IOC Report
file.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1148

URLs

Name
IP
Malicious
https://github.com/mgravell/protobuf-net
unknown
https://github.com/mgravell/protobuf-neti
unknown
https://stackoverflow.com/q/14436606/23354
unknown
https://github.com/mgravell/protobuf-netJ
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://stackoverflow.com/q/11564914/23354;
unknown
https://stackoverflow.com/q/2152978/23354
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
2619000
trusted library allocation
page read and write
malicious
58A0000
trusted library section
page read and write
malicious
4AC0000
trusted library allocation
page read and write
275E000
trusted library allocation
page read and write
28D3000
trusted library allocation
page read and write
C22000
trusted library allocation
page read and write
246E000
stack
page read and write
29BD000
trusted library allocation
page read and write
4C5E000
stack
page read and write
2B1B000
trusted library allocation
page read and write
2BA4000
trusted library allocation
page read and write
4D87000
heap
page read and write
27E2000
trusted library allocation
page read and write
28C6000
trusted library allocation
page read and write
86D000
heap
page read and write
50AA000
trusted library allocation
page read and write
4B0D000
trusted library allocation
page read and write
A35000
heap
page read and write
2A9D000
trusted library allocation
page read and write
90BE000
stack
page read and write
26A8000
trusted library allocation
page read and write
27FD000
trusted library allocation
page read and write
C00000
trusted library allocation
page read and write
2A50000
trusted library allocation
page read and write
27C7000
trusted library allocation
page read and write
2AC6000
trusted library allocation
page read and write
29E3000
trusted library allocation
page read and write
2897000
trusted library allocation
page read and write
2867000
trusted library allocation
page read and write
2915000
trusted library allocation
page read and write
35A1000
trusted library allocation
page read and write
2B13000
trusted library allocation
page read and write
2957000
trusted library allocation
page read and write
2B70000
trusted library allocation
page read and write
4EEB000
heap
page read and write
297C000
trusted library allocation
page read and write
27B7000
trusted library allocation
page read and write
2865000
trusted library allocation
page read and write
9AE000
stack
page read and write
2731000
trusted library allocation
page read and write
28B5000
trusted library allocation
page read and write
780000
heap
page read and write
2974000
trusted library allocation
page read and write
880000
trusted library allocation
page read and write
2AD0000
trusted library allocation
page read and write
6ACA000
trusted library allocation
page read and write
29B5000
trusted library allocation
page read and write
4B37000
trusted library allocation
page execute and read and write
2988000
trusted library allocation
page read and write
C2A000
trusted library allocation
page execute and read and write
4BC0000
heap
page execute and read and write
2986000
trusted library allocation
page read and write
26E2000
trusted library allocation
page read and write
2B30000
trusted library allocation
page read and write
2905000
trusted library allocation
page read and write
5A20000
trusted library allocation
page execute and read and write
2A58000
trusted library allocation
page read and write
7C4000
heap
page read and write
28EB000
trusted library allocation
page read and write
28D0000
trusted library allocation
page read and write
820000
remote allocation
page execute and read and write
26AC000
trusted library allocation
page read and write
287A000
trusted library allocation
page read and write
2A37000
trusted library allocation
page read and write
2980000
trusted library allocation
page read and write
2B91000
trusted library allocation
page read and write
966E000
stack
page read and write
29EF000
trusted library allocation
page read and write
29B7000
trusted library allocation
page read and write
2AEE000
trusted library allocation
page read and write
4C8F000
trusted library allocation
page read and write
28A9000
trusted library allocation
page read and write
2771000
trusted library allocation
page read and write
5A00000
trusted library allocation
page read and write
285D000
trusted library allocation
page read and write
BFF000
stack
page read and write
2A9F000
trusted library allocation
page read and write
C26000
trusted library allocation
page execute and read and write
28B3000
trusted library allocation
page read and write
5CB0000
heap
page read and write
4B17000
trusted library allocation
page read and write
2AC2000
trusted library allocation
page read and write
2B20000
trusted library allocation
page read and write
26AA000
trusted library allocation
page read and write
692E000
stack
page read and write
2834000
trusted library allocation
page read and write
2827000
trusted library allocation
page read and write
287E000
trusted library allocation
page read and write
4CDA000
heap
page read and write
2982000
trusted library allocation
page read and write
4D6A000
heap
page read and write
2ACC000
trusted library allocation
page read and write
4AE0000
trusted library allocation
page read and write
3CA000
stack
page read and write
27C9000
trusted library allocation
page read and write
9A0000
heap
page readonly