Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe

"C:\Users\user\Desktop\SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4888
Target ID:	0
Parent PID:	4004
Name:	SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe"
Size:	12960432
MD5:	61144B1D8168AF54DA7F364640019E2C
Time:	14:40:10
Date:	23/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe20000
Modulesize:	26021888
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Public key (encryption) found	Cryptography	Archive Collected Data
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://www.ostoto.com/web/install/%d/1d?/

unknown

http://int.updrv.com/dtl/server.ashx?type=%d

unknown

http://www.ostoto.com/licence/EULA-for-OSToto-Driver-Talent.html3

unknown

http://www.openssl.org/support/faq.html....................

unknown

http://www.symauth.com/rpa00

unknown

http://install.integrate.drivethelife.com/common/IntegrateInstallStat.ashx.

unknown

http://bbs.160.com/forum-66-1.html

unknown

https://d.sy

unknown

http://int.softconfig.drivethelife.com/server.ashx?type=%d

unknown

http://www.drivethelife.com/

unknown

http://install.integrate.drivethelife.com/common/IntegrateInstallStat.ashx

unknown

http://www.ostoto.com/web/uninstall/%d/1

unknown

http://bbs.160.com/forum-66-1.html0

unknown

http://www.symauth.com/cps0(

unknown

http://int.updrv.com/common/IntegrateUnInstallStat.ashx

unknown

http://www.drivethelife.com/EULA.html

unknown

http://www.ostoto.com/web/install/%d/1

unknown

https://curl.haxx.se/docs/http-cookies.html

unknown

http://www.openssl.org/support/faq.html

unknown

http://int.softconfig.drivethelife.com/server.ashx?type=%dhttp://int.updrv.com/dtl/server.ashx?type=

unknown

http://www.drivethelife.com/D

unknown

http://www.ostoto.com/licence/EULA-for-OSToto-Driver-Talent.html

unknown

There are 12 hidden URLs, click here to show them.

Domains

Name

Malicious

online1.integrate.drivethelife.com

209.58.131.173

dispatch.integrate.drivethelife.com

209.58.131.173

Details

Name:	dispatch.integrate.drivethelife.com
IP:	209.58.131.173
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

behaviorgather.integrate.drivethelife.com

209.58.131.173

int.softconfig.drivethelife.com

unknown

IPs

Domain

Country

Malicious

209.58.131.173

online1.integrate.drivethelife.com

United States

Details

IP:	209.58.131.173
TargetID:	0
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe
Country:	United States
Countrycode:	USA
ASN number:	7203
ASN name:	LEASEWEB-USA-SFO-12US
Private:	false
Domain:	online1.integrate.drivethelife.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 A7 F2 E4 16 06 41 11 50 30 6B 9C E3 B4 9C B0 C9 0F 00 00 00 01 00 00 00 14 00 00 00 F4 5A 08 58 C9 CD 92 0E 64 7B AD 53 9A B9 F1 CF C7 7F 24 CB 0B 00 00 00 01 00 00 00 2A 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 55 00 54 00 4E 00 20 00 4F 00 62 00 6A 00 65 00 63 00 74 00 29 00 00 00 09 00 00 00 01 00 00 00 22 00 00 00 30 20 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 08 62 00 00 00 01 00 00 00 20 00 00 00 6F FF 78 E4 00 A7 0C 11 01 1C D8 59 77 C4 59 FB 5A F9 6A 3D F0 54 08 20 D0 F4 B8 60 78 75 E5 8F 14 00 00 00 01 00 00 00 14 00 00 00 DA ED 64 74 14 9C 14 3C AB DD 99 A9 BD 5B 28 4D 8B 3C C9 D8 1D 00 00 00 01 00 00 00 10 00 00 00 F9 19 B9 CC CE 1E 59 C2 E7 85 F7 DC 2C CF 67 08 7E 00 00 00 01 00 00 00 08 00 00 00 00 00 63 F5 89 26 D7 01 68 00 00 00 01 00 00 00 08 00 00 00 00 40 91 20 D0 35 D9 01 03 00 00 00 01 00 00 00 14 00 00 00 E1 2D FB 4B 41 D7 D9 C3 2B 30 51 4B AC 1D 81 D8 38 5E 2D 46 19 00 00 00 01 00 00 00 10 00 00 00 E8 43 AC 3B 52 EC 8C 29 7F A9 48 C9 B1 FB 28 19 20 00 00 00 01 00 00 00 6A 04 00 00 30 82 04 66 30 82 03 4E A0 03 02 01 02 02 10 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 95 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 55 54 31 17 30 15 06 03 55 04 07 13 0E 53 61 6C 74 20 4C 61 6B 65 20 43 69 74 79 31 1E 30 1C 06 03 55 04 0A 13 15 54 68 65 20 55 53 45 52 54 52 55 53 54 20 4E 65 74 77 6F 72 6B 31 21 30 1F 06 03 55 04 0B 13 18 68 74 74 70 3A 2F 2F 77 77 77 2E 75 73 65 72 74 72 75 73 74 2E 63 6F 6D 31 1D 30 1B 06 03 55 04 03 13 14 55 54 4E 2D 55 53 45 52 46 69 72 73 74 2D 4F 62 6A 65 63 74 30 1E 17 0D 39 39 30 37 30 39 31 38 33 31 32 30 5A 17 0D 31 39 30 37 30 39 31 38 34 30 33 36 5A 30 81 95 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 55 54 31 17 30 15 06 03 55 04 07 13 0E 53 61 6C 74 20 4C 61 6B 65 20 43 69 74 79 31 1E 30 1C 06 03 55 04 0A 13 15 54 68 65 20 55 53 45 52 54 52 55 53 54 20 4E 65 74 77 6F 72 6B 31 21 30 1F 06 03 55 04 0B 13 18 68 74 74 70 3A 2F 2F 77 77 77 2E 75 73 65 72 74 72 75 73 74 2E 63 6F 6D 31 1D 30 1B 06 03 55 04 03 13 14 55 54 4E 2D 55 53 45 52 46 69 72 73 74 2D 4F 62 6A 65 63 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 CE AA 81 3F A3 A3 61 78 AA 31 00 55 95 11 9E 27 0F 1F 1C DF 3A 9B 82 68 30 C0 4A 61 1D F1 2F 0E FA BE 79 F7 A5 23 EF 55 51 96 84 CD DB E3 B9 6E 3E 31 D8 0A 20 67 C7 F4 D9 BF 94 EB 47 04 3E 02 CE 2A A2 5D 87 04 09 F6 30 9D 18 8A 97 B2 AA 1C FC 41 D2 A1 36 CB FB 3D 91 BA E7 D9 70 35 FA E4 E7 90 C3 9B A3 9B D3 3C F5 12 99 77 B1 B7 09 E0 68 E6 1C B8 F3 94 63 88 6A 6A FE 0B 76 C9 BE F4 22 E4 67 B9 AB 1A 5E 77 C1 85 07 DD 0D 6C BF EE 06 C7 77 6A 41 9E A7 0F D7 FB EE 94 17 B7 FC 85 BE A4 AB C4 1C 31 DD D7 B6 D1 E4 F0 EF DF 16 8F B2 52 93 D7 A1 D4 89 A1 07 2E BF E1 01 12 42 1E 1A E1 D8 95 34 DB 64 79 28 FF BA 2E 11 C2 E5 E8 5B 92 48 FB 47 0B C2 6C DA AD 32 83 41 F3 A5 E5 41 70 FD 65 90 6D FA FA 51 C4 F9 BD 96 2B 19 04 2C D3 6D A7 DC F0 7F 6F 83 65 E2 6A AB 87 86 75 02 03 01 00 01 A3 81 AF 30 81 AC 30 0B 06 03 55 1D 0F 04 04 03 02 01 C6 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 DA ED 64 74 14 9C 14 3C AB DD 99 A9 BD 5B 28 4D 8B 3C C9 D8 30 42 06 03 55 1D 1F 04 3B 30 39 30 37 A0 35 A0 33 86 31 68 74 74 70 3A 2F 2F 63 72 6C 2E 75 73 65 72 74 72 75 73 74 2E 63 6F 6D 2F 55 54 4E 2D 55 53 45 52 46 69 72 73 74 2D 4F 62 6A 65 63 74 2E 63 72 6C 30 29 06 03 55 1D 25 04 22 30 20 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 08 06 0A 2B 06 01 04 01 82 37 0A 03 04 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 1F 52 B1 37 44 78 DB FD CE B9 DA 95 96 98 AA 55 64 80 B5 5A 40 DD 21 A5 C5 C1 F3 5F 2C 4C C8 47 5A 69 EA E8 F0 35 35 F4 D0 25 F3 C8 A6 A4 87 4A BD 1B B1 73 08 BD D4 C3 CA B6 35 BB 59 86 77 31 CD A7 80 14 AE 13 EF FC B1 48 F9 6B 25 25 2D 51 B6 2C 6D 45 C1 98 C8 8A 56 5D 3E EE 43 4E 3E 6B 27 8E D0 3A 4B 85 0B 5F D3 ED 6A A7 75 CB D1 5A 87 2F 39 75 13 5A 72 B0 02 81 9F BE F0 0F 84 54 20 62 6C 69 D4 E1 4D C6 0D 99 43 01 0D 12 96 8C 78 9D BF 50 A2 B1 44 AA 6A CF 17 7A CF 6F 0F D4 F8 24 55 5F F0 34 16 49 66 3E 50 46 C9 63 71 38 31 62 B8 62 B9 F3 53 AD 6C B5 2B A2 12 AA 19 4F 09 DA 5E E7 93 C6 8E 14 08 FE F0 30 80 18 A0 86 85 4D C8 7D D7 8B 03 FE 6E D5 F7 9D 16 AC 92 2C A0 23 E5 9C 91 52 1F 94 DF 17 94 73 C3 B3 C1 C1 71 05 20 00 78 BD 13 52 1D A8 3E CD 00 1F C8

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 E8 43 AC 3B 52 EC 8C 29 7F A9 48 C9 B1 FB 28 19 03 00 00 00 01 00 00 00 14 00 00 00 E1 2D FB 4B 41 D7 D9 C3 2B 30 51 4B AC 1D 81 D8 38 5E 2D 46 68 00 00 00 01 00 00 00 08 00 00 00 00 40 91 20 D0 35 D9 01 7E 00 00 00 01 00 00 00 08 00 00 00 00 00 63 F5 89 26 D7 01 1D 00 00 00 01 00 00 00 10 00 00 00 F9 19 B9 CC CE 1E 59 C2 E7 85 F7 DC 2C CF 67 08 14 00 00 00 01 00 00 00 14 00 00 00 DA ED 64 74 14 9C 14 3C AB DD 99 A9 BD 5B 28 4D 8B 3C C9 D8 62 00 00 00 01 00 00 00 20 00 00 00 6F FF 78 E4 00 A7 0C 11 01 1C D8 59 77 C4 59 FB 5A F9 6A 3D F0 54 08 20 D0 F4 B8 60 78 75 E5 8F 09 00 00 00 01 00 00 00 22 00 00 00 30 20 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 08 0B 00 00 00 01 00 00 00 2A 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 55 00 54 00 4E 00 20 00 4F 00 62 00 6A 00 65 00 63 00 74 00 29 00 00 00 0F 00 00 00 01 00 00 00 14 00 00 00 F4 5A 08 58 C9 CD 92 0E 64 7B AD 53 9A B9 F1 CF C7 7F 24 CB 04 00 00 00 01 00 00 00 10 00 00 00 A7 F2 E4 16 06 41 11 50 30 6B 9C E3 B4 9C B0 C9 20 00 00 00 01 00 00 00 6A 04 00 00 30 82 04 66 30 82 03 4E A0 03 02 01 02 02 10 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 95 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 55 54 31 17 30 15 06 03 55 04 07 13 0E 53 61 6C 74 20 4C 61 6B 65 20 43 69 74 79 31 1E 30 1C 06 03 55 04 0A 13 15 54 68 65 20 55 53 45 52 54 52 55 53 54 20 4E 65 74 77 6F 72 6B 31 21 30 1F 06 03 55 04 0B 13 18 68 74 74 70 3A 2F 2F 77 77 77 2E 75 73 65 72 74 72 75 73 74 2E 63 6F 6D 31 1D 30 1B 06 03 55 04 03 13 14 55 54 4E 2D 55 53 45 52 46 69 72 73 74 2D 4F 62 6A 65 63 74 30 1E 17 0D 39 39 30 37 30 39 31 38 33 31 32 30 5A 17 0D 31 39 30 37 30 39 31 38 34 30 33 36 5A 30 81 95 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0B 30 09 06 03 55 04 08 13 02 55 54 31 17 30 15 06 03 55 04 07 13 0E 53 61 6C 74 20 4C 61 6B 65 20 43 69 74 79 31 1E 30 1C 06 03 55 04 0A 13 15 54 68 65 20 55 53 45 52 54 52 55 53 54 20 4E 65 74 77 6F 72 6B 31 21 30 1F 06 03 55 04 0B 13 18 68 74 74 70 3A 2F 2F 77 77 77 2E 75 73 65 72 74 72 75 73 74 2E 63 6F 6D 31 1D 30 1B 06 03 55 04 03 13 14 55 54 4E 2D 55 53 45 52 46 69 72 73 74 2D 4F 62 6A 65 63 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 CE AA 81 3F A3 A3 61 78 AA 31 00 55 95 11 9E 27 0F 1F 1C DF 3A 9B 82 68 30 C0 4A 61 1D F1 2F 0E FA BE 79 F7 A5 23 EF 55 51 96 84 CD DB E3 B9 6E 3E 31 D8 0A 20 67 C7 F4 D9 BF 94 EB 47 04 3E 02 CE 2A A2 5D 87 04 09 F6 30 9D 18 8A 97 B2 AA 1C FC 41 D2 A1 36 CB FB 3D 91 BA E7 D9 70 35 FA E4 E7 90 C3 9B A3 9B D3 3C F5 12 99 77 B1 B7 09 E0 68 E6 1C B8 F3 94 63 88 6A 6A FE 0B 76 C9 BE F4 22 E4 67 B9 AB 1A 5E 77 C1 85 07 DD 0D 6C BF EE 06 C7 77 6A 41 9E A7 0F D7 FB EE 94 17 B7 FC 85 BE A4 AB C4 1C 31 DD D7 B6 D1 E4 F0 EF DF 16 8F B2 52 93 D7 A1 D4 89 A1 07 2E BF E1 01 12 42 1E 1A E1 D8 95 34 DB 64 79 28 FF BA 2E 11 C2 E5 E8 5B 92 48 FB 47 0B C2 6C DA AD 32 83 41 F3 A5 E5 41 70 FD 65 90 6D FA FA 51 C4 F9 BD 96 2B 19 04 2C D3 6D A7 DC F0 7F 6F 83 65 E2 6A AB 87 86 75 02 03 01 00 01 A3 81 AF 30 81 AC 30 0B 06 03 55 1D 0F 04 04 03 02 01 C6 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 DA ED 64 74 14 9C 14 3C AB DD 99 A9 BD 5B 28 4D 8B 3C C9 D8 30 42 06 03 55 1D 1F 04 3B 30 39 30 37 A0 35 A0 33 86 31 68 74 74 70 3A 2F 2F 63 72 6C 2E 75 73 65 72 74 72 75 73 74 2E 63 6F 6D 2F 55 54 4E 2D 55 53 45 52 46 69 72 73 74 2D 4F 62 6A 65 63 74 2E 63 72 6C 30 29 06 03 55 1D 25 04 22 30 20 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 08 06 0A 2B 06 01 04 01 82 37 0A 03 04 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 1F 52 B1 37 44 78 DB FD CE B9 DA 95 96 98 AA 55 64 80 B5 5A 40 DD 21 A5 C5 C1 F3 5F 2C 4C C8 47 5A 69 EA E8 F0 35 35 F4 D0 25 F3 C8 A6 A4 87 4A BD 1B B1 73 08 BD D4 C3 CA B6 35 BB 59 86 77 31 CD A7 80 14 AE 13 EF FC B1 48 F9 6B 25 25 2D 51 B6 2C 6D 45 C1 98 C8 8A 56 5D 3E EE 43 4E 3E 6B 27 8E D0 3A 4B 85 0B 5F D3 ED 6A A7 75 CB D1 5A 87 2F 39 75 13 5A 72 B0 02 81 9F BE F0 0F 84 54 20 62 6C 69 D4 E1 4D C6 0D 99 43 01 0D 12 96 8C 78 9D BF 50 A2 B1 44 AA 6A CF 17 7A CF 6F 0F D4 F8 24 55 5F F0 34 16 49 66 3E 50 46 C9 63 71 38 31 62 B8 62 B9 F3 53 AD 6C B5 2B A2 12 AA 19 4F 09 DA 5E E7 93 C6 8E 14 08 FE F0 30 80 18 A0 86 85 4D C8 7D D7 8B 03 FE 6E D5 F7 9D 16 AC 92 2C A0 23 E5 9C 91 52 1F 94 DF 17 94 73 C3 B3 C1 C1 71 05 20 00 78 BD 13 52 1D A8 3E CD 00 1F C8

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

Memdumps

Base Address

Regiontype

Protect

Malicious

4F5B000

heap

page read and write

4FFD000

heap

page read and write

4100000

heap

page read and write

E20000

unkown

page readonly

E10000

heap

page read and write

4F95000

heap

page read and write

4FC3000

heap

page read and write

4F62000

heap

page read and write

54C6000

heap

page read and write

54DD000

heap

page read and write

5C99000

heap

page read and write

6D2EC000

unkown

page read and write

54E9000

heap

page read and write

57C7000

heap

page read and write

44BB000

heap

page read and write

4F54000

heap

page read and write

5730000

trusted library allocation

page read and write

4EAD000

heap

page read and write

BFE000

heap

page read and write

4F62000

heap

page read and write

1ACF000

unkown

page read and write

54DD000

heap

page read and write

4F67000

heap

page read and write

54E6000

heap

page read and write

B75000

heap

page read and write

54CE000

heap

page read and write

54C1000

heap

page read and write

B1E000

stack

page read and write

4F4D000

heap

page read and write

8E0000

heap

page read and write

4F67000

heap

page read and write

B56000

stack

page read and write

440B000

heap

page read and write

54CE000

heap

page read and write

5730000

trusted library allocation

page read and write

4F9000

stack

page read and write

4FD2000

heap

page read and write

4F67000

heap

page read and write

1ACE000

unkown

page execute and write copy

4F54000

heap

page read and write

5730000

trusted library allocation

page read and write

BF0000

heap

page read and write

51DB000

stack

page read and write

5730000

trusted library allocation

page read and write

4F50000

heap

page read and write

4F67000

heap

page read and write

4F81000

heap

page read and write

51EA000

heap

page read and write

6E86D000

unkown

page readonly

6D222000

unkown

page read and write

6E873000

unkown

page read and write

54CA000

heap

page read and write

1EB000

stack

page read and write

4F65000

heap

page read and write

6E0000

heap

page read and write

4F67000

heap

page read and write

40DE000

stack

page read and write

4BFC000

stack

page read and write

4495000

heap

page read and write

54E6000

heap

page read and write

5730000

trusted library allocation

page read and write

4A7F000

stack

page read and write

8EA000

heap

page read and write

4F5C000

heap

page read and write

4F52000

heap

page read and write

4F67000

heap

page read and write

951000

heap

page read and write

4F81000

heap

page read and write

E9A000

unkown

page execute and read and write

4F62000

heap

page read and write

42CE000

stack

page read and write

4F5B000

heap

page read and write

4FE2000

heap

page read and write

42FA000

heap

page read and write

4F66000

heap

page read and write

53D8000

heap

page read and write

5730000

trusted library allocation

page read and write

930000

heap

page read and write

6D2F2000

unkown

page readonly

4E91000

heap

page read and write

4F65000

heap

page read and write

4E9A000

heap

page read and write

4F4E000

heap

page read and write

4F5B000

heap

page read and write

E21000

unkown

page execute and read and write

4F64000

heap

page read and write

1A98000

unkown

page execute and write copy

5270000

heap

page read and write

4F65000

heap

page read and write

4E83000

heap

page read and write

5B4F000

stack

page read and write

26D8000

unkown

page read and write

4F65000

heap

page read and write

6E851000

unkown

page execute read

5730000

trusted library allocation

page read and write

4F5B000

heap

page read and write

E20000

unkown

page readonly

45FE000

stack

page read and write

5730000

trusted library allocation

page read and write

4F40000

heap

page read and write

1ACB000

unkown

page execute and read and write

6D1BD000

unkown

page readonly

4F5E000

heap

page read and write

860000

heap

page read and write

4F4C000

heap

page read and write

5730000

trusted library allocation

page read and write

6D2BA000

unkown

page readonly

53BE000

stack

page read and write

6D227000

unkown

page readonly

5730000

trusted library allocation

page read and write

4F95000

heap

page read and write

8EE000

heap

page read and write

504E000

heap

page read and write

4E40000

heap

page read and write

8AE000

stack

page read and write

52B0000

heap

page read and write

4E92000

heap

page read and write

54C1000

heap

page read and write

4F50000

heap

page read and write

42F0000

heap

page read and write

4F65000

heap

page read and write

54C8000

heap

page read and write

5B8E000

stack

page read and write

54C7000

heap

page read and write

54C5000

heap

page read and write

4F5B000

heap

page read and write

5730000

trusted library allocation

page read and write

54CB000

heap

page read and write

BF7000

heap

page read and write

24CF000

unkown

page write copy

4F67000

heap

page read and write

6E877000

unkown

page readonly

4F90000

heap

page read and write

42FC000

heap

page read and write

5731000

heap

page read and write

4F98000

heap

page read and write

4F4C000

heap

page read and write

5730000

trusted library allocation

page read and write

4F5B000

heap

page read and write

4FD2000

heap

page read and write

4106000

heap

page read and write

550000

heap

page read and write

948000

heap

page read and write

42F7000

heap

page read and write

54CB000

heap

page read and write

4E96000

heap

page read and write

46FE000

stack

page read and write

4F95000

heap

page read and write

6D21B000

unkown

page write copy

4F4D000

heap

page read and write

951000

heap

page read and write

42F9000

heap

page read and write

50FF000

heap

page read and write

4EA5000

heap

page read and write

4F64000

heap

page read and write

4F55000

heap

page read and write

4F5F000

heap

page read and write

4F55000

heap

page read and write

6D080000

unkown

page readonly

4F4D000

heap

page read and write

4EA4000

heap

page read and write

4F65000

heap

page read and write

6D240000

unkown

page readonly

42FA000

heap

page read and write

4F4D000

heap

page read and write

4F59000

heap

page read and write

440F000

heap

page read and write

6E850000

unkown

page readonly

4F55000

heap

page read and write

8D0000

heap

page read and write

5730000

trusted library allocation

page read and write

4F90000

heap

page read and write

53C9000

heap

page read and write

54E6000

heap

page read and write

5A4E000

stack

page read and write

4FFD000

heap

page read and write

54C8000

heap

page read and write

4F67000

heap

page read and write

948000

heap

page read and write

4F51000

heap

page read and write

497E000

stack

page read and write

54C7000

heap

page read and write

43FB000

stack

page read and write

54C9000

heap

page read and write

800000

heap

page read and write

54C5000

heap

page read and write

4E41000

heap

page read and write

483E000

stack

page read and write

4F5B000

heap

page read and write

4F5C000

heap

page read and write

54CB000

heap

page read and write

5730000

trusted library allocation

page read and write

428E000

stack

page read and write

54CE000

heap

page read and write

948000

heap

page read and write

6D218000

unkown

page read and write

4F65000

heap

page read and write

97F000

heap

page read and write

54C1000

heap

page read and write

54E6000

heap

page read and write

1ACF000

unkown

page write copy

4F66000

heap

page read and write

4E43000

heap

page read and write

4F55000

heap

page read and write

54CA000

heap

page read and write

4F8C000

heap

page read and write

4E87000

heap

page read and write

4F8C000

heap

page read and write

4F54000

heap

page read and write

4F54000

heap

page read and write

5730000

trusted library allocation

page read and write

4D3E000

stack

page read and write

54C0000

heap

page read and write

4F4A000

heap

page read and write

4F53000

heap

page read and write

4F8C000

heap

page read and write

3FE5000

heap

page read and write

573E000

heap

page read and write

4E4B000

heap

page read and write

4E8B000

heap

page read and write

6D241000

unkown

page execute read

54CE000

heap

page read and write

26D8000

unkown

page write copy

4F5C000

heap

page read and write

4F62000

heap

page read and write

5730000

trusted library allocation

page read and write

5730000

trusted library allocation

page read and write

5730000

trusted library allocation

page read and write

4F4D000

heap

page read and write

4F54000

heap

page read and write

4F5C000

heap

page read and write

4F5C000

heap

page read and write

47FF000

stack

page read and write

4F63000

heap

page read and write

5C8E000

stack

page read and write

630000

heap

page read and write

24CF000

unkown

page read and write

4F62000

heap

page read and write

4EAA000

heap

page read and write

6D081000

unkown

page execute read

4F5B000

heap

page read and write

B70000

heap

page read and write

4169000

heap

page read and write

840000

heap

page read and write

4E3F000

stack

page read and write

42BE000

heap

page read and write

424E000

stack

page read and write

420E000

stack

page read and write

4F8C000

heap

page read and write

53C0000

heap

page read and write

493E000

stack

page read and write

4F5C000

heap

page read and write

4F67000

heap

page read and write

4CFD000

stack

page read and write

4F67000

heap

page read and write

54DD000

heap

page read and write

4FC3000

heap

page read and write

4F67000

heap

page read and write

5730000

trusted library allocation

page read and write

4F67000

heap

page read and write

There are 250 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
SecuriteInfo.com.W32.DriverTalent.A.gen.Eldorado.3883.7584.exe