Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2364
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	507904
MD5:	EA8B223863892068E3CFAB601CAF53D4
Time:	16:28:52
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x250000
Modulesize:	528384
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	2212
Target ID:	3
Parent PID:	2364
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	16:28:53
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3040
Target ID:	4
Parent PID:	2364
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	16:28:53
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x480000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2104
Target ID:	1
Parent PID:	2364
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	16:28:53
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://tempuri.org/Entity/Id15V

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://ns.exif/1

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id5ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp93

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id8ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

5.42.65.96

unknown

Russian Federation

Details

IP:	5.42.65.96
TargetID:	4
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064

Blob

Details

TargetID:	4
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Value name:	Blob
Value data:	0B 00 00 00 01 00 00 00 48 00 00 00 54 00 69 00 74 00 61 00 6E 00 69 00 75 00 6D 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 02 00 00 00 01 00 00 00 CC 00 00 00 1C 00 00 00 6C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 7B 00 34 00 31 00 37 00 34 00 34 00 42 00 45 00 34 00 2D 00 31 00 31 00 43 00 35 00 2D 00 34 00 39 00 34 00 43 00 2D 00 41 00 32 00 31 00 33 00 2D 00 42 00 41 00 30 00 43 00 45 00 39 00 34 00 34 00 39 00 33 00 38 00 45 00 7D 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 20 00 43 00 72 00 79 00 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 2E 00 30 00 00 00 00 00 03 00 00 00 01 00 00 00 14 00 00 00 F1 A5 78 C4 CB 5D E7 9A 37 08 93 98 3F D4 DA 8B 67 B2 B0 64 20 00 00 00 01 00 00 00 0A 03 00 00 30 82 03 06 30 82 01 EE A0 03 02 01 02 02 08 67 F7 BE B9 6A 4C 27 98 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 32 33 30 33 31 34 31 30 33 35 32 30 5A 17 0D 32 36 30 36 31 37 31 30 33 35 32 30 5A 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 86 E4 57 7A 58 61 CE 81 91 77 D0 05 FA 51 D5 51 5A 93 6C 61 0C CF CB DE 53 32 CD 15 1D A6 47 EE 88 1A 24 5C 9B 02 83 3B 02 AF 3D 76 FE 20 BD 3B FA F7 A2 09 73 E7 2E BD 94 40 D0 9D 8C 3D 27 13 BD F0 D0 9F EB 95 32 AC D7 A4 2D A2 A9 52 DA A8 6A 2A 88 EE 42 7D 30 95 9D 90 BF BA 05 27 6A A0 29 98 A6 98 6F C0 13 06 62 9B 79 B8 40 5D 1F 1F A6 D9 A4 2F 82 7A FC 75 66 34 0D C2 DE 27 01 2B 94 BB 4A 27 B3 CB 1C 21 9A 3C B2 C1 42 03 F3 44 51 BD 62 65 20 ED D4 DB CC 41 4F 59 3F 2A CB C4 84 79 F7 14 3C BE 13 9C FD 12 9C 91 3E 53 03 DC 20 F9 4C 44 35 89 01 B6 9A 84 8D 7E A0 2E 30 8A 31 15 60 AC 00 AE 00 9A 29 10 9A EE D9 71 3D D8 91 9B 97 ED 59 80 58 E1 7F 07 26 C7 A0 20 F7 10 AB C0 62 91 DF AA F1 81 C6 BE 6A 76 C8 9C B6 8E B0 B0 EC 1C D9 5F 32 6C 7E 55 58 8B FD 76 C5 19 02 03 01 00 01 A3 28 30 26 30 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 70 85 12 93 D7 57 E9 82 79 7D C5 F7 F2 7D A8 94 EF 0C DB 32 9F 06 A6 09 6E 0C F6 04 B0 E5 47 11 56 0E F4 0F 52 82 08 2E 21 0F 55 A3 DB 41 F3 12 54 8B 76 11 F5 F0 DA CE A3 C7 8B 13 F6 FC 24 3C 02 B1 06 66 5B E6 9E 18 40 88 41 5B 27 39 99 B8 77 BE E3 53 A2 48 CE C7 EE B5 A0 95 C2 17 4B C9 52 6C AF E3 37 2C 59 DB FB E7 58 13 4E D3 51 E5 14 72 73 FE C6 85 77 AE 45 52 A6 F9 9A C8 0C A8 D0 EE 42 2A F5 28 85 8C 6B E8 1C B0 A8 03 1A B0 AE 83 C0 EB 55 64 F4 E8 7A 5C 06 29 5D 39 03 EE E2 FD F9 2D 62 A7 F4 D4 05 4D EA A7 9B CA EB DA 4E 8B 1A 6E FD 42 AE F9 D0 1C 70 75 72 8C B1 3A A8 55 7C 85 A7 25 32 B5 E2 D6 C3 E5 50 41 C9 86 7C A8 F5 62 BB D2 AB 0C 37 10 D8 31 73 EC 37 81 D1 DC AA C5 C6 E0 7E E7 26 62 4D FD C5 81 4C FF D3 36 E1 79 32 F8 9B EB 9C F7 FD BE E9 BE BF 61

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

27F000

unkown

page read and write

402000

remote allocation

page execute and read and write

29C7000

trusted library allocation

page read and write

2921000

trusted library allocation

page read and write

3A63000

trusted library allocation

page read and write

5070000

heap

page read and write

2E12000

trusted library allocation

page read and write

3CDA000

trusted library allocation

page read and write

AD0000

trusted library allocation

page read and write

4DBE000

stack

page read and write

4E10000

heap

page read and write

2D76000

trusted library allocation

page read and write

2AE1000

trusted library allocation

page read and write

2800000

trusted library allocation

page execute and read and write

A40000

heap

page read and write

AB2000

trusted library allocation

page read and write

6590000

trusted library allocation

page execute and read and write

25DE000

stack

page read and write

A9D000

trusted library allocation

page execute and read and write

6280000

trusted library allocation

page read and write

3AEA000

trusted library allocation

page read and write

73E0000

trusted library allocation

page read and write

274000

unkown

page readonly

BE0000

trusted library allocation

page read and write

7233000

heap

page read and write

3AE0000

trusted library allocation

page read and write

5EBF000

stack

page read and write

2AC5000

trusted library allocation

page read and write

2ACC000

trusted library allocation

page read and write

3A48000

trusted library allocation

page read and write

719F000

trusted library allocation

page read and write

687E000

stack

page read and write

3A26000

trusted library allocation

page read and write

C40000

heap

page read and write

140E000

stack

page read and write

250000

unkown

page readonly

71A0000

trusted library allocation

page read and write

2746000

trusted library allocation

page read and write

7203000

heap

page read and write

C30000

trusted library allocation

page read and write

A8D000

stack

page read and write

3972000

trusted library allocation

page read and write

F2D000

stack

page read and write

52B2000

heap

page read and write

7A6E000

stack

page read and write

B20000

heap

page read and write

2B23000

trusted library allocation

page read and write

529E000

stack

page read and write

3999000

trusted library allocation

page read and write

250000

unkown

page readonly

3951000

trusted library allocation

page read and write

1590000

heap

page read and write

5B1F000

heap

page read and write

5FBE000

stack

page read and write

C05000

heap

page read and write

5B6B000

heap

page read and write

2F05000

trusted library allocation

page read and write

C81000

heap

page read and write

7179000

trusted library allocation

page read and write

6300000

trusted library allocation

page read and write

5A7E000

stack

page read and write

2EBC000

trusted library allocation

page read and write

3B6D000

trusted library allocation

page read and write

7175000

trusted library allocation

page read and write

7FD80000

trusted library allocation

page execute and read and write

A90000

trusted library allocation

page read and write

251000

unkown

page execute read

63B0000

trusted library allocation

page execute and read and write

6530000

trusted library allocation

page read and write

3A2C000

trusted library allocation

page read and write

2EF5000

trusted library allocation

page read and write

A30000

trusted library allocation

page read and write

AB7000

trusted library allocation

page execute and read and write

39CE000

trusted library allocation

page read and write

3CCE000

trusted library allocation

page read and write

3B86000

trusted library allocation

page read and write

62BB000

trusted library allocation

page read and write

2BA3000

trusted library allocation

page read and write

39A3000

trusted library allocation

page read and write

68B0000

trusted library allocation

page read and write

5BBE000

stack

page read and write

5B13000

heap

page read and write

2EAF000

trusted library allocation

page read and write

395E000

trusted library allocation

page read and write

3BA5000

trusted library allocation

page read and write

3942000

trusted library allocation

page read and write

3ACE000

trusted library allocation

page read and write

6285000

trusted library allocation

page read and write

6350000

trusted library allocation

page read and write

CC8000

heap

page read and write

437000

remote allocation

page execute and read and write

2AED000

trusted library allocation

page read and write

6550000

trusted library allocation

page read and write

2BAD000

trusted library allocation

page read and write

6580000

trusted library allocation

page read and write

251000

unkown

page execute read

2EFA000

trusted library allocation

page read and write

2760000

trusted library allocation

page read and write

2D90000

trusted library allocation

page read and write

3B90000

trusted library allocation

page read and write

191F000

stack

page read and write

688B000

trusted library allocation

page read and write

702B000

stack

page read and write

6880000

trusted library allocation

page read and write

39C8000

trusted library allocation

page read and write

71A4000

trusted library allocation

page read and write

2AB3000

trusted library allocation

page read and write

1450000

heap

page read and write

39AA000

trusted library allocation

page read and write

4A1C000

stack

page read and write

52A000

stack

page read and write

A0D000

stack

page read and write

6890000

trusted library allocation

page read and write

291E000

stack

page read and write

3B8B000

trusted library allocation

page read and write

7218000

heap

page read and write

AAA000

trusted library allocation

page execute and read and write

7A2E000

unkown

page read and write

7B6E000

stack

page read and write

61A0000

trusted library allocation

page execute and read and write

2BAB000

trusted library allocation

page read and write

2EE9000

trusted library allocation

page read and write

A20000

trusted library allocation

page read and write

2BA5000

trusted library allocation

page read and write

BF0000

trusted library allocation

page read and write

A33000

trusted library allocation

page execute and read and write

3B20000

trusted library allocation

page read and write

3B13000

trusted library allocation

page read and write

5B5B000

heap

page read and write

432000

remote allocation

page execute and read and write

3B22000

trusted library allocation

page read and write

2C4000

unkown

page read and write

39C6000

trusted library allocation

page read and write

274000

unkown

page readonly

2F59000

trusted library allocation

page read and write

3B2A000

trusted library allocation

page read and write

2EF0000

trusted library allocation

page read and write

71E4000

heap

page read and write

C74000

heap

page read and write

3A43000

trusted library allocation

page read and write

5B52000

heap

page read and write

6287000

trusted library allocation

page read and write

6570000

trusted library allocation

page read and write

AB0000

trusted library allocation

page read and write

6275000

trusted library allocation

page read and write

27D0000

heap

page execute and read and write

3B53000

trusted library allocation

page read and write

2A8D000

trusted library allocation

page read and write

39C0000

trusted library allocation

page read and write

159E000

heap

page read and write

71B8000

trusted library allocation

page read and write

6320000

trusted library allocation

page read and write

2B9F000

trusted library allocation

page read and write

F90000

heap

page read and write

74C0000

heap

page read and write

8F7000

stack

page read and write

BD0000

trusted library allocation

page execute and read and write

7172000

trusted library allocation

page read and write

3945000

trusted library allocation

page read and write

3B0C000

trusted library allocation

page read and write

78AE000

stack

page read and write

7258000

heap

page read and write

5B5E000

heap

page read and write

52C7000

heap

page read and write

5A9F000

heap

page read and write

2E38000

trusted library allocation

page read and write

53C0000

trusted library allocation

page read and write

71EB000

heap

page read and write

2E67000

trusted library allocation

page read and write

2AA6000

trusted library allocation

page read and write

396B000

trusted library allocation

page read and write

748E000

stack

page read and write

3B55000

trusted library allocation

page read and write

719A000

trusted library allocation

page read and write

3B17000

trusted library allocation

page read and write

724A000

heap

page read and write

D31000

heap

page read and write

2A99000

trusted library allocation

page read and write

60FF000

stack

page read and write

71F4000

heap

page read and write

2A80000

trusted library allocation

page read and write

627A000

trusted library allocation

page read and write

C35000

trusted library allocation

page read and write

2A5E000

trusted library allocation

page read and write

5A80000

heap

page read and write

7BD0000

heap

page read and write

C49000

heap

page read and write

5FFE000

stack

page read and write

66FC000

stack

page read and write

722A000

heap

page read and write

15AC000

heap

page read and write

62F0000

trusted library allocation

page read and write

3BBC000

trusted library allocation

page read and write

65FC000

stack

page read and write

2F46000

trusted library allocation

page read and write

7490000

trusted library allocation

page read and write

2D7C000

trusted library allocation

page read and write

5A0000

heap

page read and write

6400000

trusted library allocation

page execute and read and write

2741000

trusted library allocation

page read and write

2E06000

trusted library allocation

page read and write

2752000

trusted library allocation

page read and write

7590000

trusted library allocation

page read and write

71C0000

heap

page read and write

2790000

trusted library allocation

page read and write

39C3000

trusted library allocation

page read and write

712E000

stack

page read and write

53A8000

trusted library allocation

page read and write

74D9000

trusted library allocation

page read and write

752E000

stack

page read and write

3B2F000

trusted library allocation

page read and write

27E0000

heap

page read and write

2E03000

trusted library allocation

page read and write

673E000

stack

page read and write

3A39000

trusted library allocation

page read and write

144E000

stack

page read and write

274D000

trusted library allocation

page read and write

2ED6000

trusted library allocation

page read and write

C20000

trusted library allocation

page read and write

A3D000

trusted library allocation

page execute and read and write

27F000

unkown

page write copy

2780000

heap

page execute and read and write

2F10000

trusted library allocation

page read and write

27F2000

trusted library allocation

page read and write

AB5000

trusted library allocation

page execute and read and write

27F0000

trusted library allocation

page read and write

C2E000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

727A000

heap

page read and write

729C000

heap

page read and write

5BFD000

stack

page read and write

7BAE000

stack

page read and write

272B000

trusted library allocation

page read and write

5B45000

heap

page read and write

74A0000

trusted library allocation

page execute and read and write

ABB000

trusted library allocation

page execute and read and write

3A3B000

trusted library allocation

page read and write

74E4000

trusted library allocation

page read and write

7170000

trusted library allocation

page read and write

3AAD000

trusted library allocation

page read and write

718F000

trusted library allocation

page read and write

5B55000

heap

page read and write

2B56000

trusted library allocation

page read and write

6FED000

stack

page read and write

281000

unkown

page write copy

786F000

stack

page read and write

26DE000

stack

page read and write

6380000

trusted library allocation

page read and write

3AE5000

trusted library allocation

page read and write

2CD000

unkown

page execute and read and write

720B000

heap

page read and write

3B06000

trusted library allocation

page read and write

C86000

heap

page read and write

2BA9000

trusted library allocation

page read and write

5B2C000

heap

page read and write

3A61000

trusted library allocation

page read and write

3CE7000

trusted library allocation

page read and write

79EE000

stack

page read and write

62C1000

trusted library allocation

page read and write

C10000

trusted library allocation

page read and write

2CE000

unkown

page readonly

4DFE000

stack

page read and write

271B000

stack

page read and write

1810000

heap

page read and write

68C0000

trusted library allocation

page execute and read and write

505E000

stack

page read and write

7DCE000

stack

page read and write

3B7F000

trusted library allocation

page read and write

62C6000

trusted library allocation

page read and write

71D0000

heap

page read and write

3AD9000

trusted library allocation

page read and write

2E18000

trusted library allocation

page read and write

74E0000

trusted library allocation

page read and write

2E0E000

trusted library allocation

page read and write

5B4B000

heap

page read and write

590000

heap

page read and write

6310000

trusted library allocation

page read and write

62DE000

trusted library allocation

page read and write

73D0000

trusted library allocation

page read and write

6390000

trusted library allocation

page read and write

2F3F000

trusted library allocation

page read and write

630B000

trusted library allocation

page read and write

65B0000

trusted library allocation

page execute and read and write

63A0000

trusted library allocation

page execute and read and write

B27000

heap

page read and write

2D80000

trusted library allocation

page read and write

5D0000

heap

page read and write

2B33000

trusted library allocation

page read and write

B38000

trusted library allocation

page read and write

AA0000

trusted library allocation

page read and write

2EA7000

trusted library allocation

page read and write

7162000

trusted library allocation

page read and write

12FD000

stack

page read and write

2810000

heap

page read and write

74B0000

trusted library allocation

page execute and read and write

398E000

trusted library allocation

page read and write

3984000

trusted library allocation

page read and write

C0E000

heap

page read and write

2BE0000

trusted library allocation

page read and write

7160000

trusted library allocation

page read and write

2EDD000

trusted library allocation

page read and write

688E000

trusted library allocation

page read and write

6560000

heap

page execute and read and write

AA2000

trusted library allocation

page read and write

62E1000

trusted library allocation

page read and write

39E2000

trusted library allocation

page read and write

62D2000

trusted library allocation

page read and write

718A000

trusted library allocation

page read and write

3A30000

trusted library allocation

page read and write

725C000

heap

page read and write

3B9B000

trusted library allocation

page read and write

2A8B000

trusted library allocation

page read and write

744E000

stack

page read and write

74D0000

trusted library allocation

page read and write

630E000

trusted library allocation

page read and write

3B47000

trusted library allocation

page read and write

5B7C000

heap

page read and write

6540000

trusted library allocation

page read and write

2EC9000

trusted library allocation

page read and write

39B0000

trusted library allocation

page read and write

3AA1000

trusted library allocation

page read and write

A34000

trusted library allocation

page read and write

7195000

trusted library allocation

page read and write

FA0000

heap

page read and write

6410000

trusted library allocation

page execute and read and write

6340000

trusted library allocation

page read and write

2724000

trusted library allocation

page read and write

53A0000

trusted library allocation

page read and write

6278000

trusted library allocation

page read and write

5090000

heap

page read and write

3B25000

trusted library allocation

page read and write

446000

remote allocation

page execute and read and write

2ABA000

trusted library allocation

page read and write

3989000

trusted library allocation

page read and write

2BD6000

trusted library allocation

page read and write

62B0000

trusted library allocation

page read and write

2E9D000

trusted library allocation

page read and write

B1E000

stack

page read and write

392F000

trusted library allocation

page read and write

6305000

trusted library allocation

page read and write

3B74000

trusted library allocation

page read and write

2A77000

trusted library allocation

page read and write

C64000

heap

page read and write

2783000

heap

page execute and read and write

5B16000

heap

page read and write

6289000

trusted library allocation

page read and write

39B7000

trusted library allocation

page read and write

2720000

trusted library allocation

page read and write

3AC7000

trusted library allocation

page read and write

159A000

heap

page read and write

3AF5000

trusted library allocation

page read and write

7212000

heap

page read and write

A45000

heap

page read and write

178F000

stack

page read and write

D03000

heap

page read and write

6270000

trusted library allocation

page read and write

6330000

trusted library allocation

page read and write

3ABA000

trusted library allocation

page read and write

C00000

heap

page read and write

683C000

stack

page read and write

2CE000

unkown

page readonly

3921000

trusted library allocation

page read and write

279E000

trusted library allocation

page read and write

52C3000

heap

page read and write

7221000

heap

page read and write

3AFF000

trusted library allocation

page read and write

3B60000

trusted library allocation

page read and write

53B0000

trusted library allocation

page read and write

723E000

heap

page read and write

6180000

trusted library allocation

page execute and read and write

39BA000

trusted library allocation

page read and write

AA6000

trusted library allocation

page execute and read and write

3A1F000

trusted library allocation

page read and write

519E000

stack

page read and write

5AB6000

heap

page read and write

71B0000

trusted library allocation

page read and write

79AE000

stack

page read and write

3A35000

trusted library allocation

page read and write

3A0A000

trusted library allocation

page read and write

273E000

trusted library allocation

page read and write

4E13000

heap

page read and write

397D000

trusted library allocation

page read and write

3953000

trusted library allocation

page read and write

2D5F000

trusted library allocation

page read and write

7188000

trusted library allocation

page read and write

2AD1000

trusted library allocation

page read and write

2B5000

unkown

page read and write

2E00000

trusted library allocation

page read and write

3B1C000

trusted library allocation

page read and write

7530000

trusted library allocation

page execute and read and write

3A3E000

trusted library allocation

page read and write

2AD6000

trusted library allocation

page read and write

722C000

heap

page read and write

2E15000

trusted library allocation

page read and write

There are 384 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
file.exe