Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6496
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	503296
MD5:	C9AD12873E4B3F8AE042800AB6CA01B5
Time:	17:45:58
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xff0000
Modulesize:	520192
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Spawns processes	System Summary	Process Injection
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6680
Target ID:	2
Parent PID:	6496
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	17:45:58
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x200000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6708
Target ID:	3
Parent PID:	6496
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	17:45:58
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x740000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6512
Target ID:	1
Parent PID:	6496
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	17:45:58
Date:	19/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

5.42.65.50:33080

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

https://duckduckgo.com/chrome_newtab

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

https://duckduckgo.com/ac/?q=

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id22Response2

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id5ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

5.42.65.50

unknown

Russian Federation

Details

IP:	5.42.65.50
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064

Blob

Details

TargetID:	3
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Value name:	Blob
Value data:	0B 00 00 00 01 00 00 00 48 00 00 00 54 00 69 00 74 00 61 00 6E 00 69 00 75 00 6D 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 02 00 00 00 01 00 00 00 CC 00 00 00 1C 00 00 00 6C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 7B 00 34 00 31 00 37 00 34 00 34 00 42 00 45 00 34 00 2D 00 31 00 31 00 43 00 35 00 2D 00 34 00 39 00 34 00 43 00 2D 00 41 00 32 00 31 00 33 00 2D 00 42 00 41 00 30 00 43 00 45 00 39 00 34 00 34 00 39 00 33 00 38 00 45 00 7D 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 20 00 43 00 72 00 79 00 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 2E 00 30 00 00 00 00 00 03 00 00 00 01 00 00 00 14 00 00 00 F1 A5 78 C4 CB 5D E7 9A 37 08 93 98 3F D4 DA 8B 67 B2 B0 64 20 00 00 00 01 00 00 00 0A 03 00 00 30 82 03 06 30 82 01 EE A0 03 02 01 02 02 08 67 F7 BE B9 6A 4C 27 98 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 32 33 30 33 31 34 31 30 33 35 32 30 5A 17 0D 32 36 30 36 31 37 31 30 33 35 32 30 5A 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 86 E4 57 7A 58 61 CE 81 91 77 D0 05 FA 51 D5 51 5A 93 6C 61 0C CF CB DE 53 32 CD 15 1D A6 47 EE 88 1A 24 5C 9B 02 83 3B 02 AF 3D 76 FE 20 BD 3B FA F7 A2 09 73 E7 2E BD 94 40 D0 9D 8C 3D 27 13 BD F0 D0 9F EB 95 32 AC D7 A4 2D A2 A9 52 DA A8 6A 2A 88 EE 42 7D 30 95 9D 90 BF BA 05 27 6A A0 29 98 A6 98 6F C0 13 06 62 9B 79 B8 40 5D 1F 1F A6 D9 A4 2F 82 7A FC 75 66 34 0D C2 DE 27 01 2B 94 BB 4A 27 B3 CB 1C 21 9A 3C B2 C1 42 03 F3 44 51 BD 62 65 20 ED D4 DB CC 41 4F 59 3F 2A CB C4 84 79 F7 14 3C BE 13 9C FD 12 9C 91 3E 53 03 DC 20 F9 4C 44 35 89 01 B6 9A 84 8D 7E A0 2E 30 8A 31 15 60 AC 00 AE 00 9A 29 10 9A EE D9 71 3D D8 91 9B 97 ED 59 80 58 E1 7F 07 26 C7 A0 20 F7 10 AB C0 62 91 DF AA F1 81 C6 BE 6A 76 C8 9C B6 8E B0 B0 EC 1C D9 5F 32 6C 7E 55 58 8B FD 76 C5 19 02 03 01 00 01 A3 28 30 26 30 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 70 85 12 93 D7 57 E9 82 79 7D C5 F7 F2 7D A8 94 EF 0C DB 32 9F 06 A6 09 6E 0C F6 04 B0 E5 47 11 56 0E F4 0F 52 82 08 2E 21 0F 55 A3 DB 41 F3 12 54 8B 76 11 F5 F0 DA CE A3 C7 8B 13 F6 FC 24 3C 02 B1 06 66 5B E6 9E 18 40 88 41 5B 27 39 99 B8 77 BE E3 53 A2 48 CE C7 EE B5 A0 95 C2 17 4B C9 52 6C AF E3 37 2C 59 DB FB E7 58 13 4E D3 51 E5 14 72 73 FE C6 85 77 AE 45 52 A6 F9 9A C8 0C A8 D0 EE 42 2A F5 28 85 8C 6B E8 1C B0 A8 03 1A B0 AE 83 C0 EB 55 64 F4 E8 7A 5C 06 29 5D 39 03 EE E2 FD F9 2D 62 A7 F4 D4 05 4D EA A7 9B CA EB DA 4E 8B 1A 6E FD 42 AE F9 D0 1C 70 75 72 8C B1 3A A8 55 7C 85 A7 25 32 B5 E2 D6 C3 E5 50 41 C9 86 7C A8 F5 62 BB D2 AB 0C 37 10 D8 31 73 EC 37 81 D1 DC AA C5 C6 E0 7E E7 26 62 4D FD C5 81 4C FF D3 36 E1 79 32 F8 9B EB 9C F7 FD BE E9 BE BF 61

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

2B99000

trusted library allocation

page read and write

101E000

unkown

page read and write

402000

remote allocation

page execute and read and write

307D000

trusted library allocation

page read and write

3EA3000

trusted library allocation

page read and write

52B0000

trusted library allocation

page read and write

CAE000

stack

page read and write

2CD1000

trusted library allocation

page read and write

6870000

trusted library allocation

page execute and read and write

E0A000

trusted library allocation

page execute and read and write

2C34000

trusted library allocation

page read and write

3D1F000

trusted library allocation

page read and write

3BFA000

trusted library allocation

page read and write

54AA000

heap

page read and write

3ECA000

trusted library allocation

page read and write

3BF4000

trusted library allocation

page read and write

6586000

trusted library allocation

page read and write

6538000

trusted library allocation

page read and write

65B0000

trusted library allocation

page read and write

73B7000

heap

page read and write

3B82000

trusted library allocation

page read and write

5220000

heap

page read and write

6640000

trusted library allocation

page read and write

7427000

heap

page read and write

F95000

heap

page read and write

2CC7000

trusted library allocation

page read and write

3C0D000

trusted library allocation

page read and write

6670000

trusted library allocation

page execute and read and write

2FA7000

trusted library allocation

page read and write

B0D000

stack

page read and write

3F99000

trusted library allocation

page read and write

748E000

heap

page read and write

3033000

trusted library allocation

page read and write

4FE0000

heap

page read and write

3E99000

trusted library allocation

page read and write

1014000

unkown

page readonly

F70000

trusted library allocation

page read and write

D9D000

heap

page read and write

3F23000

trusted library allocation

page read and write

54B7000

heap

page read and write

C40000

heap

page read and write

3D7F000

trusted library allocation

page read and write

7B3E000

stack

page read and write

7664000

trusted library allocation

page read and write

54BF000

heap

page read and write

4BEC000

stack

page read and write

3C20000

trusted library allocation

page read and write

6581000

trusted library allocation

page read and write

5CE3000

heap

page read and write

65C5000

trusted library allocation

page read and write

2F8D000

trusted library allocation

page read and write

E10000

trusted library allocation

page read and write

3C74000

trusted library allocation

page read and write

62BE000

stack

page read and write

7315000

trusted library allocation

page read and write

4F34000

trusted library allocation

page read and write

7418000

heap

page read and write

3C32000

trusted library allocation

page read and write

304F000

trusted library allocation

page read and write

FF0000

unkown

page readonly

3D8C000

trusted library allocation

page read and write

2F6F000

trusted library allocation

page read and write

2F72000

trusted library allocation

page read and write

65E0000

trusted library allocation

page read and write

DF0000

trusted library allocation

page read and write

7610000

trusted library allocation

page read and write

6440000

trusted library allocation

page execute and read and write

6850000

trusted library allocation

page execute and read and write

742D000

heap

page read and write

3EDC000

trusted library allocation

page read and write

3C86000

trusted library allocation

page read and write

52C0000

heap

page execute and read and write

2F7C000

trusted library allocation

page read and write

4FF0000

trusted library allocation

page read and write

12AE000

heap

page read and write

2E6A000

trusted library allocation

page read and write

6600000

trusted library allocation

page read and write

E00000

trusted library allocation

page read and write

6B0A000

trusted library allocation

page read and write

3ECF000

trusted library allocation

page read and write

DD0000

trusted library allocation

page read and write

5CE7000

heap

page read and write

283E000

stack

page read and write

69FE000

stack

page read and write

657B000

trusted library allocation

page read and write

5053000

heap

page read and write

2AEE000

stack

page read and write

3C6F000

trusted library allocation

page read and write

5218000

trusted library allocation

page read and write

65CB000

trusted library allocation

page read and write

7560000

trusted library allocation

page read and write

E15000

trusted library allocation

page execute and read and write

3D12000

trusted library allocation

page read and write

7A3E000

stack

page read and write

2EE2000

trusted library allocation

page read and write

72F0000

trusted library allocation

page read and write

839E000

stack

page read and write

F90000

heap

page read and write

12AA000

heap

page read and write

106A000

unkown

page execute and read and write

3B5A000

trusted library allocation

page read and write

731A000

trusted library allocation

page read and write

3EFD000

trusted library allocation

page read and write

4F75000

trusted library allocation

page read and write

12A0000

heap

page read and write

4FAE000

trusted library allocation

page read and write

55BE000

stack

page read and write

7350000

heap

page read and write

7399000

heap

page read and write

7B7E000

stack

page read and write

3EFA000

trusted library allocation

page read and write

DE4000

trusted library allocation

page read and write

2CCD000

trusted library allocation

page read and write

3EA6000

trusted library allocation

page read and write

3B15000

trusted library allocation

page read and write

2C9D000

trusted library allocation

page read and write

4F51000

trusted library allocation

page read and write

3B2D000

trusted library allocation

page read and write

30C4000

trusted library allocation

page read and write

6460000

trusted library allocation

page execute and read and write

3025000

trusted library allocation

page read and write

DE0000

trusted library allocation

page read and write

E40000

heap

page read and write

2FC0000

trusted library allocation

page read and write

66C0000

trusted library allocation

page execute and read and write

3C2D000

trusted library allocation

page read and write

3B22000

trusted library allocation

page read and write

1014000

unkown

page readonly

7450000

heap

page read and write

B40000

heap

page read and write

542B000

heap

page read and write

746C000

heap

page read and write

3CC8000

trusted library allocation

page read and write

4FF2000

trusted library allocation

page read and write

76BA000

trusted library allocation

page read and write

6547000

trusted library allocation

page read and write

653A000

trusted library allocation

page read and write

E70000

heap

page execute and read and write

FF1000

unkown

page execute read

6B6B000

stack

page read and write

72AE000

stack

page read and write

3EE1000

trusted library allocation

page read and write

5412000

heap

page read and write

7422000

heap

page read and write

3F10000

trusted library allocation

page read and write

7431000

heap

page read and write

3C92000

trusted library allocation

page read and write

159F000

stack

page read and write

3FC9000

trusted library allocation

page read and write

F9E000

heap

page read and write

3F75000

trusted library allocation

page read and write

6549000

trusted library allocation

page read and write

CB0000

heap

page read and write

2F76000

trusted library allocation

page read and write

7640000

trusted library allocation

page execute and read and write

3CA2000

trusted library allocation

page read and write

617E000

stack

page read and write

30CD000

trusted library allocation

page read and write

7340000

trusted library allocation

page read and write

2F99000

trusted library allocation

page read and write

E12000

trusted library allocation

page read and write

3C9F000

trusted library allocation

page read and write

730F000

trusted library allocation

page read and write

4F70000

trusted library allocation

page read and write

72F2000

trusted library allocation

page read and write

AF7000

stack

page read and write

3C02000

trusted library allocation

page read and write

2F4A000

trusted library allocation

page read and write

6B0D000

trusted library allocation

page read and write

65D0000

trusted library allocation

page read and write

6AFC000

stack

page read and write

3F93000

trusted library allocation

page read and write

3F58000

trusted library allocation

page read and write

3F35000

trusted library allocation

page read and write

6592000

trusted library allocation

page read and write

7491000

heap

page read and write

627E000

stack

page read and write

DED000

trusted library allocation

page execute and read and write

3C48000

trusted library allocation

page read and write

79FE000

stack

page read and write

3D51000

trusted library allocation

page read and write

2CC9000

trusted library allocation

page read and write

63BF000

stack

page read and write

3FAC000

trusted library allocation

page read and write

72F9000

trusted library allocation

page read and write

101E000

unkown

page write copy

E17000

trusted library allocation

page execute and read and write

760E000

stack

page read and write

CEF000

heap

page read and write

745A000

heap

page read and write

7DFE000

stack

page read and write

F8E000

trusted library allocation

page read and write

3CC3000

trusted library allocation

page read and write

3CAA000

trusted library allocation

page read and write

5EBF000

stack

page read and write

526E000

stack

page read and write

6B10000

trusted library allocation

page read and write

D55000

heap

page read and write

CBB000

heap

page read and write

3F29000

trusted library allocation

page read and write

3F3C000

trusted library allocation

page read and write

3CB5000

trusted library allocation

page read and write

3C81000

trusted library allocation

page read and write

11B0000

heap

page read and write

3FA0000

trusted library allocation

page read and write

73EE000

heap

page read and write

DFD000

trusted library allocation

page execute and read and write

6545000

trusted library allocation

page read and write

3F51000

trusted library allocation

page read and write

76AE000

stack

page read and write

E97000

heap

page read and write

D6B000

heap

page read and write

3CDA000

trusted library allocation

page read and write

73E3000

heap

page read and write

5480000

heap

page read and write

3C26000

trusted library allocation

page read and write

4F80000

trusted library allocation

page read and write

2948000

trusted library allocation

page read and write

54CE000

heap

page read and write

3D25000

trusted library allocation

page read and write

D4F000

heap

page read and write

3EF7000

trusted library allocation

page read and write

DE3000

trusted library allocation

page execute and read and write

3FB3000

trusted library allocation

page read and write

3EB1000

trusted library allocation

page read and write

E1B000

trusted library allocation

page execute and read and write

73A6000

heap

page read and write

6840000

trusted library allocation

page read and write

2CA3000

trusted library allocation

page read and write

72E0000

trusted library allocation

page read and write

53CF000

stack

page read and write

5050000

heap

page read and write

7480000

heap

page read and write

4FA0000

trusted library allocation

page read and write

5CBE000

stack

page read and write

3ED5000

trusted library allocation

page read and write

3D6A000

trusted library allocation

page read and write

4F5D000

trusted library allocation

page read and write

2FD8000

trusted library allocation

page read and write

3F3F000

trusted library allocation

page read and write

6B80000

trusted library allocation

page execute and read and write

7330000

trusted library allocation

page read and write

3C3E000

trusted library allocation

page read and write

51F0000

heap

page read and write

73FE000

heap

page read and write

3D3A000

trusted library allocation

page read and write

2FEC000

trusted library allocation

page read and write

659E000

trusted library allocation

page read and write

2CD7000

trusted library allocation

page read and write

E60000

trusted library allocation

page execute and read and write

6540000

trusted library allocation

page read and write

7382000

heap

page read and write

3D84000

trusted library allocation

page read and write

6820000

heap

page execute and read and write

3EA9000

trusted library allocation

page read and write

EFD000

stack

page read and write

6530000

trusted library allocation

page read and write

BFE000

stack

page read and write

54A0000

heap

page read and write

B60000

heap

page read and write

3CE4000

trusted library allocation

page read and write

2C57000

trusted library allocation

page read and write

3BF7000

trusted library allocation

page read and write

4F56000

trusted library allocation

page read and write

11AE000

stack

page read and write

3EE8000

trusted library allocation

page read and write

52AE000

stack

page read and write

B60000

heap

page read and write

2C24000

trusted library allocation

page read and write

55FE000

stack

page read and write

E90000

heap

page read and write

4F3B000

trusted library allocation

page read and write

2F9F000

trusted library allocation

page read and write

3EED000

trusted library allocation

page read and write

849E000

stack

page read and write

7710000

heap

page read and write

53D4000

heap

page read and write

730A000

trusted library allocation

page read and write

E02000

trusted library allocation

page read and write

F1E000

stack

page read and write

3D91000

trusted library allocation

page read and write

3CEF000

trusted library allocation

page read and write

303C000

trusted library allocation

page read and write

432000

remote allocation

page execute and read and write

2CF3000

trusted library allocation

page read and write

731F000

trusted library allocation

page read and write

75CD000

stack

page read and write

149F000

stack

page read and write

7630000

trusted library allocation

page execute and read and write

3F5D000

trusted library allocation

page read and write

3B1F000

trusted library allocation

page read and write

7620000

trusted library allocation

page execute and read and write

CF1000

heap

page read and write

3C4E000

trusted library allocation

page read and write

3BB3000

trusted library allocation

page read and write

301B000

trusted library allocation

page read and write

F5C000

stack

page read and write

2EDD000

trusted library allocation

page read and write

2F79000

trusted library allocation

page read and write

3F30000

trusted library allocation

page read and write

2ED5000

trusted library allocation

page read and write

66D0000

trusted library allocation

page execute and read and write

6660000

trusted library allocation

page execute and read and write

7EA000

stack

page read and write

6810000

trusted library allocation

page read and write

3D47000

trusted library allocation

page read and write

3FBE000

trusted library allocation

page read and write

3F05000

trusted library allocation

page read and write

743F000

heap

page read and write

67F0000

trusted library allocation

page read and write

72F5000

trusted library allocation

page read and write

7650000

trusted library allocation

page read and write

12BD000

heap

page read and write

2AF1000

trusted library allocation

page read and write

65CE000

trusted library allocation

page read and write

3C56000

trusted library allocation

page read and write

7433000

heap

page read and write

3D18000

trusted library allocation

page read and write

3D09000

trusted library allocation

page read and write

2F64000

trusted library allocation

page read and write

E30000

trusted library allocation

page read and write

30AC000

trusted library allocation

page read and write

3C1B000

trusted library allocation

page read and write

D9A000

heap

page read and write

6650000

trusted library allocation

page read and write

30B6000

trusted library allocation

page read and write

76B0000

trusted library allocation

page read and write

3C39000

trusted library allocation

page read and write

73BB000

heap

page read and write

65C0000

trusted library allocation

page read and write

557E000

stack

page read and write

437000

remote allocation

page execute and read and write

5000000

trusted library allocation

page execute and read and write

400000

remote allocation

page execute and read and write

3F8E000

trusted library allocation

page read and write

F60000

trusted library allocation

page read and write

739C000

heap

page read and write

3B12000

trusted library allocation

page read and write

FF0000

unkown

page readonly

5210000

trusted library allocation

page read and write

7338000

trusted library allocation

page read and write

B45000

heap

page read and write

F80000

trusted library allocation

page read and write

2FB2000

trusted library allocation

page read and write

3AFF000

trusted library allocation

page read and write

446000

remote allocation

page execute and read and write

6535000

trusted library allocation

page read and write

3B38000

trusted library allocation

page read and write

3EBC000

trusted library allocation

page read and write

4F4E000

trusted library allocation

page read and write

73F8000

heap

page read and write

53D0000

heap

page read and write

3B46000

trusted library allocation

page read and write

7660000

trusted library allocation

page read and write

7308000

trusted library allocation

page read and write

29E0000

heap

page read and write

65A1000

trusted library allocation

page read and write

2F9C000

trusted library allocation

page read and write

3FA5000

trusted library allocation

page read and write

2FC8000

trusted library allocation

page read and write

CE4000

heap

page read and write

3CFE000

trusted library allocation

page read and write

3C61000

trusted library allocation

page read and write

5428000

heap

page read and write

73D7000

heap

page read and write

7CFE000

stack

page read and write

106B000

unkown

page read and write

6B00000

trusted library allocation

page read and write

6570000

trusted library allocation

page read and write

EDE000

stack

page read and write

D57000

heap

page read and write

7BBF000

stack

page read and write

3AF1000

trusted library allocation

page read and write

2F67000

trusted library allocation

page read and write

7FBB0000

trusted library allocation

page execute and read and write

106D000

unkown

page readonly

3F45000

trusted library allocation

page read and write

3046000

trusted library allocation

page read and write

3F67000

trusted library allocation

page read and write

2CA7000

trusted library allocation

page read and write

2CD3000

trusted library allocation

page read and write

3F4C000

trusted library allocation

page read and write

3B25000

trusted library allocation

page read and write

5CD2000

heap

page read and write

6B70000

trusted library allocation

page read and write

3F6A000

trusted library allocation

page read and write

7324000

trusted library allocation

page read and write

6830000

trusted library allocation

page read and write

7393000

heap

page read and write

E06000

trusted library allocation

page execute and read and write

3C4B000

trusted library allocation

page read and write

3C7A000

trusted library allocation

page read and write

4F62000

trusted library allocation

page read and write

3C8D000

trusted library allocation

page read and write

747E000

heap

page read and write

7360000

heap

page read and write

B70000

heap

page read and write

3D75000

trusted library allocation

page read and write

3D5C000

trusted library allocation

page read and write

52C3000

heap

page execute and read and write

B80000

heap

page read and write

293E000

stack

page read and write

5600000

trusted library allocation

page read and write

106D000

unkown

page readonly

7BC0000

heap

page read and write

2F8F000

trusted library allocation

page read and write

69BC000

stack

page read and write

3F6D000

trusted library allocation

page read and write

3C9C000

trusted library allocation

page read and write

65F0000

trusted library allocation

page read and write

72E2000

trusted library allocation

page read and write

304A000

trusted library allocation

page read and write

7373000

heap

page read and write

736D000

heap

page read and write

FF1000

unkown

page execute read

6610000

trusted library allocation

page read and write

3F1E000

trusted library allocation

page read and write

4F30000

trusted library allocation

page read and write

3FAF000

trusted library allocation

page read and write

E80000

trusted library allocation

page read and write

6800000

trusted library allocation

page read and write

7320000

trusted library allocation

page read and write

3F80000

trusted library allocation

page read and write

68BC000

stack

page read and write

There are 414 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
file.exe