Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\gunzipped.exe

"C:\Users\user\Desktop\gunzipped.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7024
Target ID:	0
Parent PID:	3952
Name:	gunzipped.exe
Path:	C:\Users\user\Desktop\gunzipped.exe
Commandline:	"C:\Users\user\Desktop\gunzipped.exe"
Size:	421112
MD5:	C2301B62539ADCBA29DCF6A3200BD017
Time:	07:57:21
Date:	06/01/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	3858432
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Oski Stealer	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Oski Stealer	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\Desktop\gunzipped.exe

"C:\Users\user\Desktop\gunzipped.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1068
Target ID:	1
Parent PID:	7024
Name:	gunzipped.exe
Path:	C:\Users\user\Desktop\gunzipped.exe
Commandline:	"C:\Users\user\Desktop\gunzipped.exe"
Size:	421112
MD5:	C2301B62539ADCBA29DCF6A3200BD017
Time:	07:57:23
Date:	06/01/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	3858432
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Oski Stealer	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Oski Stealer	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /pid 1068 & erase C:\Users\user\Desktop\gunzipped.exe & RD /S /Q C:\\ProgramData\\834793065949733\\* & exit

Details

Is windows:	true
Is dropped:	false
PID:	3120
Target ID:	2
Parent PID:	1068
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	"C:\Windows\System32\cmd.exe" /c taskkill /pid 1068 & erase C:\Users\user\Desktop\gunzipped.exe & RD /S /Q C:\\ProgramData\\834793065949733\\* & exit
Size:	232960
MD5:	F3BDBE3BB6F734E357235F4D5898582D
Time:	07:57:35
Date:	06/01/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xd80000
Modulesize:	364544
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	4140
Target ID:	3
Parent PID:	3120
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	625664
MD5:	EA777DEEA782E8B4D7C7C33BBF8A4496
Time:	07:57:36
Date:	06/01/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7f20f0000
Modulesize:	651264
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\taskkill.exe

taskkill /pid 1068

Details

Is windows:	true
Is dropped:	false
PID:	5332
Target ID:	4
Parent PID:	3120
Name:	taskkill.exe
Path:	C:\Windows\SysWOW64\taskkill.exe
Commandline:	taskkill /pid 1068
Size:	74752
MD5:	15E2E0ACD891510C6268CB8899F2A1A1
Time:	07:57:36
Date:	06/01/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xc50000
Modulesize:	86016
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses taskkill to terminate processes	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://2.56.57.108/osk//4.jpg

2.56.57.108

http://2.56.57.108/osk//5.jpg

2.56.57.108

http://2.56.57.108/osk//main.php

2.56.57.108

http://ocsp.thawte.com0

unknown

http://www.mozilla.com0

unknown

http://2.56.57.108/osk//1.jpg

2.56.57.108

http://2.56.57.108/osk//6.jpg

2.56.57.108

http://2.56.57.108/osk//2.jpg

2.56.57.108

http://2.56.57.108/osk//7.jpg

2.56.57.108

http://2.56.57.108/osk//1.jpghttp://2.56.57.108/osk//4.jpghttp://2.56.57.108/osk//7.jpghttp://2.56.5

unknown

http://2.56.57.108/osk//3.jpg

2.56.57.108

http://2.56.57.108/osk//5.jpg2

unknown

http://2.56.57.108/osk/

2.56.57.108

http://2.56.57.108/osk//2.jpghttp://2.56.57.108/osk//6.jpghttp://2.56.57.108/osk//3.jpghttp://2.56.5

unknown

http://2.56.57.108/osk//7.jpgB

unknown

https://duckduckgo.com/chrome_newtab

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://support.google.com/chrome/answer/6258784

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://support.google.com/chrome/?p=plugin_flash

unknown

https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

http://nsis.sf.net/NSIS_Error

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

There are 19 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

2.56.57.108

unknown

Netherlands

Details

IP:	2.56.57.108
TargetID:	1
Current Path:	C:\Users\user\Desktop\gunzipped.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	395800
ASN name:	GBTCLOUDUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Posts data to a JPG file (protocol mismatch)	Networking	Data Obfuscation
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

2CB0000

unkown

page read and write

7B0000

unkown

page execute and read and write

7B0000

unkown

page execute and read and write

7B0000

unkown

page execute and read and write

7B0000

unkown

page execute and read and write

2725000

heap private

page read and write

7B0000

unkown

page execute and read and write

38D0000

unkown

page read and write

40000

unkown image

page readonly

E16000

unkown image

page readonly

400000

unkown image

page readonly

407000

unkown image

page readonly

7FFC2000

unkown image

page readonly

25AE000

stack

page read and write

2F9B000

unkown

page read and write

33F1000

unkown

page read and write

6F301000

unkown image

page execute read

400000

unkown image

page readonly

3626000

heap private

page read and write

2581000

unkown

page read and write

C9A000

unkown

page read and write

3626000

heap private

page read and write

7FFB0000

unkown image

page readonly

25E0000

heap private

page read and write

409000

unkown image

page write copy

40000

unkown image

page readonly

7FC12000

unkown image

page readonly

2F9B000

unkown

page read and write

FE0000

unkown image

page readonly

7FFC2000

unkown image

page readonly

7FFB2000

unkown image

page readonly

2674000

unkown

page read and write

7AB000

unkown image

page readonly

7FFD0000

unkown image

page readonly

C3C000

heap default

page read and write

2BA8000

unkown

page read and write

7AB000

unkown image

page readonly

7FFC2000

unkown image

page readonly

2DEF000

stack

page read and write

3ABA000

heap private

page read and write

CA5000

unkown

page read and write

94A000

unkown

page read and write

2E06000

unkown

page read and write

7AB000

unkown image

page readonly

7AB000

unkown image

page readonly

7FFD0000

unkown image

page readonly

33F0000

unkown

page read and write

2CF0000

unkown

page read and write

C6F000

stack

page read and write

407000

unkown image

page readonly

2F9F000

unkown

page read and write

7FFC0000

unkown image

page readonly

A40000

unkown

page read and write

C9A000

unkown

page read and write

C9A000

unkown

page read and write

1B0000

unkown image

page readonly

1A0000

unkown image

page readonly

409000

unkown image

page write copy

2E80000

unkown

page read and write

400000

unkown image

page readonly

409000

unkown image

page write copy

2768000

heap private

page read and write

1160000

unkown image

page readonly

7FFB0000

unkown image

page readonly

CA5000

unkown

page read and write

BD0000

unkown image

page readonly

2CF0000

unkown

page read and write

2B90000

unkown

page read and write

2E80000

unkown

page read and write

2E80000

unkown

page read and write

A2E000

stack

page read and write

7FFB2000

unkown image

page readonly

31F1000

unkown

page read and write

7FC20000

unkown image

page readonly

BD0000

unkown image

page readonly

FB0000

unkown image

page readonly

2B7000

unkown

page read and write

3170000

heap default

page read and write

3622000

heap private

page read and write

C9A000

unkown

page read and write

2675000

unkown

page read and write

2BB3000

unkown image

page readonly

7FFD0000

unkown image

page readonly

7E5000

unkown

page execute and read and write

7FFB0000

unkown image

page readonly

3A60000

unkown image

page readonly

6F346000

unkown image

page read and write

1B0000

unkown image

page readonly

7FFC0000

unkown image

page readonly

400000

unkown image

page readonly

7FC22000

unkown image

page readonly

7AB000

unkown image

page readonly

1A0000

unkown image

page readonly

7FFB0000

unkown image

page readonly

2E06000

unkown

page read and write

409000

unkown image

page write copy

400000

unkown image

page readonly

C9A000

unkown

page read and write

30AE000

stack

page read and write

7FFD0000

unkown image

page readonly

7FC22000

unkown image

page readonly

26FE000

stack

page read and write

7FC12000

unkown image

page readonly

37F0000

unkown

page read and write

BD0000

unkown image

page readonly

C44000

heap default

page read and write

B6D000

stack

page read and write

40000

unkown image

page readonly

2E06000

unkown

page read and write

8D0000

heap private

page read and write

7FFB0000

unkown image

page readonly

26BE000

stack

page read and write

2F9F000

unkown

page read and write

CA5000

unkown

page read and write

2550000

unkown

page read and write

8FA000

heap default

page read and write

C8E000

heap default

page read and write

2F2F000

stack

page read and write

7D7000

unkown

page readonly

CA5000

unkown

page read and write

31F0000

unkown

page read and write

2F9F000

unkown

page read and write

784000

unkown image

page read and write

7FFB2000

unkown image

page readonly

3C90000

heap private

page read and write

2E06000

unkown

page read and write

2E80000

unkown

page read and write

BE8000

heap default

page read and write

31F1000

unkown

page read and write

7FFD0000

unkown image

page readonly

7E0000

heap default

page read and write

7FFC2000

unkown image

page readonly

40000

unkown image

page readonly

31B000

unkown

page read and write

948000

heap default

page read and write

2674000

unkown

page read and write

C82000

unkown

page read and write

7FFD0000

unkown image

page readonly

91C000

stack

page read and write

2AF5000

unkown image

page readonly

BE0000

heap default

page read and write

C9A000

unkown

page read and write

409000

unkown image

page write copy

401000

unkown image

page execute read

1A0000

unkown image

page readonly

CAA000

unkown

page read and write

CA5000

unkown

page read and write

D70000

unkown

page read and write

C9A000

unkown

page read and write

D30000

unkown image

page readonly

1B0000

unkown image

page readonly

6F300000

unkown image

page readonly

324000

unkown

page read and write

3409000

unkown

page read and write

D40000

unkown image

page readonly

D40000

unkown image

page readonly

7FFC2000

unkown image

page readonly

1B0000

unkown image

page readonly

2E06000

unkown

page read and write

303E000

stack

page read and write

328D000

unkown

page read and write

2A6E000

stack

page read and write

CA5000

unkown

page read and write

400000

unkown image

page readonly

CA5000

unkown

page read and write

30F000

unkown

page read and write

401000

unkown image

page execute read

C9A000

unkown

page read and write

407000

unkown image

page readonly

2E80000

unkown

page read and write

401000

unkown image

page execute read

7FFD0000

unkown image

page readonly

30000

unkown image

page read and write

332B000

unkown

page read and write

7FFC2000

unkown image

page readonly

C97000

unkown

page read and write

25D0000

heap private

page read and write

C2D000

unkown

page read and write

A60000

heap default

page read and write

2E80000

unkown

page read and write

1A0000

unkown image

page readonly

7E0000

unkown

page execute and read and write

7FC12000

unkown image

page readonly

7FC12000

unkown image

page readonly

7FC20000

unkown image

page readonly

7FFB2000

unkown image

page readonly

2B12000

unkown image

page readonly

780000

unkown image

page read and write

7FFB2000

unkown image

page readonly

D30000

unkown image

page readonly

31F1000

unkown

page read and write

400000

unkown image

page readonly

D30000

unkown image

page readonly

3626000

heap private

page read and write

C9A000

unkown

page read and write

400000

unkown image

page readonly

25B0000

unkown

page read and write

8F0000

stack

page read and write

C9A000

unkown

page read and write

BAE000

stack

page read and write

7FEB0000

unkown image

page readonly

2BB8000

unkown image

page readonly

948000

unkown

page read and write

7FFB2000

unkown image

page readonly

40000

unkown image

page readonly

2F9B000

unkown

page read and write

CA5000

unkown

page read and write

401000

unkown image

page execute read

7FC22000

unkown image

page readonly

407000

unkown image

page readonly

3341000

unkown

page read and write

C93000

unkown

page read and write

1A0000

unkown image

page readonly

1B0000

unkown image

page readonly

7FFC2000

unkown image

page readonly

7FFB2000

unkown image

page readonly

2CF0000

unkown

page read and write

400000

unkown image

page readonly

6F341000

unkown image

page readonly

332A000

unkown

page read and write

7FC10000

unkown image

page readonly

407000

unkown image

page readonly

30000

unkown image

page read and write

A3E000

stack

page read and write

7FFC0000

unkown image

page readonly

2580000

unkown

page read and write

37F0000

unkown

page read and write

3443000

unkown

page read and write

40000

unkown image

page readonly

2F6C000

stack

page read and write

926000

heap default

page read and write

7FFC0000

unkown image

page readonly

DAE000

stack

page read and write

948000

unkown

page read and write

7E5000

heap default

page read and write

2760000

heap private

page read and write

7FFD0000

unkown image

page readonly

E16000

unkown image

page readonly

7AB000

unkown image

page readonly

401000

unkown image

page execute read

2F9F000

unkown

page read and write

7B0000

unkown

page execute and read and write

7FFC2000

unkown image

page readonly

40000

unkown image

page readonly

D50000

unkown

page read and write

7FFB2000

unkown image

page readonly

D2E000

unkown

page read and write

6F349000

unkown image

page readonly

7FC30000

unkown image

page readonly

409000

unkown image

page write copy

7FFB2000

unkown image

page readonly

7FFD0000

unkown image

page readonly

8F0000

heap default

page read and write

7FFB2000

unkown image

page readonly

2F7B000

unkown

page read and write

60900000

unkown image

page readonly

3178000

unkown

page read and write

7FFC0000

unkown image

page readonly

31AF000

stack

page read and write

2E2E000

stack

page read and write

C9A000

unkown

page read and write

1A0000

unkown image

page readonly

345B000

unkown

page read and write

C9A000

unkown

page read and write

7FFC2000

unkown image

page readonly

400000

unkown image

page readonly

2CEE000

stack

page read and write

2720000

heap private

page read and write

CA5000

unkown

page read and write

C9A000

unkown

page read and write

7FC30000

unkown image

page readonly

C87000

unkown

page read and write

1B0000

unkown image

page readonly

1A0000

unkown image

page readonly

7FC30000

unkown image

page readonly

409000

unkown image

page write copy

7B0000

unkown

page read and write

7E5000

unkown

page readonly

2CA0000

unkown image

page readonly

318A000

unkown

page read and write

2B98000

unkown

page read and write

2B6F000

stack

page read and write

2F7F000

unkown

page read and write

7FFB0000

unkown image

page readonly

1B0000

unkown image

page readonly

3447000

unkown

page read and write

401000

unkown image

page execute read

B2F000

stack

page read and write

409000

unkown image

page write copy

2E06000

unkown

page read and write

407000

unkown image

page readonly

1B0000

unkown image

page readonly

400000

unkown image

page readonly

401000

unkown image

page execute read

3920000

unkown

page read and write

407000

unkown image

page readonly

40000

unkown image

page readonly

344A000

unkown

page read and write

3AEE000

unkown

page read and write

409000

unkown image

page write copy

19A000

unkown

page read and write

92E000

stack

page read and write

2F9B000

unkown

page read and write

2F9F000

unkown

page read and write

7FFD0000

unkown image

page readonly

409000

unkown image

page write copy

CA5000

unkown

page read and write

401000

unkown image

page execute read

7FFB2000

unkown image

page readonly

7FC10000

unkown image

page readonly

327000

unkown

page read and write

7AB000

unkown image

page readonly

82C000

stack

page read and write

31F1000

unkown

page read and write

CA5000

unkown

page read and write

40000

unkown image

page readonly

407000

unkown image

page readonly

D40000

unkown image

page readonly

2BB8000

unkown image

page readonly

7FFB0000

unkown image

page readonly

3620000

heap private

page read and write

31F7000

unkown

page read and write

2CF0000

unkown

page read and write

A50000

unkown image

page readonly

DE0000

unkown image

page readonly

7C0000

unkown image

page readonly

A65000

heap default

page read and write

CA5000

unkown

page read and write

38F0000

unkown

page read and write

7FFC0000

unkown image

page readonly

37F0000

unkown

page read and write

7AB000

unkown image

page readonly

C4A000

heap default

page read and write

1B0000

unkown image

page readonly

786000

unkown image

page read and write

306C000

stack

page read and write

7AB000

unkown image

page readonly

401000

unkown image

page execute read

920000

heap default

page read and write

7A0000

unkown image

page read and write

7FFB0000

unkown image

page readonly

CA5000

unkown

page read and write

C8A000

unkown

page read and write

2CF0000

unkown

page read and write

7FB10000

unkown image

page readonly

7FFD0000

unkown image

page readonly

7FC10000

unkown image

page readonly

1A0000

unkown image

page readonly

C9A000

unkown

page read and write

7B0000

unkown

page execute and read and write

BD0000

unkown image

page readonly

2BB8000

unkown image

page readonly

CA5000

unkown

page read and write

3189000

unkown

page read and write

318000

unkown

page read and write

2F9F000

unkown

page read and write

2CF0000

unkown

page read and write

31F1000

unkown

page read and write

343C000

unkown

page read and write

332B000

unkown

page read and write

DDF000

stack

page read and write

31F1000

unkown

page read and write

7FC30000

unkown image

page readonly

332A000

unkown

page read and write

33F0000

unkown

page read and write

6F300000

unkown image

page readonly

2A2F000

stack

page read and write

40000

unkown image

page readonly

326F000

unkown

page read and write

31F1000

unkown

page read and write

B6E000

stack

page read and write

C9A000

unkown

page read and write

CA5000

unkown

page read and write

7FC20000

unkown image

page readonly

2BB8000

unkown image

page readonly

308000

unkown

page read and write

30C0000

heap default

page read and write

2E80000

unkown

page read and write

7FFC0000

unkown image

page readonly

7FC20000

unkown image

page readonly

BC0000

unkown image

page read and write

7E5000

unkown

page execute and read and write

401000

unkown image

page execute read

3451000

unkown

page read and write

2BAF000

stack

page read and write

7FFB0000

unkown image

page readonly

3BED000

stack

page read and write

E16000

unkown image

page readonly

7AB000

unkown image

page readonly

E16000

unkown image

page readonly

31F1000

unkown

page read and write

7FC22000

unkown image

page readonly

7FFB0000

unkown image

page readonly

CA5000

unkown

page read and write

2CF0000

unkown

page read and write

2E06000

unkown

page read and write

407000

unkown image

page readonly

7E5000

unkown

page execute and read and write

77A000

unkown image

page read and write

7FFC0000

unkown image

page readonly

7FC10000

unkown image

page readonly

CA5000

unkown

page read and write

1130000

unkown image

page readonly

31F1000

unkown

page read and write

7FFC0000

unkown image

page readonly

7FFB0000

unkown image

page readonly

7FFC2000

unkown image

page readonly

31F1000

unkown

page read and write

1A0000

unkown image

page readonly

7FFC0000

unkown image

page readonly

D40000

unkown image

page readonly

CAE000

stack

page read and write

2F9B000

unkown

page read and write

40000

unkown image

page readonly

2B1B000

unkown image

page readonly

7B0000

unkown

page execute and read and write

407000

unkown image

page readonly

7FFC2000

unkown image

page readonly

326F000

unkown

page read and write

2F9F000

unkown

page read and write

DB0000

unkown image

page readonly

3189000

heap default

page read and write

400000

unkown image

page readonly

9C000

unkown

page read and write

2B3000

unkown

page read and write

7FEB0000

unkown image

page readonly

3AB0000

heap private

page read and write

2730000

unkown

page read and write

D30000

unkown image

page readonly

3451000

unkown

page read and write

7AB000

unkown image

page readonly

7FFC0000

unkown image

page readonly

7B1000

unkown

page execute read

3207000

unkown

page read and write

7A8000

unkown image

page read and write

409000

unkown image

page read and write

407000

unkown image

page readonly

401000

unkown image

page execute read

3341000

unkown

page read and write

31F1000

unkown

page read and write

BB0000

unkown

page read and write

2B17000

unkown image

page readonly

2F9B000

unkown

page read and write

343F000

stack

page read and write

3445000

unkown

page read and write

2F9B000

unkown

page read and write

19E000

unkown

page execute and read and write

31F7000

unkown

page read and write

2CAF000

stack

page read and write

400000

unkown image

page readonly

There are 440 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files

Processes

URLs

IPs

Memdumps