Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7492
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	502272
MD5:	B09B19C780BFAA784CCF35DC454F9326
Time:	22:55:48
Date:	02/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x870000
Modulesize:	520192
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7556
Target ID:	2
Parent PID:	7492
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	22:55:48
Date:	02/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x90000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7564
Target ID:	3
Parent PID:	7492
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	22:55:48
Date:	02/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xce0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7500
Target ID:	1
Parent PID:	7492
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	22:55:48
Date:	02/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

https://duckduckgo.com/chrome_newtab

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

https://duckduckgo.com/ac/?q=

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id5ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

5.42.65.96

unknown

Russian Federation

Details

IP:	5.42.65.96
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064

Blob

Details

TargetID:	3
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Value name:	Blob
Value data:	0B 00 00 00 01 00 00 00 48 00 00 00 54 00 69 00 74 00 61 00 6E 00 69 00 75 00 6D 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 02 00 00 00 01 00 00 00 CC 00 00 00 1C 00 00 00 6C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 7B 00 34 00 31 00 37 00 34 00 34 00 42 00 45 00 34 00 2D 00 31 00 31 00 43 00 35 00 2D 00 34 00 39 00 34 00 43 00 2D 00 41 00 32 00 31 00 33 00 2D 00 42 00 41 00 30 00 43 00 45 00 39 00 34 00 34 00 39 00 33 00 38 00 45 00 7D 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 20 00 43 00 72 00 79 00 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 2E 00 30 00 00 00 00 00 03 00 00 00 01 00 00 00 14 00 00 00 F1 A5 78 C4 CB 5D E7 9A 37 08 93 98 3F D4 DA 8B 67 B2 B0 64 20 00 00 00 01 00 00 00 0A 03 00 00 30 82 03 06 30 82 01 EE A0 03 02 01 02 02 08 67 F7 BE B9 6A 4C 27 98 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 32 33 30 33 31 34 31 30 33 35 32 30 5A 17 0D 32 36 30 36 31 37 31 30 33 35 32 30 5A 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 86 E4 57 7A 58 61 CE 81 91 77 D0 05 FA 51 D5 51 5A 93 6C 61 0C CF CB DE 53 32 CD 15 1D A6 47 EE 88 1A 24 5C 9B 02 83 3B 02 AF 3D 76 FE 20 BD 3B FA F7 A2 09 73 E7 2E BD 94 40 D0 9D 8C 3D 27 13 BD F0 D0 9F EB 95 32 AC D7 A4 2D A2 A9 52 DA A8 6A 2A 88 EE 42 7D 30 95 9D 90 BF BA 05 27 6A A0 29 98 A6 98 6F C0 13 06 62 9B 79 B8 40 5D 1F 1F A6 D9 A4 2F 82 7A FC 75 66 34 0D C2 DE 27 01 2B 94 BB 4A 27 B3 CB 1C 21 9A 3C B2 C1 42 03 F3 44 51 BD 62 65 20 ED D4 DB CC 41 4F 59 3F 2A CB C4 84 79 F7 14 3C BE 13 9C FD 12 9C 91 3E 53 03 DC 20 F9 4C 44 35 89 01 B6 9A 84 8D 7E A0 2E 30 8A 31 15 60 AC 00 AE 00 9A 29 10 9A EE D9 71 3D D8 91 9B 97 ED 59 80 58 E1 7F 07 26 C7 A0 20 F7 10 AB C0 62 91 DF AA F1 81 C6 BE 6A 76 C8 9C B6 8E B0 B0 EC 1C D9 5F 32 6C 7E 55 58 8B FD 76 C5 19 02 03 01 00 01 A3 28 30 26 30 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 70 85 12 93 D7 57 E9 82 79 7D C5 F7 F2 7D A8 94 EF 0C DB 32 9F 06 A6 09 6E 0C F6 04 B0 E5 47 11 56 0E F4 0F 52 82 08 2E 21 0F 55 A3 DB 41 F3 12 54 8B 76 11 F5 F0 DA CE A3 C7 8B 13 F6 FC 24 3C 02 B1 06 66 5B E6 9E 18 40 88 41 5B 27 39 99 B8 77 BE E3 53 A2 48 CE C7 EE B5 A0 95 C2 17 4B C9 52 6C AF E3 37 2C 59 DB FB E7 58 13 4E D3 51 E5 14 72 73 FE C6 85 77 AE 45 52 A6 F9 9A C8 0C A8 D0 EE 42 2A F5 28 85 8C 6B E8 1C B0 A8 03 1A B0 AE 83 C0 EB 55 64 F4 E8 7A 5C 06 29 5D 39 03 EE E2 FD F9 2D 62 A7 F4 D4 05 4D EA A7 9B CA EB DA 4E 8B 1A 6E FD 42 AE F9 D0 1C 70 75 72 8C B1 3A A8 55 7C 85 A7 25 32 B5 E2 D6 C3 E5 50 41 C9 86 7C A8 F5 62 BB D2 AB 0C 37 10 D8 31 73 EC 37 81 D1 DC AA C5 C6 E0 7E E7 26 62 4D FD C5 81 4C FF D3 36 E1 79 32 F8 9B EB 9C F7 FD BE E9 BE BF 61

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

30F7000

trusted library allocation

page read and write

89D000

unkown

page read and write

3051000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

41D8000

trusted library allocation

page read and write

421A000

trusted library allocation

page read and write

4228000

trusted library allocation

page read and write

33B7000

trusted library allocation

page read and write

D8A000

stack

page read and write

429A000

trusted library allocation

page read and write

12B0000

trusted library allocation

page read and write

32FE000

trusted library allocation

page read and write

7855000

heap

page read and write

8E2000

unkown

page read and write

437000

remote allocation

page execute and read and write

31BB000

trusted library allocation

page read and write

4080000

trusted library allocation

page read and write

7991000

heap

page read and write

4354000

trusted library allocation

page read and write

4472000

trusted library allocation

page read and write

5A9B000

heap

page read and write

7EE40000

trusted library allocation

page execute and read and write

4513000

trusted library allocation

page read and write

17A4000

trusted library allocation

page read and write

3209000

trusted library allocation

page read and write

43C4000

trusted library allocation

page read and write

6B1B000

trusted library allocation

page read and write

3497000

trusted library allocation

page read and write

7C78000

trusted library allocation

page read and write

346E000

trusted library allocation

page read and write

740000

heap

page read and write

148D000

heap

page read and write

149F000

heap

page read and write

12B2000

trusted library allocation

page read and write

4258000

trusted library allocation

page read and write

3600000

trusted library allocation

page read and write

5623000

heap

page read and write

70C6000

trusted library allocation

page read and write

32DB000

trusted library allocation

page read and write

5883000

heap

page execute and read and write

6B65000

trusted library allocation

page read and write

43CC000

trusted library allocation

page read and write

425F000

trusted library allocation

page read and write

7A50000

trusted library allocation

page execute and read and write

5592000

trusted library allocation

page read and write

129D000

trusted library allocation

page execute and read and write

560E000

stack

page read and write

7120000

trusted library allocation

page read and write

3273000

trusted library allocation

page read and write

5A30000

trusted library allocation

page read and write

7C4F000

trusted library allocation

page read and write

35E0000

trusted library allocation

page read and write

4528000

trusted library allocation

page read and write

4403000

trusted library allocation

page read and write

793C000

heap

page read and write

40D6000

trusted library allocation

page read and write

42B3000

trusted library allocation

page read and write

5A2E000

stack

page read and write

6B6E000

trusted library allocation

page read and write

44A2000

trusted library allocation

page read and write

78A3000

heap

page read and write

446C000

trusted library allocation

page read and write

33BA000

trusted library allocation

page read and write

3649000

trusted library allocation

page read and write

7C70000

trusted library allocation

page read and write

8D3000

unkown

page read and write

6B21000

trusted library allocation

page read and write

183E000

heap

page read and write

13EB000

heap

page read and write

6DF0000

trusted library allocation

page execute and read and write

5A40000

heap

page read and write

447E000

trusted library allocation

page read and write

433D000

trusted library allocation

page read and write

329C000

trusted library allocation

page read and write

4378000

trusted library allocation

page read and write

6B41000

trusted library allocation

page read and write

6F9E000

stack

page read and write

7C35000

trusted library allocation

page read and write

14DD000

heap

page read and write

44DC000

trusted library allocation

page read and write

12C7000

trusted library allocation

page execute and read and write

89F000

unkown

page write copy

6BA0000

trusted library allocation

page read and write

43A8000

trusted library allocation

page read and write

6DC0000

heap

page execute and read and write

4295000

trusted library allocation

page read and write

44F0000

trusted library allocation

page read and write

1835000

heap

page read and write

430C000

trusted library allocation

page read and write

360E000

trusted library allocation

page read and write

70C8000

trusted library allocation

page read and write

74A000

heap

page read and write

4325000

trusted library allocation

page read and write

1293000

trusted library allocation

page execute and read and write

132E000

stack

page read and write

13BB000

stack

page read and write

4505000

trusted library allocation

page read and write

3196000

trusted library allocation

page read and write

812E000

stack

page read and write

43C1000

trusted library allocation

page read and write

432F000

trusted library allocation

page read and write

5A50000

heap

page read and write

794D000

heap

page read and write

7C80000

trusted library allocation

page read and write

434F000

trusted library allocation

page read and write

6C60000

trusted library allocation

page execute and read and write

17CD000

trusted library allocation

page read and write

3565000

trusted library allocation

page read and write

7C0D000

stack

page read and write

826E000

stack

page read and write

2F4E000

stack

page read and write

421D000

trusted library allocation

page read and write

1240000

heap

page read and write

3198000

trusted library allocation

page read and write

796D000

heap

page read and write

6C00000

trusted library allocation

page execute and read and write

13D0000

trusted library allocation

page execute and read and write

33AC000

trusted library allocation

page read and write

4348000

trusted library allocation

page read and write

14A7000

heap

page read and write

452D000

trusted library allocation

page read and write

1290000

trusted library allocation

page read and write

78F0000

heap

page read and write

5B3C000

heap

page read and write

405F000

trusted library allocation

page read and write

5BCE000

stack

page read and write

5580000

heap

page read and write

3620000

trusted library allocation

page read and write

17F0000

trusted library allocation

page read and write

3262000

trusted library allocation

page read and write

4479000

trusted library allocation

page read and write

7C4A000

trusted library allocation

page read and write

3355000

trusted library allocation

page read and write

1280000

trusted library allocation

page read and write

17A0000

trusted library allocation

page read and write

80EF000

stack

page read and write

353E000

trusted library allocation

page read and write

431C000

trusted library allocation

page read and write

6DB0000

trusted library allocation

page read and write

9EE000

stack

page read and write

7888000

heap

page read and write

12AD000

trusted library allocation

page execute and read and write

7AA0000

trusted library allocation

page read and write

1670000

trusted library allocation

page read and write

4051000

trusted library allocation

page read and write

43A3000

trusted library allocation

page read and write

32CB000

trusted library allocation

page read and write

5A92000

heap

page read and write

78E4000

heap

page read and write

5590000

trusted library allocation

page read and write

31FF000

trusted library allocation

page read and write

7C32000

trusted library allocation

page read and write

19C000

stack

page read and write

6950000

trusted library allocation

page read and write

6AE9000

trusted library allocation

page read and write

4E0000

heap

page read and write

359C000

trusted library allocation

page read and write

3270000

trusted library allocation

page read and write

4220000

trusted library allocation

page read and write

5AC1000

heap

page read and write

78C2000

heap

page read and write

33D2000

trusted library allocation

page read and write

4274000

trusted library allocation

page read and write

33F7000

trusted library allocation

page read and write

62B7000

heap

page read and write

78F8000

heap

page read and write

14D9000

heap

page read and write

7929000

heap

page read and write

436A000

trusted library allocation

page read and write

435B000

trusted library allocation

page read and write

41FB000

trusted library allocation

page read and write

791D000

heap

page read and write

6DE0000

trusted library allocation

page read and write

12A0000

trusted library allocation

page read and write

42A7000

trusted library allocation

page read and write

35D5000

trusted library allocation

page read and write

6DD0000

trusted library allocation

page read and write

6F5C000

stack

page read and write

4271000

trusted library allocation

page read and write

3287000

trusted library allocation

page read and write

44C0000

trusted library allocation

page read and write

3217000

trusted library allocation

page read and write

35CB000

trusted library allocation

page read and write

7D9E000

stack

page read and write

78B2000

heap

page read and write

836E000

stack

page read and write

3222000

trusted library allocation

page read and write

7C20000

trusted library allocation

page read and write

3230000

trusted library allocation

page read and write

8EC000

unkown

page readonly

59E0000

trusted library allocation

page read and write

17C1000

trusted library allocation

page read and write

674F000

stack

page read and write

449A000

trusted library allocation

page read and write

6C70000

trusted library allocation

page execute and read and write

42C2000

trusted library allocation

page read and write

822E000

stack

page read and write

33F9000

trusted library allocation

page read and write

871000

unkown

page execute read

3352000

trusted library allocation

page read and write

7AA2000

trusted library allocation

page read and write

345D000

trusted library allocation

page read and write

1489000

heap

page read and write

69E0000

trusted library allocation

page execute and read and write

3361000

trusted library allocation

page read and write

6DA0000

trusted library allocation

page read and write

3476000

trusted library allocation

page read and write

6B3E000

trusted library allocation

page read and write

43D7000

trusted library allocation

page read and write

4497000

trusted library allocation

page read and write

694F000

stack

page read and write

7D3E000

stack

page read and write

554E000

trusted library allocation

page read and write

12C2000

trusted library allocation

page read and write

6AD5000

trusted library allocation

page read and write

342A000

trusted library allocation

page read and write

2370000

heap

page read and write

17C6000

trusted library allocation

page read and write

6ADA000

trusted library allocation

page read and write

43BE000

trusted library allocation

page read and write

42AC000

trusted library allocation

page read and write

17FE000

trusted library allocation

page read and write

648F000

stack

page read and write

7850000

heap

page read and write

586E000

stack

page read and write

7C90000

trusted library allocation

page read and write

4319000

trusted library allocation

page read and write

78D0000

heap

page read and write

6B90000

trusted library allocation

page read and write

41E5000

trusted library allocation

page read and write

43FC000

trusted library allocation

page read and write

3409000

trusted library allocation

page read and write

43EA000

trusted library allocation

page read and write

74E000

heap

page read and write

42E9000

trusted library allocation

page read and write

1294000

trusted library allocation

page read and write

33CE000

trusted library allocation

page read and write

13E0000

heap

page read and write

3134000

trusted library allocation

page read and write

6E5C000

stack

page read and write

44D2000

trusted library allocation

page read and write

4209000

trusted library allocation

page read and write

4246000

trusted library allocation

page read and write

4396000

trusted library allocation

page read and write

43F7000

trusted library allocation

page read and write

436D000

trusted library allocation

page read and write

6AD0000

trusted library allocation

page read and write

3406000

trusted library allocation

page read and write

5AF1000

heap

page read and write

6E10000

trusted library allocation

page execute and read and write

42C8000

trusted library allocation

page read and write

1810000

trusted library allocation

page read and write

6B60000

trusted library allocation

page read and write

11D0000

heap

page read and write

8EB000

unkown

page execute and read and write

4093000

trusted library allocation

page read and write

17AB000

trusted library allocation

page read and write

3468000

trusted library allocation

page read and write

6BF0000

trusted library allocation

page read and write

3358000

trusted library allocation

page read and write

42DB000

trusted library allocation

page read and write

12E0000

heap

page read and write

33CC000

trusted library allocation

page read and write

42A0000

trusted library allocation

page read and write

59CE000

stack

page read and write

4085000

trusted library allocation

page read and write

870000

unkown

page readonly

3403000

trusted library allocation

page read and write

44FA000

trusted library allocation

page read and write

1330000

trusted library allocation

page read and write

6B10000

trusted library allocation

page read and write

6B70000

trusted library allocation

page read and write

7862000

heap

page read and write

59D0000

heap

page read and write

1830000

heap

page read and write

17E0000

trusted library allocation

page read and write

4342000

trusted library allocation

page read and write

59EC000

trusted library allocation

page read and write

710C000

stack

page read and write

35F9000

trusted library allocation

page read and write

6C10000

trusted library allocation

page execute and read and write

893000

unkown

page readonly

6A00000

trusted library allocation

page execute and read and write

1805000

trusted library allocation

page read and write

42C5000

trusted library allocation

page read and write

424C000

trusted library allocation

page read and write

4072000

trusted library allocation

page read and write

7C5A000

trusted library allocation

page read and write

448A000

trusted library allocation

page read and write

3411000

trusted library allocation

page read and write

7C5F000

trusted library allocation

page read and write

44BB000

trusted library allocation

page read and write

62A2000

heap

page read and write

6BE0000

trusted library allocation

page read and write

5058000

trusted library allocation

page read and write

7110000

trusted library allocation

page execute and read and write

43AF000

trusted library allocation

page read and write

6D90000

trusted library allocation

page read and write

453A000

trusted library allocation

page read and write

5A38000

trusted library allocation

page read and write

3558000

trusted library allocation

page read and write

8380000

trusted library allocation

page read and write

41E2000

trusted library allocation

page read and write

52E000

stack

page read and write

1820000

heap

page execute and read and write

31A8000

trusted library allocation

page read and write

13C0000

heap

page read and write

346B000

trusted library allocation

page read and write

5B8E000

stack

page read and write

41F0000

trusted library allocation

page read and write

6AE7000

trusted library allocation

page read and write

42EE000

trusted library allocation

page read and write

7C10000

trusted library allocation

page execute and read and write

42F4000

trusted library allocation

page read and write

7955000

heap

page read and write

451E000

trusted library allocation

page read and write

89D000

unkown

page write copy

4079000

trusted library allocation

page read and write

31FD000

trusted library allocation

page read and write

70C0000

trusted library allocation

page read and write

432000

remote allocation

page execute and read and write

4264000

trusted library allocation

page read and write

4485000

trusted library allocation

page read and write

7893000

heap

page read and write

3482000

trusted library allocation

page read and write

12C0000

trusted library allocation

page read and write

17BE000

trusted library allocation

page read and write

1800000

trusted library allocation

page read and write

1414000

heap

page read and write

320C000

trusted library allocation

page read and write

7900000

heap

page read and write

628E000

stack

page read and write

893000

unkown

page readonly

3380000

trusted library allocation

page read and write

336D000

trusted library allocation

page read and write

34D3000

trusted library allocation

page read and write

7C55000

trusted library allocation

page read and write

4253000

trusted library allocation

page read and write

3432000

trusted library allocation

page read and write

42FB000

trusted library allocation

page read and write

337A000

trusted library allocation

page read and write

12E5000

heap

page read and write

4534000

trusted library allocation

page read and write

7C39000

trusted library allocation

page read and write

326D000

trusted library allocation

page read and write

3612000

trusted library allocation

page read and write

6BB0000

trusted library allocation

page read and write

4383000

trusted library allocation

page read and write

4307000

trusted library allocation

page read and write

56E000

stack

page read and write

4241000

trusted library allocation

page read and write

6EF000

stack

page read and write

327B000

trusted library allocation

page read and write

4459000

trusted library allocation

page read and write

62B3000

heap

page read and write

3563000

trusted library allocation

page read and write

5E0000

heap

page read and write

334A000

trusted library allocation

page read and write

5BD0000

trusted library allocation

page read and write

31C9000

trusted library allocation

page read and write

871000

unkown

page execute read

439C000

trusted library allocation

page read and write

12CB000

trusted library allocation

page execute and read and write

348F000

trusted library allocation

page read and write

6B50000

trusted library allocation

page read and write

12BA000

trusted library allocation

page execute and read and write

3238000

trusted library allocation

page read and write

DF0000

heap

page read and write

9C000

stack

page read and write

6B32000

trusted library allocation

page read and write

31A5000

trusted library allocation

page read and write

33C7000

trusted library allocation

page read and write

4370000

trusted library allocation

page read and write

426E000

trusted library allocation

page read and write

4233000

trusted library allocation

page read and write

5620000

heap

page read and write

4467000

trusted library allocation

page read and write

7866000

heap

page read and write

42D0000

trusted library allocation

page read and write

3549000

trusted library allocation

page read and write

787C000

heap

page read and write

35EE000

trusted library allocation

page read and write

44AD000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

6B80000

trusted library allocation

page read and write

443E000

trusted library allocation

page read and write

7913000

heap

page read and write

3294000

trusted library allocation

page read and write

6B6B000

trusted library allocation

page read and write

80AE000

stack

page read and write

5B49000

heap

page read and write

12C5000

trusted library allocation

page execute and read and write

42B8000

trusted library allocation

page read and write

5540000

trusted library allocation

page read and write

3569000

trusted library allocation

page read and write

799F000

heap

page read and write

684E000

stack

page read and write

4391000

trusted library allocation

page read and write

786F000

heap

page read and write

7C30000

trusted library allocation

page read and write

4300000

trusted library allocation

page read and write

444E000

trusted library allocation

page read and write

7B00000

heap

page read and write

44D9000

trusted library allocation

page read and write

70A0000

trusted library allocation

page read and write

4316000

trusted library allocation

page read and write

43B4000

trusted library allocation

page read and write

1421000

heap

page read and write

6AE0000

trusted library allocation

page read and write

17D2000

trusted library allocation

page read and write

6AD8000

trusted library allocation

page read and write

5A6C000

heap

page read and write

4210000

trusted library allocation

page read and write

7D50000

trusted library allocation

page execute and read and write

870000

unkown

page readonly

709C000

stack

page read and write

12B6000

trusted library allocation

page execute and read and write

7C64000

trusted library allocation

page read and write

408F000

trusted library allocation

page read and write

5B3F000

heap

page read and write

4287000

trusted library allocation

page read and write

3386000

trusted library allocation

page read and write

1790000

trusted library allocation

page read and write

43F0000

trusted library allocation

page read and write

798A000

heap

page read and write

31D1000

trusted library allocation

page read and write

137E000

stack

page read and write

44CD000

trusted library allocation

page read and write

31A2000

trusted library allocation

page read and write

43E5000

trusted library allocation

page read and write

3505000

trusted library allocation

page read and write

400000

heap

page read and write

320F000

trusted library allocation

page read and write

6B26000

trusted library allocation

page read and write

5B4E000

heap

page read and write

4494000

trusted library allocation

page read and write

31B0000

trusted library allocation

page read and write

7D40000

trusted library allocation

page read and write

3615000

trusted library allocation

page read and write

59E9000

trusted library allocation

page read and write

6AE5000

trusted library allocation

page read and write

55A0000

trusted library allocation

page execute and read and write

34C2000

trusted library allocation

page read and write

598F000

stack

page read and write

178E000

stack

page read and write

304E000

stack

page read and write

790C000

heap

page read and write

7931000

heap

page read and write

5B29000

heap

page read and write

427C000

trusted library allocation

page read and write

7C48000

trusted library allocation

page read and write

1680000

heap

page read and write

51EC000

stack

page read and write

4360000

trusted library allocation

page read and write

8EC000

unkown

page readonly

10F7000

stack

page read and write

123E000

stack

page read and write

14CC000

heap

page read and write

7DDE000

stack

page read and write

34CD000

trusted library allocation

page read and write

7995000

heap

page read and write

361B000

trusted library allocation

page read and write

41E8000

trusted library allocation

page read and write

5880000

heap

page execute and read and write

44C6000

trusted library allocation

page read and write

341C000

trusted library allocation

page read and write

446000

remote allocation

page execute and read and write

7C60000

trusted library allocation

page read and write

4416000

trusted library allocation

page read and write

7750000

heap

page read and write

7CFD000

stack

page read and write

408C000

trusted library allocation

page read and write

There are 462 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
file.exe