IOC Report
BS4GDarWw6

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\BS4GDarWw6.exe
"C:\Users\user\Desktop\BS4GDarWw6.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://player.vimeo.com
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=_Vry
unknown
https://steamcommunity.com/?subsection=broadcasts
unknown
http://65.108.93.119/408t
unknown
https://store.steampowered.com/subscriber_agreement/
unknown
https://www.gstatic.cn/recaptcha/
unknown
http://65.108.93.119/408923
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
unknown
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
unknown
http://65.108.93.119/408h
unknown
http://116.202.7.135/4089
unknown
http://www.valvesoftware.com/legal.htm
unknown
https://www.youtube.com
unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199467421923
unknown
https://www.google.com
unknown
http://65.108.93.119/4083Ct
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
unknown
http://116.202.7.135/40823
unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
unknown
https://steamcommunity.com/profiles/76561199467421923/badges
unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
unknown
http://65.108.93.119/ows
unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
unknown
https://t.me/year2023starthttps://steamcommunity.com/profiles/76561199467421923http://65.108.93.119:
unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
unknown
http://65.108.93.119/408M
unknown
https://s.ytimg.com;
unknown
https://t.me/year2023startqmJ
unknown
https://steam.tv/
unknown
http://116.202.7.135/408923
unknown
https://t.me/year2023startylrz
unknown
http://65.108.93.119:80
unknown
http://65.108.93.119/408m/
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
unknown
http://65.108.93.119/408tSh
unknown
http://store.steampo
unknown
https://web.telegram.org$
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://steamcommunity.com/profiles/76561199467421923
23.66.133.162
https://store.steampowered.com/points/shop/
unknown
http://116.202.7.135/
unknown
https://sketchfab.com
unknown
https://lv.queniujq.cn
unknown
https://www.youtube.com/
unknown
http://116.202.7.135/408xh
unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
unknown
https://store.steampowered.com/privacy_agreement/
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
unknown
https://steamcommunity.com/profiles/76561199467421923/inventory/
unknown
http://65.108.93.119/40823
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
unknown
https://www.google.com/recaptcha/
unknown
http://65.108.93.119/408tkh
unknown
https://checkout.steampowered.com/
unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
unknown
http://65.108.93.119/408Re
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
unknown
http://65.108.93.119/4083kt
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
unknown
https://store.steampowered.com/;
unknown
http://65.108.93.119:80/408
unknown
https://store.steampowered.com/about/
unknown
https://steamcommunity.com/my/wishlist/
unknown
https://t.me/
unknown
https://web.telegram.org
unknown
https://help.steampowered.com/en/
unknown
http://65.108.93.119/408tIh
unknown
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
unknown
https://steamcommunity.com/market/
unknown
https://store.steampowered.com/news/
unknown
https://community.akamai.steamstatic.com/
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=roSu8uqw
unknown
http://store.steampowered.com/subscriber_agreement/
unknown
http://116.202.7.135/408
unknown
https://steamcommunity.com/Kw
unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
unknown
https://recaptcha.net/recaptcha/;
unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
unknown
https://steamcommunity.com/discussions/
unknown
http://116.202.7.135
unknown
https://store.steampowered.com/stats/
unknown
https://medal.tv
unknown
https://broadcast.st.dl.eccdnx.com
unknown
https://community.akamai.steamstatic.com/publd
unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
unknown
https://store.steampowered.com/steam_refunds/
unknown
https://steamcommunity.com/workshop/
unknown
https://login.steampowered.com/
unknown
https://store.steampowered.com/legal/
unknown
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
unknown
http://65.108.93.119/
unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ABA&a
unknown
https://t.me/3j
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
steamcommunity.com
23.66.133.162
t.me
149.154.167.99

IPs

IP
Domain
Country
Malicious
116.202.7.135
unknown
Germany
65.108.93.119
unknown
United States
23.66.133.162
steamcommunity.com
United States
149.154.167.99
t.me
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
FC8000
unkown
page write copy
 malicious
FC7000
unkown
page write copy
 malicious
436000
remote allocation
page readonly
 malicious
16D0000
direct allocation
page execute and read and write
 malicious
E90000
heap
page read and write
4D2B000
heap
page read and write
660EF000
stack
page read and write
11B0000
heap
page read and write
48F7000
stack
page read and write
4D2E000
heap
page read and write
4C50000
heap
page read and write
15CF000
stack
page read and write
445000
remote allocation
page read and write
663AF000
stack
page read and write
65E5E000
stack
page read and write
6610000
heap
page read and write
F31000
unkown
page execute read
1013000
unkown
page readonly
49D0000
heap
page readonly
48F9000
stack
page read and write
4D20000
heap
page read and write
4C9D000
heap
page read and write
F30000
unkown
page readonly
401000
remote allocation
page execute read
1840000
heap
page read and write
4AE5000
heap
page read and write
66540000
heap
page read and write
65FEE000
stack
page read and write
EDE000
stack
page read and write
F31000
unkown
page execute read
4D29000
heap
page read and write
106E000
heap
page read and write
4A60000
heap
page read and write
6626D000
stack
page read and write
662AE000
stack
page read and write
6652F000
stack
page read and write
E80000
heap
page read and write
6650000
heap
page read and write
1011000
unkown
page read and write
4D36000
heap
page read and write
45F0000
heap
page read and write
45B000
remote allocation
page readonly
1060000
heap
page read and write
6616E000
stack
page read and write
458C000
stack
page read and write
4CC2000
heap
page read and write
D2D000
stack
page read and write
65E9D000
stack
page read and write
F1E000
stack
page read and write
4CB7000
heap
page read and write
65F0000
heap
page read and write
65F9E000
stack
page read and write
FA1000
unkown
page readonly
F30000
unkown
page readonly
172B000
direct allocation
page execute and read and write
16CF000
stack
page read and write
E2D000
stack
page read and write
4AE0000
heap
page read and write
4CA3000
heap
page read and write
106A000
heap
page read and write
65D5D000
stack
page read and write
1013000
unkown
page readonly
65D1F000
stack
page read and write
400000
remote allocation
page readonly
FA1000
unkown
page readonly
FC7000
unkown
page execute and read and write
65C1E000
stack
page read and write
6642E000
stack
page read and write
4C58000
heap
page read and write
There are 59 hidden memdumps, click here to show them.