Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

expat-win32bin-2.6.2.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Program Files (x86)\Expat 2.6.2\Bin\is-VEROQ.tmp

PE32 executable (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\libexpat.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\libexpatw.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\xmlwf.exe (copy)

PE32 executable (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-EEC6T.tmp

Bourne-Again shell script, ASCII text executable

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\run.sh.in (copy)

Bourne-Again shell script, ASCII text executable

dropped

C:\Program Files (x86)\Expat 2.6.2\Uninstall\is-ETMC9.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Uninstall\unins000.exe (copy)

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-5QN94.tmp\expat-win32bin-2.6.2.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\AUTHORS.txt (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\is-2OJDA.tmp

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\is-536SH.tmp

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\is-98DOC.tmp

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\is-E0P4F.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\is-O4RPJ.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\is-T894K.tmp

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\libexpat.lib (copy)

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\libexpatMT.lib (copy)

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\libexpatw.lib (copy)

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\Bin\libexpatwMT.lib (copy)

current ar archive

dropped

C:\Program Files (x86)\Expat 2.6.2\COPYING.txt (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Changes.txt (copy)

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\is-DLR13.tmp

HTML document, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\is-LI6L5.tmp

XML 1.0 document, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\is-PBSRF.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\is-R12A0.tmp

ASCII text, with very long lines (15891)

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\ok.min.css (copy)

ASCII text, with very long lines (15891)

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\reference.html (copy)

XML 1.0 document, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\style.css (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Doc\xmlwf.xml (copy)

HTML document, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\MANIFEST.txt (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\README.txt (copy)

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\AUTHORS (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\CMake.README (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\CMakeLists.txt (copy)

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\Changes (copy)

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\ConfigureChecks.cmake (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\README.txt (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\cmake\expat-config.cmake.in (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\cmake\is-LP4TH.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\examples\element_declarations.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\examples\elements.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\examples\is-M6QVJ.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\examples\is-MUUIU.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\examples\is-NVJFR.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\examples\outline.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\expat.pc.cmake (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\expat_config.h.cmake (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\fuzz\is-4F42Q.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\fuzz\is-RPQ2E.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\fuzz\xml_parse_fuzzer.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\fuzz\xml_parsebuffer_fuzzer.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-1M6UD.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-4RN45.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-4TEN0.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-BU5Q8.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-H25RM.tmp

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-OO3ST.tmp

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-Q8GQB.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\is-VLGVF.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\ascii.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\asciitab.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\expat.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\expat_external.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\iasciitab.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\internal.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-0NQ1V.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-0QULD.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-2V4HH.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-3FINP.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-5DSP8.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-77E2B.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-7OS8V.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-9CIQT.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-A5PO8.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-EVI0M.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-ILF40.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-IVCOF.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-KHCSJ.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-L4L5J.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-M50E9.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-MI6A3.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-NFJ3Q.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-RIOO6.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-SU64I.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\is-TJH8S.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\latin1tab.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\libexpat.def.cmake (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\nametab.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\siphash.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\utf8tab.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\winconfig.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmlparse.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmlrole.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmlrole.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmltok.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmltok.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmltok_impl.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmltok_impl.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\lib\xmltok_ns.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\README.txt (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\acc_tests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\acc_tests.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\acc_tests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\alloc_tests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\alloc_tests.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\alloc_tests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\basic_tests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\basic_tests.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\basic_tests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\benchmark\README.txt (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\benchmark\benchmark.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\benchmark\is-00L86.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\benchmark\is-58I4D.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\chardata.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\chardata.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\chardata_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\common.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\common.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\common_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\dummy.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\dummy.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\dummy_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\handlers.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\handlers.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\handlers_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-086DP.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-0I9DR.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-0TGOL.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-0U35S.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-0UF70.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-1PKN3.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-1PTGN.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-2E0O4.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-2LFRU.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-2PGHA.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-3DN6T.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-46366.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-4T8BP.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-6UN7H.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-783BU.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-7A8F6.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-8T34J.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-AB5R8.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-AEAHU.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-B3JB9.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-BABGD.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-CM8I1.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-EN2R7.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-FAQ1J.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-GKCO5.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-GRQ5H.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-HKABH.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-HM97B.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-IFIDL.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-JG18B.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-KEF45.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-MF70H.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-P9N1R.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-PK54U.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-PLV8S.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-R2IN9.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-R4JGM.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-RHCBV.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-T6TE1.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-U60U5.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-UPJFQ.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\is-VH6VT.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\memcheck.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\memcheck.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\memcheck_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\minicheck.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\minicheck.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\minicheck_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\misc_tests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\misc_tests.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\misc_tests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\ns_tests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\ns_tests.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\ns_tests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\nsalloc_tests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\nsalloc_tests.h (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\nsalloc_tests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\runtests.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\runtests_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\structdata.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\structdata.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\tests\structdata_cxx.cpp (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\win32\is-159PV.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\win32\version.rc.cmake (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\codepage.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\codepage.h (copy)

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\ct.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\filemap.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-14180.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-1HUCM.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-4ITH4.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-5H0IK.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-A1L8Q.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-EARCD.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-KHE4M.tmp

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-LSI1G.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-MUAV6.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-QJETI.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-RU7BN.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-SFINL.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\is-TBCVA.tmp

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\readfilemap.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\unixfilemap.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\win32filemap.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\xmlfile.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\xmlfile.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\xmlmime.c (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\xmlmime.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\xmltchar.h (copy)

C source, ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\Source\xmlwf\xmlwf.c (copy)

C source, Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\Uninstall\unins000.dat

InnoSetup Log Expat, version 0x418, 19009 bytes, 138727\37\user\376\, C:\Program Files (x86)\Expat 2.6.2\376\377

dropped

C:\Program Files (x86)\Expat 2.6.2\is-4FTAQ.tmp

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Expat 2.6.2\is-5OE5U.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\is-5PQDQ.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\is-LHF0I.tmp

ASCII text

dropped

C:\Program Files (x86)\Expat 2.6.2\is-MRCVE.tmp

Unicode text, UTF-8 text

dropped

C:\Users\user\AppData\Local\Temp\is-M6SQ1.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

\Device\ConDrv

ASCII text, with no line terminators

dropped

There are 215 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\expat-win32bin-2.6.2.exe

"C:\Users\user\Desktop\expat-win32bin-2.6.2.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5692
Target ID:	0
Parent PID:	4380
Name:	expat-win32bin-2.6.2.exe
Path:	C:\Users\user\Desktop\expat-win32bin-2.6.2.exe
Commandline:	"C:\Users\user\Desktop\expat-win32bin-2.6.2.exe"
Size:	1152968
MD5:	7E3077DA4633AD49B055D9447B4509FA
Time:	15:30:13
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\is-5QN94.tmp\expat-win32bin-2.6.2.tmp

"C:\Users\user\AppData\Local\Temp\is-5QN94.tmp\expat-win32bin-2.6.2.tmp" /SL5="$40390,763717,121344,C:\Users\user\Desktop\expat-win32bin-2.6.2.exe"

Details

Is windows:	false
Is dropped:	true
PID:	5892
Target ID:	1
Parent PID:	5692
Name:	expat-win32bin-2.6.2.tmp
Path:	C:\Users\user\AppData\Local\Temp\is-5QN94.tmp\expat-win32bin-2.6.2.tmp
Commandline:	"C:\Users\user\AppData\Local\Temp\is-5QN94.tmp\expat-win32bin-2.6.2.tmp" /SL5="$40390,763717,121344,C:\Users\user\Desktop\expat-win32bin-2.6.2.exe"
Size:	1179648
MD5:	90FC739C83CD19766ACB562C66A7D0E2
Time:	15:30:13
Date:	19/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	1232896
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Dropped file seen in connection with other malware	System Summary
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\cmd.exe

"C:\Windows\system32\cmd.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6864
Target ID:	14
Parent PID:	4380
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	"C:\Windows\system32\cmd.exe"
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	15:30:38
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6fd780000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6872
Target ID:	15
Parent PID:	6864
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	15:30:38
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6684c0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	7100
Target ID:	17
Parent PID:	804
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	15:30:46
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7dd620000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Expat 2.6.2\Bin\xmlwf.exe

xmlwf

Details

Is windows:	true
Is dropped:	false
PID:	4800
Target ID:	18
Parent PID:	6864
Name:	xmlwf.exe
Path:	C:\Program Files (x86)\Expat 2.6.2\Bin\xmlwf.exe
Commandline:	xmlwf
Size:	634368
MD5:	162E9381BECB2DC60B03AF229873AA69
Time:	15:31:07
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x420000
Modulesize:	659456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.innosetup.com/

unknown

https://osdn.net/projects/mingw/ticket/39658

unknown

https://www.131002.net/siphash/siphash24.c

unknown

http://example.org/e

unknown

http://example.org/long/enough/URI/to/reallocate/

unknown

https://www.xml.com/

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://example.org/

unknown

http://example.org/a

unknown

https://www.131002.net/siphash/

unknown

https://rsms.me/inter/inter.css

unknown

http://example.org/n

unknown

http://example.org/two.ent

unknown

http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU

unknown

http://check.sourceforge.net/

unknown

http://example.org/doc.dtd

unknown

https://gcc.gnu.org/onlinedocs/gcc/x86-Windows-Options.html

unknown

http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd

unknown

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34302

unknown

https://131002.net/siphash/siphash.pdf

unknown

https://gcc.gnu.org/onlinedocs/gcc-3.4.3/cpp/Stringification.html

unknown

http://example.org/entity.ent

unknown

https://semver.org

unknown

https://sourceforge.net/p/predef/wiki/Compilers/

unknown

https://oss-fuzz.com/testcase-detail/4860575394955264

unknown

https://datatracker.ietf.org/doc/html/rfc3986#appendix-A

unknown

https://www.gnu.org/philosophy/free-sw.en.html).

unknown

http://example.org/dummy.ent

unknown

http://pubs.opengroup.org/onlinepubs/009695399/functions/read.html

unknown

https://verbump.de/

unknown

https://domain.invalid/

unknown

http://example.org/baz

unknown

http://example.org/

unknown

http://example.org/dtd.ent

unknown

http://example.org/foo

unknown

https://uriparser.github.io/

unknown

https://www.unicode.org/unicode/reports/tr28/

unknown

http://www.remobjects.com/ps

unknown

https://namespace1.test

unknown

https://cmake.org/cmake/help/latest/variable/MSVC_VERSION.html

unknown

http://example.org/one.ent

unknown

http://example.org/ns1

unknown

http://www.jclark.com/xml/canonxml.html

unknown

There are 33 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

Inno Setup: Setup Version

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

Inno Setup: App Path

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

Inno Setup: Icon Group

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

Inno Setup: User

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

Inno Setup: Language

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

QuietUninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

MajorVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

MinorVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\expat_is1

EstimatedSize

There are 17 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

427000

unkown

page execute read

5EF5000

direct allocation

page read and write

22F9000

direct allocation

page read and write

232C000

direct allocation

page read and write

704000

heap

page read and write

354E000

stack

page read and write

1230000

heap

page read and write

C6215FF000

stack

page read and write

858000

heap

page read and write

C6214FE000

stack

page read and write

32D0000

direct allocation

page read and write

490000

heap

page read and write

64E000

stack

page read and write

50D000

unkown

page write copy

2430000

direct allocation

page read and write

705000

heap

page read and write

350E000

stack

page read and write

22E8000

direct allocation

page read and write

853000

heap

page read and write

658000

heap

page read and write

22C6000

direct allocation

page read and write

700000

heap

page read and write

24D0000

direct allocation

page read and write

23D3000

direct allocation

page read and write

830000

heap

page read and write

23A9000

direct allocation

page read and write

4B9000

unkown

page readonly

113E000

stack

page read and write

23F2000

direct allocation

page read and write

887000

heap

page read and write

22AF000

direct allocation

page read and write

2335000

heap

page read and write

21EAA5A0000

heap

page read and write

11CE000

stack

page read and write

704000

heap

page read and write

881000

heap

page read and write

22A7000

direct allocation

page read and write

4B9000

unkown

page readonly

90E000

heap

page read and write

704000

heap

page read and write

94F000

stack

page read and write

2454000

direct allocation

page read and write

22E0000

heap

page read and write

2446000

direct allocation

page read and write

23A2000

direct allocation

page read and write

25E6000

direct allocation

page read and write

1900000

heap

page read and write

2284000

direct allocation

page read and write

3436000

direct allocation

page read and write

887000

heap

page read and write

5BE6000

heap

page read and write

21EA8A10000

heap

page read and write

5DB0000

direct allocation

page read and write

32D0000

direct allocation

page read and write

84C000

heap

page read and write

704000

heap

page read and write

421000

unkown

page execute read

23C6000

direct allocation

page read and write

4B6000

unkown

page write copy

C62147C000

stack

page read and write

500000

unkown

page execute read

889000

heap

page read and write

400000

unkown

page readonly

3427000

direct allocation

page read and write

245C000

direct allocation

page read and write

704000

heap

page read and write

5AE000

stack

page read and write

889000

heap

page read and write

22A0000

direct allocation

page read and write

401000

unkown

page execute read

530000

heap

page read and write

86D000

heap

page read and write

704000

heap

page read and write

86D000

heap

page read and write

5E34000

direct allocation

page read and write

22F0000

direct allocation

page execute and read and write

5BE0000

heap

page read and write

34D0000

direct allocation

page read and write

2300000

direct allocation

page read and write

417000

unkown

page read and write

850000

heap

page read and write

88E000

heap

page read and write

22B7000

direct allocation

page read and write

2478000

direct allocation

page read and write

17FF000

stack

page read and write

5BF1000

heap

page read and write

2316000

direct allocation

page read and write

236E000

direct allocation

page read and write

21EA8A00000

heap

page read and write

123A000

heap

page read and write

704000

heap

page read and write

4A5000

unkown

page readonly

BF0000

heap

page read and write

2267000

direct allocation

page read and write

881000

heap

page read and write

871000

heap

page read and write

5BB0000

heap

page read and write

2275000

direct allocation

page read and write

22F1000

direct allocation

page read and write

5BE2000

heap

page read and write

650000

heap

page read and write

87F000

heap

page read and write

DD0000

heap

page read and write

424000

unkown

page readonly

228B000

direct allocation

page read and write

21EA8C00000

heap

page read and write

5CB0000

heap

page read and write

2990000

heap

page read and write

226E000

direct allocation

page read and write

B2F000

stack

page read and write

704000

heap

page read and write

2384000

direct allocation

page read and write

85D000

heap

page read and write

230F000

direct allocation

page read and write

5BE7000

heap

page read and write

7FE2E000

direct allocation

page read and write

39CF000

stack

page read and write

2360000

direct allocation

page read and write

14FF000

stack

page read and write

881000

heap

page read and write

19C000

stack

page read and write

87E000

heap

page read and write

2341000

direct allocation

page read and write

5BF1000

heap

page read and write

502000

unkown

page write copy

21EA8CA5000

heap

page read and write

88D000

heap

page read and write

2340000

direct allocation

page read and write

50A000

unkown

page read and write

2640000

heap

page read and write

23E3000

direct allocation

page read and write

883000

heap

page read and write

4B6000

unkown

page read and write

23EB000

direct allocation

page read and write

872000

heap

page read and write

21EA8CA0000

heap

page read and write

881000

heap

page read and write

5BDC000

heap

page read and write

2251000

direct allocation

page read and write

2471000

direct allocation

page read and write

244D000

direct allocation

page read and write

2463000

direct allocation

page read and write

2339000

heap

page read and write

10FD000

stack

page read and write

21EA8A30000

heap

page read and write

419000

unkown

page write copy

25B0000

heap

page read and write

4BB000

unkown

page readonly

41C000

unkown

page readonly

412000

unkown

page write copy

502000

unkown

page read and write

5E89000

direct allocation

page read and write

2345000

direct allocation

page read and write

84F000

stack

page read and write

22BE000

direct allocation

page read and write

22E1000

direct allocation

page read and write

233A000

direct allocation

page read and write

246A000

direct allocation

page read and write

32E0000

direct allocation

page read and write

2348000

direct allocation

page read and write

47E000

stack

page read and write

C62157E000

stack

page read and write

16FF000

stack

page read and write

2299000

direct allocation

page read and write

7FE32000

direct allocation

page read and write

5BF1000

heap

page read and write

93000

stack

page read and write

513000

unkown

page readonly

22CD000

direct allocation

page read and write

227C000

direct allocation

page read and write

15FF000

stack

page read and write

704000

heap

page read and write

2375000

direct allocation

page read and write

2399000

direct allocation

page read and write

420000

unkown

page readonly

5F10000

direct allocation

page read and write

87C000

heap

page read and write

6CE000

stack

page read and write

5F7C000

direct allocation

page read and write

85F000

heap

page read and write

2324000

direct allocation

page read and write

80E000

stack

page read and write

2405000

direct allocation

page read and write

2260000

direct allocation

page read and write

887000

heap

page read and write

5BF1000

heap

page read and write

5BF1000

heap

page read and write

8A4000

heap

page read and write

2429000

direct allocation

page read and write

123E000

heap

page read and write

A4F000

stack

page read and write

23B7000

direct allocation

page read and write

2236000

direct allocation

page read and write

5BDC000

heap

page read and write

704000

heap

page read and write

32E0000

direct allocation

page read and write

68E000

stack

page read and write

21EA8A39000

heap

page read and write

5BF1000

heap

page read and write

838000

heap

page read and write

90E000

heap

page read and write

87D000

heap

page read and write

2258000

direct allocation

page read and write

5EE000

stack

page read and write

23B0000

direct allocation

page read and write

5CB1000

heap

page read and write

2333000

direct allocation

page read and write

24D0000

direct allocation

page read and write

120E000

stack

page read and write

2422000

direct allocation

page read and write

5BF1000

heap

page read and write

7FD20000

direct allocation

page read and write

243F000

direct allocation

page read and write

50D000

unkown

page read and write

23FD000

direct allocation

page read and write

51A000

unkown

page readonly

DC0000

heap

page read and write

A2E000

stack

page read and write

2AD0000

trusted library allocation

page read and write

6D0000

heap

page read and write

25E2000

direct allocation

page read and write

2643000

heap

page read and write

400000

unkown

page readonly

430000

heap

page read and write

3408000

direct allocation

page read and write

2292000

direct allocation

page read and write

51F000

unkown

page readonly

1247000

heap

page read and write

237C000

direct allocation

page read and write

887000

heap

page read and write

2438000

direct allocation

page read and write

2392000

direct allocation

page read and write

18E000

stack

page read and write

240C000

direct allocation

page read and write

241B000

direct allocation

page read and write

9B000

stack

page read and write

5BB1000

heap

page read and write

117E000

stack

page read and write

861000

heap

page read and write

2367000

direct allocation

page read and write

5DB6000

direct allocation

page read and write

88D000

heap

page read and write

88E000

heap

page read and write

480000

heap

page read and write

38CF000

stack

page read and write

238B000

direct allocation

page read and write

22D4000

direct allocation

page read and write

23BF000

direct allocation

page read and write

1180000

heap

page read and write

2330000

heap

page read and write

506000

unkown

page read and write

88A000

heap

page read and write

231D000

direct allocation

page read and write

D5D000

stack

page read and write

401000

unkown

page execute read

88E000

heap

page read and write

412000

unkown

page read and write

There are 247 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
expat-win32bin-2.6.2.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportexpat-win32bin-2.6.2.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
expat-win32bin-2.6.2.exe