkown

page readonly

45D6000

unkown

page readonly

4659000

unkown

page readonly

400000

heap default

page read and write

3B0000

unkown

page write copy

4552000

unkown

page readonly

1F50000

unkown

page readonly

4770000

unkown

page readonly

4532000

unkown

page readonly

6AF000

unkown

page read and write

4AE000

unkown

page read and write

45C5000

unkown

page readonly

45A6000

unkown

page readonly

3D6000

unkown

page read and write

4675000

unkown

page readonly

146000

unkown

page read and write

4C0000

unkown

page read and write

4C0000

unkown

page read and write

45D9000

unkown

page readonly

1F3000

heap default

page read and write

4529000

unkown

page readonly

2B6000

unkown

page read and write

3F39000

heap private

page read and write

4522000

unkown

page readonly

6B0000

unkown

page readonly

4582000

unkown

page readonly

463D000

unkown

page readonly

3990000

unkown

page readonly

154000

unkown

page read and write

45E2000

unkown

page readonly

42F2000

unkown

page readonly

44B4000

unkown

page readonly

130000

unkown

page read and write

260000

unkown

page read and write

3ED0000

heap private

page read and write

110000

heap private

page read and write

DA000

unkown

page read and write

3DFE000

unkown

page read and write

F0000

unkown

page readonly

130000

unkown

page read and write

44D4000

unkown

page readonly

6B0000

unkown

page readonly

4DD000

unkown

page read and write

3D0000

heap private

page read and write

2125000

heap private

page read and write

4404000

unkown

page readonly

20000

unkown

page readonly

254000

unkown

page read and write

524000

heap private

page read and write

4512000

unkown

page readonly

4C0000

unkown

page read and write

44B2000

unkown

page readonly

122000

unkown

page read and write

266000

unkown

page read and write

146000

unkown

page read and write

684000

heap private

page read and write

394000

heap private

page read and write

485000

unkown

page read and write

4575000

unkown

page readonly

480000

heap private

page read and write

3A0000

unkown

page read and write

22C000

unkown

page read and write

130000

unkown

page read and write

4582000

unkown

page readonly

A2F000

unkown

page read and write

450D000

unkown

page readonly

4842000

unkown

page readonly

35B000

heap default

page read and write

3C0000

unkown

page write copy

45B2000

unkown

page readonly

4C0000

unkown

page read and write

500000

unkown

page readonly

4790000

unkown

page readonly

4820000

unkown

page readonly

4C6000

unkown

page read and write

4565000

unkown

page readonly

4352000

unkown

page readonly

2260000

unkown

page read and write

237000

unkown

page read and write

45A000

heap default

page read and write

77000

heap default

page read and write

1A7000

heap default

page read and write

410000

unkown

page read and write

1F9B000

heap private

page read and write

43E000

heap default

page read and write

4860000

unkown

page readonly

4222000

unkown

page readonly

4689000

unkown

page readonly

3FB0000

unkown

page readonly

4880000

unkown

page readonly

124000

unkown

page read and write

44A6000

unkown

page readonly

2A0000

unkown

page read and write

500000

unkown

page write copy

103000

unkown

page read and write

446000

unkown

page read and write

680000

heap private

page read and write

1E0000

unkown

page read and write

4476000

unkown

page readonly

260000

unkown

page read and write

70000

unkown

page readonly

43F2000

unkown

page readonly

485000

unkown

page read and write

2030000

unkown

page write copy

137000

unkown

page read and write

4509000

unkown

page readonly

1F65000

heap private

page read and write

4589000

unkown

page readonly

3B0000

unkown

page readonly

453000

heap default

page read and write

3A0000

unkown

page execute and read and write

48C000

unkown

page read and write

4750000

unkown

page readonly

F5000

unkown

page read and write

43E4000

unkown

page readonly

146000

unkown

page read and write

1A0000

heap default

page read and write

225000

unkown

page read and write

45A5000

unkown

page readonly

4880000

unkown

page readonly

1F60000

heap private

page read and write

45DD000

unkown

page readonly

222000

unkown

page read and write

2A0000

unkown

page read and write

3A0000

unkown

page readonly

4552000

unkown

page readonly

1A0000

heap private

page read and write

48E0000

unkown

page readonly

3F35000

heap private

page read and write

42F8000

unkown

page readonly

225000

unkown

page read and write

4576000

unkown

page readonly

3F0000

heap private

page read and write

390000

heap private

page read and write

4522000

unkown

page readonly

E0000

unkown

page read and write

F0000

unkown

page read and write

493000

unkown

page read and write

170000

unkown

page read and write

130000

unkown

page read and write

1C20000

unkown

page readonly

21A0000

unkown

page read and write

279000

unkown

page read and write

4482000

unkown

page readonly

44F4000

unkown

page readonly

137000

unkown

page read and write

4C6000

unkown

page read and write

4675000

unkown

page readonly

1A4000

heap private

page read and write

484000

heap private

page read and write

497000

unkown

page read and write

530000

unkown

page readonly

4514000

unkown

page readonly

45A6000

unkown

page readonly

44F5000

unkown

page readonly

24E000

unkown

page read and write

4997000

unkown

page readonly

137000

unkown

page read and write

4652000

unkown

page readonly

1DE000

heap default

page read and write

107000

unkown

page read and write

4228000

unkown

page readonly

4595000

unkown

page readonly

4636000

unkown

page readonly

CA000

heap default

page read and write

48C0000

unkown

page readonly

4639000

unkown

page readonly

4546000

unkown

page readonly

46B9000

unkown

page readonly

3F30000

heap private

page read and write

1FA000

heap default

page read and write

44B2000

unkown

page readonly

43E2000

unkown

page readonly

44C5000

unkown

page readonly

3E05000

heap private

page read and write

260000

unkown

page read and write

4DB000

unkown

page read and write

284000

unkown

page read and write

45F5000

unkown

page readonly

F5000

unkown

page read and write

4424000

unkown

page readonly

160000

unkown

page read and write

190000

unkown

page execute and read and write

4495000

unkown

page readonly

4615000

unkown

page readonly

B1F000

unkown

page read and write

4C6000

unkown

page read and write

266000

unkown

page read and write

20000

unkown

page readonly

520000

heap private

page read and write

4C6000

unkown

page read and write

4682000

unkown

page readonly

44D6000

unkown

page readonly

4606000

unkown

page readonly

4612000

unkown

page readonly

4712000

unkown

page readonly

F2000

unkown

page read and write

26D000

unkown

page read and write

27D000

unkown

page read and write

4402000

unkown

page readonly

4B2000

unkown

page read and write

20B0000

unkown

page write copy

3E09000

heap private

page read and write

137000

unkown

page read and write

1FE0000

unkown

page readonly

2D6000

unkown

page read and write

48A0000

unkown

page readonly

4506000

unkown

page readonly

266000

unkown

page read and write

4652000

unkown

page readonly

233000

unkown

page read and write

46A000

unkown

page read and write

4535000

unkown

page readonly

4465000

unkown

page readonly

4AC7000

unkown

page readonly

490000

unkown

page read and write

317000

heap default

page read and write

4322000

unkown

page readonly

27B000

unkown

page read and write

46B2000

unkown

page readonly

1F20000

unkown

page read and write

14B000

unkown

page read and write

252000

unkown

page read and write

45F2000

unkown

page readonly

4545000

unkown

page readonly

A9000

unkown

page read and write

3E80000

unkown

page readonly

20000

unkown

page readonly

47B0000

unkown

page readonly

14D000

unkown

page read and write

There are 310 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

IPs

Registry

Memdumps