IOC Report

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\niPie.exe
'C:\Users\user\Desktop\niPie.exe'
clean

URLs

Name
IP
Malicious
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
clean
http://www.symauth.com/cps0(
unknown
clean
http://www.symauth.com/rpa00
unknown
clean
http://ocsp.thawte.com0
unknown
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF5632B7000
unkown image
page readonly
clean
19C000
unkown
page read and write
clean
410000
heap default
page read and write
clean
409000
unkown image
page readonly
clean
2A203200000
unkown
page read and write
clean
2A203780000
unkown image
page readonly
clean
400000
unkown image
page readonly
clean
2A2031D0000
unkown image
page readonly
clean
7FF563274000
unkown image
page readonly
clean
40C000
unkown image
page write copy
clean
7DF56D062000
unkown image
page readonly
clean
7FF5631B1000
unkown image
page readonly
clean
7FF562F21000
unkown image
page readonly
clean
2A203300000
unkown
page read and write
clean
7FF562D61000
unkown image
page readonly
clean
7FFB2000
unkown image
page readonly
clean
7DF46AF20000
unkown image
page readonly
clean
2A203270000
unkown
page read and write
clean
7FF563077000
unkown image
page readonly
clean
7FF563277000
unkown image
page readonly
clean
2A20328C000
unkown
page read and write
clean
7FF5632A3000
unkown image
page readonly
clean
7FF5631DA000
unkown image
page readonly
clean
7FF562D67000
unkown image
page readonly
clean
30000
unkown image
page read and write
clean
870000
unkown image
page readonly
clean
7FF5632B7000
unkown image
page readonly
clean
2A203080000
unkown image
page read and write
clean
7FF5630A6000
unkown image
page readonly
clean
21E0000
heap private
page read and write
clean
2180000
heap private
page read and write
clean
2A203250000
unkown
page read and write
clean
7FF5631D6000
unkown image
page readonly
clean
7FFC0000
unkown image
page readonly
clean
2A2031F0000
unkown
page read and write
clean
7FFB0000
unkown image
page readonly
clean
401000
unkown image
page execute read
clean
7FFC2000
unkown image
page readonly
clean
AFBB27E000
stack
page read and write
clean
2A20324D000
unkown
page read and write
clean
2A203A02000
unkown
page read and write
clean
40C000
unkown image
page read and write
clean
2A20327E000
unkown
page read and write
clean
7FFD0000
unkown image
page readonly
clean
2DD000
unkown
page read and write
clean
7FF5631CD000
unkown image
page readonly
clean
7FFC0000
unkown image
page readonly
clean
7DF56D052000
unkown image
page readonly
clean
2A2030D0000
unkown image
page readonly
clean
7FFB0000
unkown image
page readonly
clean
409000
unkown image
page readonly
clean
7FF562F77000
unkown image
page readonly
clean
72F000
stack
page read and write
clean
2E1000
unkown
page read and write
clean
2A2030A0000
unkown image
page readonly
clean
7FEB0000
unkown image
page readonly
clean
2A20322A000
unkown
page read and write
clean
550000
heap default
page read and write
clean
7DF56D070000
unkown image
page readonly
clean
7FF563135000
unkown image
page readonly
clean
1F0000
unkown
page read and write
clean
AFBACFE000
stack
page read and write
clean
2A203308000
unkown
page read and write
clean
2A203302000
unkown
page read and write
clean
7FF563267000
unkown image
page readonly
clean
7FF5631FD000
unkown image
page readonly
clean
41A000
heap default
page read and write
clean
AFBAEFB000
stack
page read and write
clean
7DF56D050000
unkown image
page readonly
clean
7FF56326D000
unkown image
page readonly
clean
2A20324A000
unkown
page read and write
clean
7FF5632B2000
unkown image
page readonly
clean
40A000
unkown image
page write copy
clean
AFBAF7E000
stack
page read and write
clean
7DF56D060000
unkown image
page readonly
clean
2A203600000
unkown image
page readonly
clean
7FF563261000
unkown image
page readonly
clean
7FFC2000
unkown image
page readonly
clean
C10000
unkown image
page readonly
clean
54E000
stack
page read and write
clean
AFBB077000
stack
page read and write
clean
7FF5631C3000
unkown image
page readonly
clean
7DF56D062000
unkown image
page readonly
clean
9D000
unkown
page read and write
clean
7FF5631AF000
unkown image
page readonly
clean
40A000
unkown image
page read and write
clean
2A2030F0000
heap default
page read and write
clean
7FF5630C5000
unkown image
page readonly
clean
2A203313000
unkown
page read and write
clean
7FF5630F8000
unkown image
page readonly
clean
86F000
stack
page read and write
clean
7DF56D052000
unkown image
page readonly
clean
2A2030A0000
unkown image
page readonly
clean
7FF5630C8000
unkown image
page readonly
clean
7DF56D050000
unkown image
page readonly
clean
7FF56327B000
unkown image
page readonly
clean
7FF5631E2000
unkown image
page readonly
clean
40F000
unkown image
page readonly
clean
7FF5632A6000
unkown image
page readonly
clean
A80000
unkown image
page readonly
clean
7FF56328A000
unkown image
page readonly
clean
7FF5631F6000
unkown image
page readonly
clean
7FF5630C0000
unkown image
page readonly
clean
7FF563087000
unkown image
page readonly
clean
400000
unkown image
page readonly
clean
7FF563207000
unkown image
page readonly
clean
2A2030C0000
unkown image
page readonly
clean
40000
unkown image
page readonly
clean
880000
unkown image
page readonly
clean
7FFD0000
unkown image
page readonly
clean
AFBB17F000
stack
page read and write
clean
7FF563209000
unkown image
page readonly
clean
2A203255000
unkown
page read and write
clean
2A203090000
heap private
page read and write
clean
400000
unkown image
page readonly
clean
2A20323C000
unkown
page read and write
clean
7FF563264000
unkown image
page readonly
clean
A90000
unkown image
page readonly
clean
7FFB2000
unkown image
page readonly
clean
40000
unkown image
page readonly
clean
AFBAC7E000
stack
page read and write
clean
40F000
unkown image
page readonly
clean
7DF56D070000
unkown image
page readonly
clean
2A203213000
unkown
page read and write
clean
7DF56D060000
unkown image
page readonly
clean
AFBA99B000
unkown
page read and write
clean
7FF56304A000
unkown image
page readonly
clean
7FF5631BF000
unkown image
page readonly
clean
76E000
stack
page read and write
clean
2A203400000
unkown image
page readonly
clean
401000
unkown image
page execute read
clean
1A0000
unkown image
page readonly
clean
There are 122 hidden memdumps, click here to show them.