IOC Report
server.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\server.exe
C:\Users\user\Desktop\server.exe
 malicious

URLs

Name
IP
Malicious
http://5.44.43.17/drew/L2Ctnat9/M34_2FbYe0ZC9ndvN_2FGmY/27aAwtqf0J/wCDEgzGms_2BItZWy/3Y988SJvsZ8d/G3blEZDMCSE/Bi4DBDrc6fsxs_/2B3aB3ncMi0pp47wsona_/2Bg3i_2FKiTRHGjN/oHTatVB82_2Bul8/TJX3dbVMmJ11Klc61D/Pyd9ldtz9/oHshYCyo8YOqEvONS9ad/fWHuvb04Djokj2GS9tP/hFDYxrH3WbHt3WZEGKZKd7/8Da2SdLCDRHMt/cExDArjC/xj0VJZ2pcmhn5qbmTarHUT8/nHF70Bsig92/tQ.jlk
5.44.43.17
 malicious
http://31.41.44.108/ows
unknown
http://31.41.44.108/drew/kSoLH6P3P3ScRZ8VG2/ZyGmCU1Si/Pg3By2fxJOOkAR8rwi0H/T_2F0osErSjTF4ug24E/qpC0b
unknown
http://5.44.43.17/
unknown
http://5.44.43.17/H
unknown
http://checklist.skype.com/drew/t0_2F8jI1aC786/3pDAJvqTmNvXKWVK8YEK3/dSLDX7_2Bak45Arz/NG3260JY92AIOa
unknown
http://31.41.44.108/
unknown
http://5.44.43.17/dows
unknown
http://5.44.43.17/drew/L2Ctnat9/M34_2FbYe0ZC9ndvN_2FGmY/27aAwtqf0J/wCDEgzGms_2BItZWy/3Y988SJvsZ8d/G3
unknown
http://31.41.
unknown

Domains

Name
IP
Malicious
checklist.skype.com
unknown

IPs

IP
Domain
Country
Malicious
5.44.43.17
unknown
Russian Federation
malicious
31.41.44.108
unknown
Russian Federation

Memdumps

Base Address
Regiontype
Protect
Malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
54A8000
heap
page read and write
 malicious
2B70000
direct allocation
page read and write
4FE8000
heap
page read and write
2CFA000
unclassified section
page read and write
2CFC000
unclassified section
page readonly
411000
unkown
page write copy
1C63E5A0000
trusted library allocation
page read and write
1C63D876000
heap
page read and write
764CF9000
stack
page read and write
5DFF000
stack
page read and write
19A000
stack
page read and write
4FE8000
heap
page read and write
1C63D760000
trusted library allocation
page read and write
2AE9000
unkown
page readonly
405000
unkown
page execute and read and write
76495B000
stack
page read and write
427000
unkown
page read and write
401000
unkown
page execute read
764D79000
stack
page read and write
1C63D855000
heap
page read and write
2AE9000
unkown
page readonly
410000
unkown
page read and write
503E000
stack
page read and write
1C63DBC5000
heap
page read and write
1C63E800000
trusted library allocation
page read and write
59FF000
stack
page read and write
2D40000
heap
page read and write
50B0000
heap
page read and write
400000
unkown
page execute and read and write
764F7F000
stack
page read and write
7649DD000
stack
page read and write
4B00000
heap
page read and write
4FE8000
heap
page read and write
1C63DBB0000
trusted library allocation
page read and write
2DB5000
heap
page read and write
2B90000
heap
page read and write
1C63E810000
trusted library allocation
page read and write
4FE8000
heap
page read and write
4F69000
heap
page read and write
40F000
unkown
page execute read
4A8E000
stack
page read and write
764EFB000
stack
page read and write
54AB000
heap
page read and write
1F0000
heap
page read and write
4AD0000
heap
page read and write
4FE8000
heap
page read and write
1C63D7C0000
heap
page read and write
4FE8000
heap
page read and write
2D4A000
heap
page read and write
1C63D7E0000
heap
page read and write
4FE8000
heap
page read and write
1C63E7E0000
trusted library allocation
page read and write
4ACE000
stack
page read and write
48DC000
stack
page read and write
2CF9000
unclassified section
page readonly
2CF0000
unclassified section
page read and write
30000
heap
page read and write
1C63D855000
heap
page read and write
4B8D000
stack
page read and write
4FE8000
heap
page read and write
1C63D85E000
heap
page read and write
2D56000
heap
page execute and read and write
400000
unkown
page readonly
407000
unkown
page execute and read and write
1C63D750000
heap
page read and write
1C63D85E000
heap
page read and write
2B80000
heap
page read and write
1C63E530000
trusted library allocation
page read and write
5CFF000
stack
page read and write
1C63E590000
trusted library allocation
page read and write
5AFC000
stack
page read and write
54AB000
heap
page read and write
4B4E000
stack
page read and write
1C63D810000
heap
page read and write
1C63E7F0000
heap
page readonly
2CF1000
unclassified section
page execute read
1C63DBC9000
heap
page read and write
1C63DBC0000
heap
page read and write
4BCE000
stack
page read and write
58FF000
stack
page read and write
1C63E860000
trusted library allocation
page read and write
403000
unkown
page execute and read and write
4A4F000
stack
page read and write
410000
unkown
page write copy
764E79000
stack
page read and write
5BFA000
stack
page read and write
764DFE000
stack
page read and write
2CEC000
stack
page read and write
4BF0000
heap
page read and write
4940000
heap
page read and write
2B60000
direct allocation
page execute and read and write
1C63D85D000
heap
page read and write
1C63DBD0000
trusted library allocation
page read and write
9D000
stack
page read and write
1C63D817000
heap
page read and write
764C7E000
stack
page read and write
4FE8000
heap
page read and write
1C63E7C0000
unclassified section
page read and write
2D6C000
heap
page read and write
491E000
stack
page read and write
There are 98 hidden memdumps, click here to show them.