Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

IdeaShare Key.exe

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy:	7.999391627012608
Filename:	IdeaShare Key.exe
Filesize:	6338072
MD5:	e6d42ac433331124c62460cfcced76a1
SHA1:	ea9fc583c7bd2054a8d51e61d6b1cbeee800d344
SHA256:	5faa9cd735d499eb4fbcb08a252d53020629a7418c9b6c30b00c5d2d7cc7fe25
SHA512:	cfad934f060f13b9e44934a793b1d73d4e3fbcd265050bce69481f1328bc8bc170b24ae826288b0f0b708a1bf5a4ba4df36ab7988c4a0ac96e18388ecdc9d2a8
SSDEEP:	196608:8y7Weg+i1XWsTrXmiq8mC7h0YPvw8qGqhXvmhwupR+:xk/9WC05CN0YZqFhXeeY
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mu]..&]..&]..&..\&_..&..^&J..&]..&...&z\n&P..&z\.&\..&z\{&\..&Rich]..&........................PE..L...,..R.................x.

Signature Hits	Behavior Group	Mitre Attack
Creates a DirectInput object (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance
Uses 32bit PE files	Compliance, System Summary	Masquerading
Sample file is different than original file name gathered from version info	System Summary	Security Software Discovery System Shutdown/Reboot
Drops PE files	Persistence and Installation Behavior
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Detected potential crypto function	System Summary	Encrypted Channel
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to query network adapater information	Malware Analysis System Evasion	Security Software Discovery System Network Configuration Discovery Ingress Tool Transfer
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Public key (encryption) found	Cryptography	Security Software Discovery Archive Collected Data
Sample reads its own file content	System Summary	Security Software Discovery
Contains functionality to query system information	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Uses an in-process (OLE) Automation server	System Summary
Contains functionality to query windows version	Language, Device and Operating System Detection
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary	Security Software Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Contains functionality to instantiate COM classes	System Summary	Security Software Discovery
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Reads ini files	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Contains functionality to check free disk space	System Summary
Submission file is bigger than most known malware samples	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary

C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
Category:	dropped
Dump:	IdeaShareKeyForm.exe.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	4.939208143331431
Encrypted:	false
Ssdeep:	6144:wGXX45Tx+DPeuqD4K3FN3EiCXibivN/DHCfMiKu:HuSBMMil
Size:	320872
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Found large amount of non-executed APIs	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Information Discovery System Time Discovery
Contains functionality to register its own exception handler	Anti Debugging
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll
Category:	dropped
Dump:	Qt5Core.dll.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.852481117447856
Encrypted:	false
Ssdeep:	98304:p3QkIHj14FdDhqJsv6tWKFdu9CjzHveRnZyxEdm0:pgdnJsv6tWKFdu9CjzHeb
Size:	5298536
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior

C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll
Category:	dropped
Dump:	Qt5Gui.dll.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.780270903027489
Encrypted:	false
Ssdeep:	98304:f8oNJzx4w24LwWotu+PNlwL9PmEZ23Cex:pBbUuCPwNj2C0
Size:	5978984
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior

C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll
Category:	dropped
Dump:	Qt5Network.dll.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.66916261306281
Encrypted:	false
Ssdeep:	24576:ZNfY4/b8d22Gmou3ZjRkjZgUPiV69DrOMxpqDc0EGQVzKa4:xAd22GrziVaSDckZ
Size:	1115496
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior

C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll
Category:	dropped
Dump:	Qt5Widgets.dll.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.819919859208047
Encrypted:	false
Ssdeep:	98304:O1CmFlF05UMNO1ulAjhDfTbz7quDp+bXa6gYzdkSPD1UZlH6uV75uDdHBclxooG0:Yf59iJ5i
Size:	4596072
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior

C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll
Category:	dropped
Dump:	QtSingleApp.dll.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.1073547240575285
Encrypted:	false
Ssdeep:	768:RJiXhlJ0/q2aqiquV3aHaxGtpA510VxjqjCij9yKqTws:RJivOC9FxG4rsxjq3j9yKqss
Size:	37888
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior

C:\Users\user\AppData\Local\IdeaShareKey\log\insit.log

ASCII text

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\log\insit.log
Category:	dropped
Dump:	insit.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	ASCII text
Entropy:	4.065774219659049
Encrypted:	false
Ssdeep:	3:QvWizYQPc2XIvfYQPctTXvA:6WiRXSsTXvA
Size:	64
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll
Category:	dropped
Dump:	qwindows.dll.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\IdeaShare Key.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.832955399743319
Encrypted:	false
Ssdeep:	12288:1YCQWyni5LoUmhY4or3D8kSqjPfmK7UpOVpYAlCRegIe5ZpzNAoKu15XSxDyfEWu:SniF3z39xPePpOkaXze5ZtN4bZa0n
Size:	1221992
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
DLL planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\IdeaShare Key.exe

Details

Is windows:	false
Is dropped:	false
PID:	5976
Target ID:	0
Parent PID:	3452
Name:	IdeaShare Key.exe
Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Commandline:	C:\Users\user\Desktop\IdeaShare Key.exe
Size:	6338072
MD5:	E6D42AC433331124C62460CFCCED76A1
Time:	13:02:36
Date:	26/05/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	1036288
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe

Details

Is windows:	false
Is dropped:	true
PID:	5948
Target ID:	1
Parent PID:	5976
Name:	IdeaShareKeyForm.exe
Path:	C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
Commandline:	C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
Size:	320872
MD5:	1A8C471F9AF78F640DC43C6C2FB533C2
Time:	13:02:40
Date:	26/05/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x11c0000
Modulesize:	327680
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Sample file is different than original file name gathered from version info	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.phreedom.org/md5)

unknown

Details

Name:	http://www.phreedom.org/md5)
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Source:	IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi

unknown

Details

Name:	http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Source:	IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.phreedom.org/md5)08:27

unknown

Details

Name:	http://www.phreedom.org/md5)08:27
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Source:	IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

http://nsis.sf.net/NSIS_ErrorError

unknown

http://www.aiim.org/pdfa/ns/id/

unknown

Details

Name:	http://www.aiim.org/pdfa/ns/id/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Source:	IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.color.org)

unknown

Details

Name:	http://www.color.org)
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Source:	IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://bugreports.qt.io/

unknown

Details

Name:	http://bugreports.qt.io/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\IdeaShare Key.exe
Source:	IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

870000

heap

page read and write

11E0000

unkown

page read and write

6C240000

unkown

page read and write

11DD000

unkown

page readonly

2925000

heap

page read and write

83A000

heap

page read and write

870000

heap

page read and write

6C5E4000

unkown

page readonly

6B5000

heap

page read and write

11C1000

unkown

page execute read

864000

heap

page read and write

2D56000

heap

page read and write

A76000

heap

page read and write

2D64000

heap

page read and write

2D5C000

heap

page read and write

11FA000

unkown

page readonly

ACD000

heap

page read and write

AAD000

heap

page read and write

F16000

heap

page read and write

2DCE000

heap

page read and write

8C0000

heap

page read and write

2D54000

heap

page read and write

65E000

stack

page read and write

2921000

heap

page read and write

30000

heap

page read and write

B15000

heap

page read and write

AB9000

heap

page read and write

2DAC000

heap

page read and write

6BCCE000

unkown

page readonly

AC9000

heap

page read and write

6CC55000

unkown

page write copy

840000

heap

page read and write

AD5000

heap

page read and write

6C7FE000

unkown

page read and write

6BC11000

unkown

page execute read

11D1000

unkown

page readonly

2D4C000

heap

page read and write

2440000

heap

page read and write

6BD51000

unkown

page execute read

863000

heap

page read and write

11AE000

stack

page read and write

6CCAC000

unkown

page readonly

AC5000

heap

page read and write

248E000

stack

page read and write

4D9000

stack

page read and write

AC3000

heap

page read and write

6B0000

heap

page read and write

6CC5A000

unkown

page read and write

2DE1000

heap

page read and write

120E000

unkown

page readonly

11EF000

unkown

page readonly

2941000

heap

page read and write

2D52000

heap

page read and write

40C000

unkown

page write copy

C3E000

stack

page read and write

370F000

heap

page read and write

2DEC000

heap

page read and write

6C831000

unkown

page execute read

11DD000

unkown

page readonly

6B771000

unkown

page execute read

AC7000

heap

page read and write

ABB000

heap

page read and write

2DB5000

heap

page read and write

A73000

heap

page read and write

115E000

stack

page read and write

ABF000

heap

page read and write

2D3C000

heap

page read and write

864000

heap

page read and write

870000

heap

page read and write

258F000

stack

page read and write

120E000

unkown

page readonly

2D58000

heap

page read and write

400000

unkown

page readonly

6B847000

unkown

page readonly

30AE000

stack

page read and write

A94000

heap

page read and write

870000

heap

page read and write

ACD000

heap

page read and write

6BD13000

unkown

page readonly

2D5A000

heap

page read and write

2DDB000

heap

page read and write

6BD50000

unkown

page readonly

295D000

heap

page read and write

AB7000

heap

page read and write

8CE000

stack

page read and write

2922000

heap

page read and write

306F000

stack

page read and write

4F9000

unkown

page readonly

ACF000

heap

page read and write

6C243000

unkown

page write copy

2F2F000

stack

page read and write

AA9000

heap

page read and write

2935000

heap

page read and write

2448000

heap

page read and write

ACF000

heap

page read and write

470000

heap

page read and write

401000

unkown

page execute read

2D45000

heap

page read and write

870000

heap

page read and write

AC9000

heap

page read and write

2DB6000

heap

page read and write

6C244000

unkown

page read and write

6C830000

unkown

page readonly

6C246000

unkown

page read and write

ACB000

heap

page read and write

AC1000

heap

page read and write

4F9000

unkown

page readonly

400000

unkown

page readonly

ABD000

heap

page read and write

2DDA000

heap

page read and write

ABF000

heap

page read and write

240F000

stack

page read and write

2D66000

heap

page read and write

864000

heap

page read and write

AA3000

heap

page read and write

6BD0F000

unkown

page read and write

2DCE000

heap

page read and write

A0F000

direct allocation

page execute and read and write

6CC54000

unkown

page read and write

3240000

trusted library allocation

page read and write

19A000

stack

page read and write

2D60000

heap

page read and write

2929000

heap

page read and write

F10000

heap

page read and write

AD1000

heap

page read and write

61E000

stack

page read and write

2D6C000

heap

page read and write

AC7000

heap

page read and write

2DDD000

heap

page read and write

6C800000

unkown

page readonly

AC5000

heap

page read and write

35AE000

heap

page read and write

A40000

heap

page read and write

69E000

stack

page read and write

6B891000

unkown

page readonly

810000

heap

page read and write

AB9000

heap

page read and write

230E000

stack

page read and write

6C249000

unkown

page read and write

AB5000

heap

page read and write

11E1000

unkown

page readonly

2D6A000

heap

page read and write

6C7F1000

unkown

page read and write

A8B000

heap

page read and write

2DAF000

heap

page read and write

87E000

heap

page read and write

A74000

heap

page read and write

2D68000

heap

page read and write

6C030000

unkown

page readonly

6B770000

unkown

page readonly

2D2F000

stack

page read and write

AD5000

heap

page read and write

5D0000

heap

page read and write

AED000

heap

page read and write

2928000

heap

page read and write

AAD000

heap

page read and write

6C191000

unkown

page readonly

820000

heap

page read and write

11C0000

unkown

page readonly

6CCA1000

unkown

page execute read

420000

unkown

page read and write

88D000

stack

page read and write

F0D000

stack

page read and write

6C7E9000

unkown

page read and write

8F0000

heap

page read and write

9C000

stack

page read and write

2925000

heap

page read and write

ABD000

heap

page read and write

25D0000

heap

page read and write

A4A000

heap

page read and write

2D50000

heap

page read and write

2924000

heap

page read and write

870000

heap

page read and write

409000

unkown

page readonly

870000

heap

page read and write

11C1000

unkown

page execute read

6CC5C000

unkown

page readonly

6C7ED000

unkown

page write copy

6CCA0000

unkown

page readonly

AA3000

heap

page read and write

31B0000

heap

page read and write

6BFD1000

unkown

page readonly

2D4E000

heap

page read and write

B2F000

stack

page read and write

2DE1000

heap

page read and write

AB5000

heap

page read and write

409000

unkown

page readonly

7BF000

stack

page read and write

864000

heap

page read and write

AD1000

heap

page read and write

2DB5000

heap

page read and write

6C7F5000

unkown

page write copy

AA9000

heap

page read and write

11D1000

unkown

page readonly

870000

heap

page read and write

6C7F8000

unkown

page read and write

AD3000

heap

page read and write

864000

heap

page read and write

AC3000

heap

page read and write

11EF000

unkown

page readonly

2D5E000

heap

page read and write

6CCA6000

unkown

page readonly

6CCAA000

unkown

page read and write

11E1000

unkown

page readonly

2DCE000

heap

page read and write

2D62000

heap

page read and write

7D0000

heap

page read and write

462000

unkown

page read and write

2970000

heap

page read and write

6C271000

unkown

page execute read

A2F000

stack

page read and write

31AF000

stack

page read and write

A8A000

heap

page read and write

6B88B000

unkown

page read and write

AC1000

heap

page read and write

32CF000

heap

page read and write

864000

heap

page read and write

6CAF4000

unkown

page readonly

2DAC000

heap

page read and write

830000

heap

page read and write

6C270000

unkown

page readonly

11FA000

unkown

page readonly

2DCF000

heap

page read and write

2F6E000

stack

page read and write

ABB000

heap

page read and write

2C2E000

stack

page read and write

5D9000

stack

page read and write

ACB000

heap

page read and write

2951000

heap

page read and write

6C24B000

unkown

page readonly

11C0000

unkown

page readonly

1160000

heap

page read and write

27E3000

heap

page read and write

11E8000

unkown

page readonly

F1B000

heap

page read and write

6BC10000

unkown

page readonly

864000

heap

page read and write

AD3000

heap

page read and write

40C000

unkown

page read and write

B1E000

heap

page read and write

AB7000

heap

page read and write

31B0000

heap

page read and write

27E0000

heap

page read and write

11E0000

unkown

page write copy

D3E000

stack

page read and write

AED000

heap

page read and write

2D86000

heap

page read and write

401000

unkown

page execute read

11E8000

unkown

page readonly

There are 239 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
IdeaShare Key.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportIdeaShare Key.exe

Files

Processes

URLs

Memdumps

IOC Report
IdeaShare Key.exe