Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

D009780.exe

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

initial sample

C:\Users\user\AppData\Local\Temp\44872984602731657557515.tmp

SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 3, database pages 22, 1st free page 7, free pages 2, cookie 0x10, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-console-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-datetime-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-debug-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-errorhandling-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-file-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-file-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-file-l2-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-handle-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-heap-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-interlocked-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-libraryloader-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-localization-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-memory-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-namedpipe-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-processenvironment-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-processthreads-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-processthreads-l1-1-1.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-profile-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-string-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-synch-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-synch-l1-2-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-sysinfo-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-timezone-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-core-util-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-conio-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-convert-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-environment-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-filesystem-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-heap-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-locale-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-math-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-multibyte-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-private-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-process-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-runtime-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-stdio-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-string-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-time-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\api-ms-win-crt-utility-l1-1-0.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\nssdbm3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\ucrtbase.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\54E0C079\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsh3A3C.tmp\System.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Anhydridizes.Imi121

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Staveren\Kolkhozy\Fatalists\Cassythaceae\Psammologist.Pan

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Staveren\Kolkhozy\Fatalists\Cassythaceae\libxml2-2.0.typelib

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Staveren\Kolkhozy\Fatalists\Cassythaceae\memstat.c

C source, ASCII text

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Staveren\Kolkhozy\Fatalists\Cassythaceae\selection-end-symbolic.symbolic.png

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

dropped

There are 46 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\D009780.exe

Details

Is windows:	false
Is dropped:	false
PID:	7332
Target ID:	1
Parent PID:	4848
Name:	D009780.exe
Path:	C:\Users\user\Desktop\D009780.exe
Commandline:	C:\Users\user\Desktop\D009780.exe
Size:	296621
MD5:	649E0964D04AC89667C1F59FE99C7799
Time:	10:34:20
Date:	29/11/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	577536
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Azorult	Stealing of Sensitive Information
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\Users\user\Desktop\D009780.exe

Details

Is windows:	false
Is dropped:	false
PID:	1368
Target ID:	5
Parent PID:	7332
Name:	D009780.exe
Path:	C:\Users\user\Desktop\D009780.exe
Commandline:	C:\Users\user\Desktop\D009780.exe
Size:	296621
MD5:	649E0964D04AC89667C1F59FE99C7799
Time:	10:34:43
Date:	29/11/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	19214336
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Azorult	Stealing of Sensitive Information
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "D009780.exe

Details

Is windows:	true
Is dropped:	false
PID:	7536
Target ID:	6
Parent PID:	1368
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "D009780.exe
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	10:35:20
Date:	29/11/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x700000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\timeout.exe

C:\Windows\system32\timeout.exe 3

Details

Is windows:	true
Is dropped:	false
PID:	1416
Target ID:	8
Parent PID:	7536
Name:	timeout.exe
Path:	C:\Windows\SysWOW64\timeout.exe
Commandline:	C:\Windows\system32\timeout.exe 3
Size:	25088
MD5:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Time:	10:35:20
Date:	29/11/2022
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xda0000
Modulesize:	40960
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2196
Target ID:	7
Parent PID:	7536
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	875008
MD5:	81CA40085FC75BABD2C91D18AA9FFA68
Time:	10:35:20
Date:	29/11/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff743cf0000
Modulesize:	901120
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://bllsl1.shop/bs1/index.php

188.114.97.3

http://bllsl1.shop/

unknown

https://www.babizna.pl/wp-includes/NWAMzBz204.dwpX

unknown

https://www.babizna.pl/wp-includes/NWAMzBz204.dwph

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

http://bllsl1.shop/bs1/index.phpU

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

https://www.babizna.pl/

unknown

https://www.babizna.pl/wp-includes/NWAMzBz204.dwp

95.216.34.216

http://ocsp.thawte.com0

unknown

http://www.mozilla.com0

unknown

There are 2 hidden URLs, click here to show them.

Domains

Name

Malicious

bllsl1.shop

188.114.97.3

Details

Name:	bllsl1.shop
IP:	188.114.97.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

babizna.pl

95.216.34.216

Details

Name:	babizna.pl
IP:	95.216.34.216
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.babizna.pl

unknown

Details

Name:	www.babizna.pl
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

188.114.97.3

bllsl1.shop

European Union

Details

IP:	188.114.97.3
TargetID:	5
Current Path:	C:\Users\user\Desktop\D009780.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	bllsl1.shop

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

95.216.34.216

babizna.pl

Germany

Details

IP:	95.216.34.216
TargetID:	5
Current Path:	C:\Users\user\Desktop\D009780.exe
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false
Domain:	babizna.pl

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fivefoldness\Endosseringerne\Fouragen

Arigue

HKEY_CURRENT_USER\SOFTWARE\Fruticeta\Lavandin\Kingliest\Ernringsenhed

Legating

Memdumps

Base Address

Regiontype

Protect

Malicious

1660000

remote allocation

page execute and read and write

5DF000

heap

page read and write

1D4D0000

direct allocation

page read and write

1D9E0000

direct allocation

page read and write

2B60000

direct allocation

page execute and read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1A81000

heap

page read and write

1DDCC000

direct allocation

page read and write

1D02D000

stack

page read and write

5F5000

heap

page read and write

1DDC8000

direct allocation

page read and write

1E750000

direct allocation

page read and write

282F000

stack

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1D504000

direct allocation

page read and write

2260000

heap

page read and write

1DDC4000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

1DC8C000

direct allocation

page read and write

1CAD2000

heap

page read and write

1DE6C000

direct allocation

page read and write

1C0000

remote allocation

page read and write

1DDC0000

direct allocation

page read and write

1E704000

direct allocation

page read and write

1D4E0000

direct allocation

page read and write

2A70000

trusted library allocation

page read and write

1CAE0000

heap

page read and write

1CAD1000

heap

page read and write

1DDC4000

direct allocation

page read and write

19A000

stack

page read and write

30000

heap

page read and write

1DA28000

direct allocation

page read and write

5F5000

heap

page read and write

3417000

heap

page read and write

1D4F0000

direct allocation

page read and write

1A8C000

heap

page read and write

1E768000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDD4000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDD0000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1DDC8000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDC8000

direct allocation

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1D560000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

7DE000

stack

page read and write

1E754000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

2AB0000

trusted library allocation

page read and write

5F5000

heap

page read and write

5A7000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

3550000

trusted library allocation

page read and write

1D520000

direct allocation

page read and write

1CFAF000

stack

page read and write

1DDD0000

direct allocation

page read and write

1660000

remote allocation

page execute and read and write

1DDC8000

direct allocation

page read and write

1D570000

direct allocation

page read and write

1CAD1000

heap

page read and write

1E78C000

direct allocation

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1E710000

direct allocation

page read and write

401000

unkown

page execute read

1DDC8000

direct allocation

page read and write

1E798000

direct allocation

page read and write

43C000

unkown

page read and write

1D4D8000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D4F0000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

1D510000

direct allocation

page read and write

2270000

heap

page read and write

5F5000

heap

page read and write

1DDCC000

direct allocation

page read and write

20000

unclassified section

page readonly

1CAD1000

heap

page read and write

231E000

stack

page read and write

1DDD8000

direct allocation

page read and write

5F5000

heap

page read and write

23A0000

heap

page read and write

1D06E000

stack

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

401000

unkown

page execute read

1CAD1000

heap

page read and write

1DDC0000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1DDCC000

direct allocation

page read and write

1D0AD000

stack

page read and write

1CAD1000

heap

page read and write

1DDC8000

direct allocation

page read and write

1DA3C000

direct allocation

page read and write

1BF0000

trusted library allocation

page read and write

1DDC0000

direct allocation

page read and write

329E000

stack

page read and write

1CAD1000

heap

page read and write

1DA28000

direct allocation

page read and write

1DAB8000

direct allocation

page read and write

1D570000

direct allocation

page read and write

1D8E0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1A00000

heap

page read and write

5F5000

heap

page read and write

1E380000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDD4000

direct allocation

page read and write

1E7A8000

direct allocation

page read and write

1DDD0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1A90000

heap

page read and write

1CAD1000

heap

page read and write

23E5000

heap

page read and write

1D34F000

stack

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

186E000

stack

page read and write

1D510000

direct allocation

page read and write

1DDCC000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

1DE68000

direct allocation

page read and write

1E774000

direct allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1DDCC000

direct allocation

page read and write

1D39C000

stack

page read and write

1D4E0000

direct allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

79E000

stack

page read and write

1AD2000

heap

page read and write

1DDD0000

direct allocation

page read and write

3409000

trusted library allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1DDC4000

direct allocation

page read and write

5F5000

heap

page read and write

323C000

stack

page read and write

5F5000

heap

page read and write

1DDC4000

direct allocation

page read and write

1CAD1000

heap

page read and write

5D9000

heap

page read and write

1C0000

remote allocation

page read and write

1DA90000

direct allocation

page read and write

437000

unkown

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1DA28000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1E7D0000

direct allocation

page read and write

1E734000

direct allocation

page read and write

5F5000

heap

page read and write

1C0000

remote allocation

page read and write

401000

unkown

page execute read

1DC50000

direct allocation

page read and write

1C0000

remote allocation

page read and write

5F5000

heap

page read and write

1DDCC000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

10000000

unkown

page readonly

4F00000

heap

page read and write

1DDC4000

direct allocation

page read and write

1DDC8000

direct allocation

page read and write

1D510000

direct allocation

page read and write

1CAD1000

heap

page read and write

40A000

unkown

page write copy

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1EADC000

stack

page read and write

1EBE1000

trusted library allocation

page read and write

5F5000

heap

page read and write

235E000

stack

page read and write

1EBDD000

stack

page read and write

1DDD0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D580000

direct allocation

page read and write

35CE000

stack

page read and write

9AA000

unkown

page write copy

408000

unkown

page readonly

20000

unclassified section

page readonly

95E000

stack

page read and write

5F5000

heap

page read and write

1D590000

direct allocation

page read and write

408000

unkown

page readonly

1A8D000

heap

page read and write

1D6E0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDC8000

direct allocation

page read and write

1D4D4000

direct allocation

page read and write

1D30E000

stack

page read and write

1A4A000

heap

page read and write

1E770000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

1D5B0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D4D4000

direct allocation

page read and write

476000

unkown

page readonly

1E2B4000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D4F0000

direct allocation

page read and write

1CAD1000

heap

page read and write

19CE000

stack

page read and write

1E784000

direct allocation

page read and write

1DDD8000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1E700000

direct allocation

page read and write

1CAD1000

heap

page read and write

1E900000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D5B0000

direct allocation

page read and write

5F5000

heap

page read and write

59E000

stack

page read and write

1DDC8000

direct allocation

page read and write

1A81000

heap

page read and write

1CAD1000

heap

page read and write

1A08000

heap

page read and write

1C10000

heap

page read and write

1A75000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

408000

unkown

page readonly

1D2D0000

remote allocation

page read and write

1E708000

direct allocation

page read and write

1E74C000

direct allocation

page read and write

1DDD0000

direct allocation

page read and write

1D4D4000

direct allocation

page read and write

60000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

5F4000

heap

page read and write

5F5000

heap

page read and write

1D580000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D540000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1C16000

heap

page read and write

1D49B000

stack

page read and write

1E79C000

direct allocation

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1AD6000

heap

page read and write

1D500000

direct allocation

page read and write

1D550000

direct allocation

page read and write

1D570000

direct allocation

page read and write

1D520000

direct allocation

page read and write

5F1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1DDC4000

direct allocation

page read and write

1E800000

direct allocation

page read and write

5F5000

heap

page read and write

1D7000

heap

page read and write

1D4D4000

direct allocation

page read and write

1E744000

direct allocation

page read and write

A5F000

stack

page read and write

1E7C0000

direct allocation

page read and write

5F5000

heap

page read and write

1A81000

heap

page read and write

10005000

unkown

page readonly

1D540000

direct allocation

page read and write

1D4E0000

direct allocation

page read and write

1D26F000

stack

page read and write

5F5000

heap

page read and write

1D5A0000

direct allocation

page read and write

1D550000

direct allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1D4F0000

direct allocation

page read and write

1A7B000

heap

page read and write

1CAD1000

heap

page read and write

1D520000

direct allocation

page read and write

1DDCC000

direct allocation

page read and write

1D5B0000

direct allocation

page read and write

1CAD1000

heap

page read and write

60000

trusted library allocation

page read and write

1DDC0000

direct allocation

page read and write

400000

unkown

page readonly

1D580000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D4EC000

direct allocation

page read and write

1E90E000

direct allocation

page read and write

1DB20000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

1DDC0000

direct allocation

page read and write

1BB0000

trusted library allocation

page read and write

1E70C000

direct allocation

page read and write

360F000

stack

page read and write

1CAD1000

heap

page read and write

1D5000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1A7B000

heap

page read and write

1E7D0000

direct allocation

page read and write

292F000

stack

page read and write

1DDC8000

direct allocation

page read and write

1D4E0000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1D4DC000

direct allocation

page read and write

1DDA8000

direct allocation

page read and write

1DDD0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDC0000

direct allocation

page read and write

1CAF0000

heap

page read and write

1DDC8000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DC68000

direct allocation

page read and write

1DDD8000

direct allocation

page read and write

1D0000

unclassified section

page readonly

1E7C4000

direct allocation

page read and write

1DDC4000

direct allocation

page read and write

2A30000

trusted library allocation

page read and write

1D4D4000

direct allocation

page read and write

1CF6E000

stack

page read and write

1A8C000

heap

page read and write

5F5000

heap

page read and write

1A7B000

heap

page read and write

1D514000

direct allocation

page read and write

1DA38000

direct allocation

page read and write

1D12E000

stack

page read and write

5F5000

heap

page read and write

1E728000

direct allocation

page read and write

1D5A0000

direct allocation

page read and write

1E0000

unclassified section

page readonly

1D510000

direct allocation

page read and write

1A8C000

heap

page read and write

1DF30000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D4E0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1D530000

direct allocation

page read and write

5F5000

heap

page read and write

1A8C000

heap

page read and write

1D500000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1E72C000

direct allocation

page read and write

1CAD1000

heap

page read and write

1E764000

direct allocation

page read and write

1CAD1000

heap

page read and write

1E7AC000

direct allocation

page read and write

400000

unkown

page readonly

1DDD0000

direct allocation

page read and write

1DDD0000

direct allocation

page read and write

1A74000

heap

page read and write

2E00000

trusted library allocation

page read and write

1CAD1000

heap

page read and write

1D4D4000

direct allocation

page read and write

1DDC8000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1D7E0000

direct allocation

page read and write

5F5000

heap

page read and write

1DF30000

direct allocation

page read and write

1CFEE000

stack

page read and write

1D520000

direct allocation

page read and write

1D4F0000

direct allocation

page read and write

1D550000

direct allocation

page read and write

1DAE0000

direct allocation

page read and write

408000

unkown

page readonly

1E748000

direct allocation

page read and write

1A7B000

heap

page read and write

1DDC4000

direct allocation

page read and write

1D560000

direct allocation

page read and write

408000

unkown

page readonly

1CAD1000

heap

page read and write

1D4E0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1AEF000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

23A4000

heap

page read and write

1DDC4000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DA30000

direct allocation

page read and write

5F5000

heap

page read and write

1D570000

direct allocation

page read and write

1CAD1000

heap

page read and write

30000

heap

page read and write

1D530000

direct allocation

page read and write

1D4E0000

direct allocation

page read and write

5F5000

heap

page read and write

2F60000

unclassified section

page readonly

1D540000

direct allocation

page read and write

10003000

unkown

page readonly

1D2D0000

remote allocation

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

400000

unkown

page readonly

1D4D4000

direct allocation

page read and write

1E7CC000

direct allocation

page read and write

400000

unkown

page readonly

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

8DF000

stack

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1DDC0000

direct allocation

page read and write

476000

unkown

page readonly

1CAD1000

heap

page read and write

400000

unkown

page readonly

1A81000

heap

page read and write

5F5000

heap

page read and write

1DDC8000

direct allocation

page read and write

1E720000

direct allocation

page read and write

1CAD1000

heap

page read and write

8E0000

trusted library allocation

page read and write

5ED000

heap

page read and write

5F5000

heap

page read and write

1DDC8000

direct allocation

page read and write

1CAD1000

heap

page read and write

1E6F8000

direct allocation

page read and write

1D4D4000

direct allocation

page read and write

32A0000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1DDC0000

direct allocation

page read and write

1D590000

direct allocation

page read and write

1CAD1000

heap

page read and write

1B3F000

stack

page read and write

1CAD1000

heap

page read and write

190E000

stack

page read and write

1C0000

remote allocation

page read and write

1CAD1000

heap

page read and write

1A8C000

heap

page read and write

1CAD1000

heap

page read and write

1D500000

direct allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1D4D4000

direct allocation

page read and write

1A81000

heap

page read and write

1A69000

heap

page read and write

1DDCC000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDF4000

direct allocation

page read and write

1E76C000

direct allocation

page read and write

2FDC000

stack

page read and write

5EF000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1DDC0000

direct allocation

page read and write

3410000

heap

page read and write

5F5000

heap

page read and write

1A8C000

heap

page read and write

1CAD1000

heap

page read and write

1DDC4000

direct allocation

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

33FE000

stack

page read and write

1D4D4000

direct allocation

page read and write

1D500000

direct allocation

page read and write

5F5000

heap

page read and write

400000

unkown

page readonly

1D2D0000

remote allocation

page read and write

401000

unkown

page execute read

100000

trusted library allocation

page read and write

1A7B000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

40A000

unkown

page read and write

1CAD1000

heap

page read and write

1D560000

direct allocation

page read and write

476000

unkown

page readonly

1DDC0000

direct allocation

page read and write

5F5000

heap

page read and write

1D4F0000

direct allocation

page read and write

1DDC0000

direct allocation

page read and write

2CC1000

heap

page read and write

1DDC0000

direct allocation

page read and write

10001000

unkown

page execute read

1E780000

direct allocation

page read and write

33BE000

stack

page read and write

1D4E8000

direct allocation

page read and write

1A8C000

heap

page read and write

1CAD6000

heap

page read and write

1EBE0000

trusted library allocation

page read and write

1CAD1000

heap

page read and write

2E40000

trusted library allocation

page read and write

5F5000

heap

page read and write

1A8C000

heap

page read and write

1D580000

direct allocation

page read and write

40A000

unkown

page write copy

1DDC8000

direct allocation

page read and write

1A7B000

heap

page read and write

1A7B000

heap

page read and write

5F5000

heap

page read and write

1D16F000

stack

page read and write

1DDCC000

direct allocation

page read and write

1DDF8000

direct allocation

page read and write

431000

unkown

page read and write

2F70000

heap

page read and write

1D530000

direct allocation

page read and write

476000

unkown

page readonly

1D180000

heap

page read and write

1CAD1000

heap

page read and write

1D530000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D4F0000

direct allocation

page read and write

1E740000

direct allocation

page read and write

1D4D4000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1DDC8000

direct allocation

page read and write

10020000

trusted library allocation

page read and write

42F000

unkown

page read and write

1AD1000

heap

page read and write

1DDC4000

direct allocation

page read and write

5F5000

heap

page read and write

476000

unkown

page readonly

5F5000

heap

page read and write

1DAE0000

direct allocation

page read and write

18C4000

heap

page read and write

1950000

trusted library allocation

page read and write

1DDC0000

direct allocation

page read and write

1CAD1000

heap

page read and write

1D590000

direct allocation

page read and write

1D560000

direct allocation

page read and write

1CAD1000

heap

page read and write

1DDC0000

direct allocation

page read and write

1CAD1000

heap

page read and write

194F000

stack

page read and write

1E788000

direct allocation

page read and write

1E7CC000

direct allocation

page read and write

43F000

unkown

page read and write

1E912000

direct allocation

page read and write

1D550000

direct allocation

page read and write

1D5E0000

direct allocation

page read and write

40A000

unkown

page write copy

5A0000

heap

page read and write

1CAD1000

heap

page read and write

476000

unkown

page readonly

5F5000

heap

page read and write

401000

unkown

page execute read

1A81000

heap

page read and write

1D540000

direct allocation

page read and write

1CAD1000

heap

page read and write

3250000

unclassified section

page readonly

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

1ADA000

heap

page read and write

1CAD1000

heap

page read and write

1A81000

heap

page read and write

40A000

unkown

page write copy

1CAD1000

heap

page read and write

1A81000

heap

page read and write

5F5000

heap

page read and write

5F5000

heap

page read and write

408000

unkown

page readonly

5F5000

heap

page read and write

1D4D4000

direct allocation

page read and write

45C000

unkown

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1AD6000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1E730000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

40A000

unkown

page write copy

1D0000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

F0000

heap

page read and write

5F5000

heap

page read and write

1D5A0000

direct allocation

page read and write

1CAD1000

heap

page read and write

18AE000

stack

page read and write

1DDCC000

direct allocation

page read and write

1DDC8000

direct allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1CAD0000

heap

page read and write

1E714000

direct allocation

page read and write

5F5000

heap

page read and write

1D22E000

stack

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

354F000

stack

page read and write

1D48C000

stack

page read and write

5F5000

heap

page read and write

1DDCC000

direct allocation

page read and write

5F5000

heap

page read and write

1D4D4000

direct allocation

page read and write

1E724000

direct allocation

page read and write

1DA34000

direct allocation

page read and write

1CAD1000

heap

page read and write

1E758000

direct allocation

page read and write

5F5000

heap

page read and write

1DDC8000

direct allocation

page read and write

1D4E0000

direct allocation

page read and write

5F5000

heap

page read and write

473000

unkown

page read and write

1CAD1000

heap

page read and write

1C0000

remote allocation

page read and write

18C0000

heap

page read and write

5F5000

heap

page read and write

10059000

trusted library allocation

page read and write

1CAD1000

heap

page read and write

5F5000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1A90000

heap

page read and write

1CAD1000

heap

page read and write

1E75C000

direct allocation

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1D590000

direct allocation

page read and write

2CC0000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

1CAD1000

heap

page read and write

23E0000

heap

page read and write

401000

unkown

page execute read

96000

stack

page read and write

60000

direct allocation

page read and write

There are 659 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
D009780.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportD009780.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
D009780.exe