Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

KnZsSmDyF3.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\LocalLow\1xVPfvJcrg

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\LocalLow\Pyg336PceKk.zip

Zip archive data, at least v2.0 to extract

dropped

C:\Users\user\AppData\LocalLow\RYwTiizs2t

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\LocalLow\frAQBc8Wsa

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\LocalLow\machineinfo.txt

ASCII text, with CRLF, CR line terminators

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\AccessibleHandler.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\AccessibleMarshal.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\IA2Marshal.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\MapiProxy.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\MapiProxy_InUse.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-file-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-file-l2-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-handle-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-heap-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-interlocked-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-libraryloader-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-localization-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-memory-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-namedpipe-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processenvironment-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processthreads-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processthreads-l1-1-1.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-profile-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-string-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-synch-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-synch-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-sysinfo-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-timezone-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-util-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-conio-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-convert-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-environment-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-filesystem-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-heap-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-locale-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-math-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-multibyte-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-private-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-process-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-runtime-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-stdio-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-string-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-time-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-utility-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\breakpadinjector.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\iV7fW1cG3y_.zip

Zip archive data, at least v2.0 to extract

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\ldap60.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\ldif60.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\lgpllibs.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\libEGL.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\mozMapi32.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\mozMapi32_InUse.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\nssckbi.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\nssdbm3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\prldap60.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\qipcap.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\ucrtbase.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\nW6mI-7yS1k\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\rQF69AzBla

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\Users\user\AppData\LocalLow\sqlite3.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

There are 57 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\KnZsSmDyF3.exe

'C:\Users\user\Desktop\KnZsSmDyF3.exe'

Details

Is windows:	false
Is dropped:	false
PID:	4712
Target ID:	1
Parent PID:	5764
Name:	KnZsSmDyF3.exe
Path:	C:\Users\user\Desktop\KnZsSmDyF3.exe
Commandline:	'C:\Users\user\Desktop\KnZsSmDyF3.exe'
Size:	506880
MD5:	AA717550158FAF72A3776CE7115F80D3
Time:	11:27:57
Date:	22/07/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	6139904
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Detected unpacking (overwrites its own PE header)	Compliance, Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Raccoon Stealer	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains strange resources	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary

URLs

Name

Malicious

https://telete.in/org/img/t_logo.png

unknown

https://telete.in/jagressor_kz

https://telete.in/jagressor_kzn-

unknown

https://duckduckgo.com/chrome_newtab

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

http://94.228.114.197//l/f/t--ny3oBagrSXdgRr-eA/ae3c4e3333af17553eef71298da070dcf215425f2y

unknown

https://duckduckgo.com/ac/?q=

unknown

http://94.228.114.197//l/f/t--ny3oBagrSXdgRr-eA/65fddda9bf877b11988a80a9c7a03ff1ac6a108f277U

unknown

http://94.228.114.197/2t

unknown

https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0renc

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://cps.letsencrypt.org0

unknown

https://support.google.com/chrome/?p=pV

unknown

http://94.228.114.197//l/f/t--ny3oBagrSXdgRr-eA/ae3c4e3333af17553eef71298da070dcf215425f4

unknown

http://r3.i.lencr.org/0Y

unknown

https://support.google.com/chrome/answer/6258784

unknown

http://94.228.114.197/

94.228.114.197

http://ocsp.thawte.com0

unknown

http://www.mozilla.com0

unknown

https://www.google.com/chrome/static/images/favicons/favicon-16x16.png

unknown

http://94.228.114.197/I_

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://support.google.com/chrome/?p=plugin_flash

unknown

https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search

unknown

http://94.228.114.197/S

unknown

https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0n_

unknown

http://94.228.114.197//l/f/t--ny3oBagrSXdgRr-eA/ae3c4e3333af17553eef71298da070dcf215425f

94.228.114.197

https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0H

unknown

https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

https://support.google.com/chrome/?p=plugin_shockwave

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

http://r3.o.lencr.org0

unknown

http://94.228.114.197

unknown

https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://94.228.114.197/dhHq

unknown

http://94.228.114.197//l/f/t--ny3oBagrSXdgRr-eA/65fddda9bf877b11988a80a9c7a03ff1ac6a108f=jsonoL

unknown

http://www.sqlite.org/copyright.html.

unknown

http://94.228.114.197//l/f/t--ny3oBagrSXdgRr-eA/65fddda9bf877b11988a80a9c7a03ff1ac6a108f

94.228.114.197

http://cps.root-x1.letsencrypt.org0

unknown

https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://wa228.114.197/

unknown

There are 35 hidden URLs, click here to show them.

Domains

Name

Malicious

telete.in

195.201.225.248

Details

Name:	telete.in
IP:	195.201.225.248
TargetID:	1
Current Path:	C:\Users\user\Desktop\KnZsSmDyF3.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

195.201.225.248

telete.in

Germany

Details

IP:	195.201.225.248
TargetID:	1
Current Path:	C:\Users\user\Desktop\KnZsSmDyF3.exe
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false
Domain:	telete.in

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

94.228.114.197

unknown

Russian Federation

Details

IP:	94.228.114.197
TargetID:	1
Current Path:	C:\Users\user\Desktop\KnZsSmDyF3.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	61333
ASN name:	ASTRALUSDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

2770000

unkown

page read and write

400000

unkown image

page execute and read and write

2670000

unkown

page execute and read and write

7FF514C59000

unkown

page readonly

DB0000

unkown

page read and write

169A0F00000

unkown

page read and write

2C1D000

unkown

page read and write

60FB47F000

unkown

page read and write

400000

unkown image

page readonly

CC0000

heap private

page read and write

326000

unkown

page read and write

7FF514C76000

unkown

page readonly

6E2F6000

unkown image

page write copy

6E1D1000

unkown image

page execute read

169A0E3C000

unkown

page read and write

7FF514ACE000

unkown

page readonly

4BA70000

unkown

page readonly

169A0D70000

unkown

page readonly

4C860000

unkown

page read and write

7FF514CA4000

unkown

page readonly

60FAD6E000

unkown

page read and write

9E0000

unkown

page readonly

CB0000

unkown

page read and write

7FF514B41000

unkown

page readonly

7FF514D09000

unkown

page readonly

7FF514C18000

unkown

page readonly

169A0F08000

unkown

page read and write

4C8CB000

unkown

page read and write

4C87A000

unkown

page read and write

2ADD000

unkown

page read and write

7FF514CA7000

unkown

page readonly

AEE000

unkown

page read and write

4C8B7000

unkown

page read and write

DCD000

unkown

page read and write

9C0000

unkown image

page read and write

169A0C90000

unkown

page readonly

169A0E55000

unkown

page read and write

7FF514C3E000

unkown

page readonly

7FF514C6D000

unkown

page readonly

32F000

unkown

page read and write

7FF514D09000

unkown

page readonly

4B97F000

unkown

page read and write

6E1D0000

unkown image

page readonly

6E181000

unkown image

page execute read

ECF000

unkown

page read and write

28D0000

heap private

page read and write

DC6000

unkown

page read and write

29DF000

unkown

page read and write

D54000

unkown

page read and write

C8E000

unkown

page read and write

7FF514CA0000

unkown

page readonly

7FF514C02000

unkown

page readonly

7FF514B7C000

unkown

page readonly

2760000

heap private

page read and write

4C8D3000

unkown

page read and write

DBB000

unkown

page read and write

169A0E2A000

unkown

page read and write

4B995000

unkown

page read and write

4BCFE000

unkown

page read and write

7FF514C4F000

unkown

page readonly

329000

unkown

page read and write

401000

unkown image

page execute read

28D7000

heap private

page read and write

D56000

unkown

page read and write

B2E000

unkown

page read and write

DBC000

unkown

page read and write

6E2FB000

unkown image

page readonly

169A0E7D000

unkown

page read and write

169A0E6C000

unkown

page read and write

7FF514B1D000

unkown

page readonly

4C861000

unkown

page read and write

CB0000

unkown

page read and write

B40000

heap default

page read and write

6E2C0000

unkown image

page readonly

DC3000

unkown

page read and write

6E1D0000

unkown image

page readonly

4B998000

unkown

page read and write

28CE000

unkown

page read and write

32C000

unkown

page read and write

169A1602000

unkown

page read and write

C90000

unkown

page readonly

7FF514C2A000

unkown

page readonly

60FB0F5000

unkown

page read and write

9D6000

unkown image

page readonly

6E199000

unkown image

page readonly

C4F000

unkown

page read and write

319000

unkown

page read and write

7FF514C12000

unkown

page readonly

D5C000

unkown

page read and write

335000

unkown

page read and write

7FF514C7C000

unkown

page readonly

ED0000

unkown

page readonly

B30000

unkown

page readonly

60FADEE000

unkown

page read and write

D70000

unkown

page read and write

4B960000

unkown

page read and write

D70000

unkown

page read and write

6E1A0000

unkown image

page read and write

4BE10000

unkown

page readonly

7FF514810000

unkown

page readonly

6E1A2000

unkown image

page readonly

D63000

unkown

page read and write

4B97B000

unkown

page read and write

31DE000

unkown

page read and write

286F000

unkown

page read and write

274E000

unkown

page read and write

2B1D000

unkown

page read and write

9D6000

unkown image

page readonly

2880000

heap private

page read and write

D5C000

unkown

page read and write

4BE50000

unkown

page read and write

CB0000

unkown

page readonly

4C8D5000

unkown

page read and write

4B982000

unkown

page read and write

26F9000

unkown

page execute and read and write

7FF514D01000

unkown

page readonly

4C8CD000

unkown

page read and write

169A0C80000

heap default

page read and write

60FB377000

unkown

page read and write

CB0000

unkown

page read and write

169A0F02000

unkown

page read and write

199000

unkown

page read and write

9C000

unkown

page read and write

4B984000

unkown

page read and write

169A1460000

unkown

page readonly

31D000

unkown

page read and write

6E2F8000

unkown image

page read and write

4BDFF000

unkown

page read and write

2750000

unkown

page readonly

CD0000

heap default

page read and write

169A0D60000

unkown

page readonly

7FF514B47000

unkown

page readonly

7FF514AF8000

unkown

page readonly

61E00000

unkown image

page readonly

4B989000

unkown

page read and write

7FF514C16000

unkown

page readonly

DBB000

unkown

page read and write

6E180000

unkown image

page readonly

60FACEB000

unkown

page read and write

4C890000

unkown

page read and write

7FF514800000

unkown

page readonly

169A0E8A000

unkown

page read and write

169A0E02000

unkown

page read and write

9C4000

unkown image

page readonly

7FF514C45000

unkown

page readonly

30DE000

unkown

page read and write

169A0E4F000

unkown

page read and write

464000

unkown image

page write copy

169A0F13000

unkown

page read and write

169A0D80000

unkown

page read and write

4B998000

unkown

page read and write

4B996000

unkown

page read and write

7FF514B13000

unkown

page readonly

DC0000

unkown

page read and write

60FB1FB000

unkown

page read and write

9C4000

unkown image

page readonly

4B97F000

unkown

page read and write

169A0C20000

heap private

page read and write

4C8BB000

unkown

page read and write

6E180000

unkown image

page readonly

4C890000

unkown

page read and write

2F9E000

unkown

page read and write

332000

unkown

page read and write

4B9AF000

unkown

page read and write

4C850000

unkown

page read and write

7FF514A8F000

unkown

page readonly

169A1000000

unkown

page readonly

D36000

unkown

page read and write

169A1800000

unkown

page readonly

7FF514C00000

unkown

page readonly

DC7000

unkown

page read and write

1F0000

unkown

page read and write

2C20000

unkown

page readonly

169A0E00000

unkown

page read and write

169A0E8E000

unkown

page read and write

4C88B000

unkown

page read and write

DCB000

unkown

page read and write

309F000

unkown

page read and write

4C869000

unkown

page read and write

169A0E13000

unkown

page read and write

7FF514C86000

unkown

page readonly

CE6000

unkown

page execute and read and write

400000

unkown image

page readonly

CDA000

heap default

page read and write

7FF514A2A000

unkown

page readonly

7FF514CFE000

unkown

page readonly

27F8000

unkown

page read and write

7FF514ADA000

unkown

page readonly

60FB57F000

unkown

page read and write

7FF514C8C000

unkown

page readonly

4C8AD000

unkown

page read and write

CA0000

unkown

page readonly

60FB27E000

unkown

page read and write

7FF51495D000

unkown

page readonly

DB0000

unkown

page read and write

7FF5147FA000

unkown

page readonly

7FF514C95000

unkown

page readonly

There are 187 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Memdumps