Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\setup.exe

"C:\Users\user\Desktop\setup.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1668
Target ID:	0
Parent PID:	4004
Name:	setup.exe
Path:	C:\Users\user\Desktop\setup.exe
Commandline:	"C:\Users\user\Desktop\setup.exe"
Size:	3360856
MD5:	E671A39FFDAD8E262A45EF77D97A14F4
Time:	18:20:57
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xaf0000
Modulesize:	3375104
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
PE / OLE file has an invalid certificate	System Summary
PE file contains an invalid checksum	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
Creates install or setup log file	Compliance, Persistence and Installation Behavior
PE file contains a COM descriptor data directory	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5876
Target ID:	2
Parent PID:	1668
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	18:20:58
Date:	01/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xc40000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

185.172.128.33:8970

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://sharpvectors.codeplex.com/runtime/

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://ocsp.sectigo.com0

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id8ResponseD

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

15.164.165.52.in-addr.arpa

unknown

IPs

Domain

Country

Malicious

185.172.128.33

unknown

Russian Federation

Details

IP:	185.172.128.33
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	50916
ASN name:	NADYMSS-ASRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064

Blob

Details

TargetID:	2
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Value name:	Blob
Value data:	0B 00 00 00 01 00 00 00 48 00 00 00 54 00 69 00 74 00 61 00 6E 00 69 00 75 00 6D 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 02 00 00 00 01 00 00 00 CC 00 00 00 1C 00 00 00 6C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 7B 00 34 00 31 00 37 00 34 00 34 00 42 00 45 00 34 00 2D 00 31 00 31 00 43 00 35 00 2D 00 34 00 39 00 34 00 43 00 2D 00 41 00 32 00 31 00 33 00 2D 00 42 00 41 00 30 00 43 00 45 00 39 00 34 00 34 00 39 00 33 00 38 00 45 00 7D 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 20 00 43 00 72 00 79 00 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 2E 00 30 00 00 00 00 00 03 00 00 00 01 00 00 00 14 00 00 00 F1 A5 78 C4 CB 5D E7 9A 37 08 93 98 3F D4 DA 8B 67 B2 B0 64 20 00 00 00 01 00 00 00 0A 03 00 00 30 82 03 06 30 82 01 EE A0 03 02 01 02 02 08 67 F7 BE B9 6A 4C 27 98 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 32 33 30 33 31 34 31 30 33 35 32 30 5A 17 0D 32 36 30 36 31 37 31 30 33 35 32 30 5A 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 86 E4 57 7A 58 61 CE 81 91 77 D0 05 FA 51 D5 51 5A 93 6C 61 0C CF CB DE 53 32 CD 15 1D A6 47 EE 88 1A 24 5C 9B 02 83 3B 02 AF 3D 76 FE 20 BD 3B FA F7 A2 09 73 E7 2E BD 94 40 D0 9D 8C 3D 27 13 BD F0 D0 9F EB 95 32 AC D7 A4 2D A2 A9 52 DA A8 6A 2A 88 EE 42 7D 30 95 9D 90 BF BA 05 27 6A A0 29 98 A6 98 6F C0 13 06 62 9B 79 B8 40 5D 1F 1F A6 D9 A4 2F 82 7A FC 75 66 34 0D C2 DE 27 01 2B 94 BB 4A 27 B3 CB 1C 21 9A 3C B2 C1 42 03 F3 44 51 BD 62 65 20 ED D4 DB CC 41 4F 59 3F 2A CB C4 84 79 F7 14 3C BE 13 9C FD 12 9C 91 3E 53 03 DC 20 F9 4C 44 35 89 01 B6 9A 84 8D 7E A0 2E 30 8A 31 15 60 AC 00 AE 00 9A 29 10 9A EE D9 71 3D D8 91 9B 97 ED 59 80 58 E1 7F 07 26 C7 A0 20 F7 10 AB C0 62 91 DF AA F1 81 C6 BE 6A 76 C8 9C B6 8E B0 B0 EC 1C D9 5F 32 6C 7E 55 58 8B FD 76 C5 19 02 03 01 00 01 A3 28 30 26 30 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 70 85 12 93 D7 57 E9 82 79 7D C5 F7 F2 7D A8 94 EF 0C DB 32 9F 06 A6 09 6E 0C F6 04 B0 E5 47 11 56 0E F4 0F 52 82 08 2E 21 0F 55 A3 DB 41 F3 12 54 8B 76 11 F5 F0 DA CE A3 C7 8B 13 F6 FC 24 3C 02 B1 06 66 5B E6 9E 18 40 88 41 5B 27 39 99 B8 77 BE E3 53 A2 48 CE C7 EE B5 A0 95 C2 17 4B C9 52 6C AF E3 37 2C 59 DB FB E7 58 13 4E D3 51 E5 14 72 73 FE C6 85 77 AE 45 52 A6 F9 9A C8 0C A8 D0 EE 42 2A F5 28 85 8C 6B E8 1C B0 A8 03 1A B0 AE 83 C0 EB 55 64 F4 E8 7A 5C 06 29 5D 39 03 EE E2 FD F9 2D 62 A7 F4 D4 05 4D EA A7 9B CA EB DA 4E 8B 1A 6E FD 42 AE F9 D0 1C 70 75 72 8C B1 3A A8 55 7C 85 A7 25 32 B5 E2 D6 C3 E5 50 41 C9 86 7C A8 F5 62 BB D2 AB 0C 37 10 D8 31 73 EC 37 81 D1 DC AA C5 C6 E0 7E E7 26 62 4D FD C5 81 4C FF D3 36 E1 79 32 F8 9B EB 9C F7 FD BE E9 BE BF 61

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

46BE000

trusted library allocation

page read and write

47A2000

trusted library allocation

page read and write

4253000

trusted library allocation

page read and write

470A000

trusted library allocation

page read and write

4145000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

801E000

stack

page read and write

1332000

trusted library allocation

page read and write

2F4E000

stack

page read and write

E14000

unkown

page readonly

7789000

heap

page read and write

32D3000

trusted library allocation

page read and write

7000000

trusted library allocation

page read and write

7759000

heap

page read and write

76B2000

heap

page read and write

320A000

trusted library allocation

page read and write

34AE000

trusted library allocation

page read and write

3208000

trusted library allocation

page read and write

4169000

trusted library allocation

page read and write

4272000

trusted library allocation

page read and write

41B0000

trusted library allocation

page read and write

3477000

trusted library allocation

page read and write

40F3000

trusted library allocation

page read and write

5C0D000

stack

page read and write

321D000

trusted library allocation

page read and write

4201000

trusted library allocation

page read and write

779A000

heap

page read and write

13B0000

heap

page read and write

3F8F000

trusted library allocation

page read and write

62FE000

heap

page read and write

342B000

trusted library allocation

page read and write

323E000

trusted library allocation

page read and write

314B000

trusted library allocation

page read and write

40F8000

trusted library allocation

page read and write

404D000

trusted library allocation

page read and write

1229000

heap

page read and write

3294000

trusted library allocation

page read and write

3225000

trusted library allocation

page read and write

772F000

heap

page read and write

40B3000

trusted library allocation

page read and write

12DC000

heap

page read and write

7B6E000

stack

page read and write

158B000

heap

page read and write

2F58000

trusted library allocation

page read and write

6A45000

trusted library allocation

page read and write

4121000

trusted library allocation

page read and write

3223000

trusted library allocation

page read and write

11FB000

heap

page read and write

3301000

trusted library allocation

page read and write

6200000

trusted library allocation

page read and write

4008000

trusted library allocation

page read and write

63EE000

heap

page read and write

3255000

trusted library allocation

page read and write

132A000

trusted library allocation

page execute and read and write

140E000

stack

page read and write

7E9E000

stack

page read and write

15BF000

heap

page read and write

1310000

trusted library allocation

page read and write

3233000

trusted library allocation

page read and write

5450000

trusted library allocation

page read and write

415E000

trusted library allocation

page read and write

6A81000

trusted library allocation

page read and write

2EE0000

trusted library allocation

page read and write

40FD000

trusted library allocation

page read and write

402E000

trusted library allocation

page read and write

3212000

trusted library allocation

page read and write

302D000

trusted library allocation

page read and write

2EEB000

trusted library allocation

page execute and read and write

2EDE000

stack

page read and write

3272000

trusted library allocation

page read and write

700D000

trusted library allocation

page read and write

32A5000

trusted library allocation

page read and write

3229000

trusted library allocation

page read and write

3141000

trusted library allocation

page read and write

303A000

trusted library allocation

page read and write

3276000

trusted library allocation

page read and write

7042000

trusted library allocation

page read and write

6AC5000

trusted library allocation

page read and write

3F1D000

trusted library allocation

page read and write

6A40000

trusted library allocation

page read and write

14FE000

stack

page read and write

76C4000

heap

page read and write

6B00000

trusted library allocation

page read and write

55E0000

trusted library allocation

page read and write

79CA000

trusted library allocation

page read and write

1588000

heap

page read and write

79B2000

trusted library allocation

page read and write

79F0000

trusted library allocation

page read and write

7084000

trusted library allocation

page read and write

777C000

heap

page read and write

3274000

trusted library allocation

page read and write

63DE000

heap

page read and write

5500000

trusted library allocation

page read and write

5710000

trusted library section

page read and write

79B0000

trusted library allocation

page read and write

6250000

trusted library allocation

page read and write

79B9000

trusted library allocation

page read and write

63D0000

heap

page read and write

41CD000

trusted library allocation

page read and write

79B5000

trusted library allocation

page read and write

1300000

heap

page read and write

6960000

trusted library allocation

page execute and read and write

3227000

trusted library allocation

page read and write

79DF000

trusted library allocation

page read and write

31ED000

trusted library allocation

page read and write

76CA000

heap

page read and write

6ACE000

trusted library allocation

page read and write

11F0000

heap

page read and write

3F82000

trusted library allocation

page read and write

5A32000

trusted library section

page read and write

6FFC000

stack

page read and write

76BC000

heap

page read and write

2E60000

heap

page execute and read and write

6AC0000

trusted library allocation

page read and write

2F18000

trusted library allocation

page read and write

321B000

trusted library allocation

page read and write

7AAE000

stack

page read and write

6DBC000

stack

page read and write

3F15000

trusted library allocation

page read and write

1335000

trusted library allocation

page execute and read and write

350B000

trusted library allocation

page read and write

1322000

trusted library allocation

page read and write

6B40000

trusted library allocation

page read and write

3038000

trusted library allocation

page read and write

3023000

trusted library allocation

page read and write

3109000

trusted library allocation

page read and write

40E5000

trusted library allocation

page read and write

320E000

trusted library allocation

page read and write

32C8000

trusted library allocation

page read and write

4013000

trusted library allocation

page read and write

3E7F000

trusted library allocation

page read and write

328E000

trusted library allocation

page read and write

31EF000

trusted library allocation

page read and write

41D7000

trusted library allocation

page read and write

3EF2000

trusted library allocation

page read and write

308E000

trusted library allocation

page read and write

32F8000

trusted library allocation

page read and write

6A35000

trusted library allocation

page read and write

4262000

trusted library allocation

page read and write

10E5000

heap

page read and write

6BC0000

trusted library allocation

page execute and read and write

328A000

trusted library allocation

page read and write

79CF000

trusted library allocation

page read and write

32CF000

trusted library allocation

page read and write

3EFF000

trusted library allocation

page read and write

3F68000

trusted library allocation

page read and write

676F000

stack

page read and write

1530000

heap

page read and write

6AA1000

trusted library allocation

page read and write

77C3000

heap

page read and write

6312000

heap

page read and write

771D000

heap

page read and write

136E000

stack

page read and write

AF0000

unkown

page readonly

12D0000

heap

page read and write

40EA000

trusted library allocation

page read and write

76E3000

heap

page read and write

60CF000

stack

page read and write

63D3000

heap

page read and write

6A30000

trusted library allocation

page read and write

2FF0000

heap

page execute and read and write

41DD000

trusted library allocation

page read and write

4035000

trusted library allocation

page read and write

1559000

heap

page read and write

63E3000

heap

page read and write

3F78000

trusted library allocation

page read and write

6A9E000

trusted library allocation

page read and write

10CE000

stack

page read and write

31F1000

trusted library allocation

page read and write

322D000

trusted library allocation

page read and write

3240000

trusted library allocation

page read and write

15F3000

heap

page read and write

4F78000

trusted library allocation

page read and write

3152000

trusted library allocation

page read and write

4F6E000

stack

page read and write

2E71000

trusted library allocation

page read and write

40E1000

trusted library allocation

page read and write

419E000

trusted library allocation

page read and write

55C7000

trusted library allocation

page read and write

4237000

trusted library allocation

page read and write

1410000

heap

page read and write

6B60000

trusted library allocation

page execute and read and write

2E50000

heap

page read and write

41EE000

trusted library allocation

page read and write

3452000

trusted library allocation

page read and write

56A0000

trusted library allocation

page read and write

41C1000

trusted library allocation

page read and write

77CA000

heap

page read and write

1050000

heap

page read and write

32A7000

trusted library allocation

page read and write

41B7000

trusted library allocation

page read and write

32DF000

trusted library allocation

page read and write

32FC000

trusted library allocation

page read and write

328C000

trusted library allocation

page read and write

5BC0000

trusted library allocation

page execute and read and write

40D4000

trusted library allocation

page read and write

326E000

trusted library allocation

page read and write

3F3D000

trusted library allocation

page read and write

1300000

trusted library allocation

page read and write

33B3000

trusted library allocation

page read and write

34E7000

trusted library allocation

page read and write

312C000

trusted library allocation

page read and write

3FD5000

trusted library allocation

page read and write

510B000

stack

page read and write

6D30000

trusted library allocation

page read and write

32AF000

trusted library allocation

page read and write

6A92000

trusted library allocation

page read and write

7010000

trusted library allocation

page execute and read and write

320C000

trusted library allocation

page read and write

700A000

trusted library allocation

page read and write

2E20000

trusted library allocation

page read and write

5471000

trusted library allocation

page read and write

5E8E000

stack

page read and write

3E92000

trusted library allocation

page read and write

2E0C000

stack

page read and write

58FE000

stack

page read and write

5502000

trusted library allocation

page read and write

325F000

trusted library allocation

page read and write

46FB000

trusted library allocation

page read and write

1385000

heap

page read and write

56F0000

trusted library allocation

page read and write

6D10000

trusted library allocation

page read and write

3411000

trusted library allocation

page read and write

6D20000

heap

page execute and read and write

3F5C000

trusted library allocation

page read and write

32C2000

trusted library allocation

page read and write

15CF000

heap

page read and write

4142000

trusted library allocation

page read and write

47EE000

trusted library allocation

page read and write

63B2000

heap

page read and write

41A5000

trusted library allocation

page read and write

2CCE000

stack

page read and write

313E000

stack

page read and write

6A3A000

trusted library allocation

page read and write

421E000

trusted library allocation

page read and write

79C8000

trusted library allocation

page read and write

3286000

trusted library allocation

page read and write

341A000

trusted library allocation

page read and write

3F96000

trusted library allocation

page read and write

3259000

trusted library allocation

page read and write

400E000

trusted library allocation

page read and write

54F0000

heap

page read and write

5730000

heap

page execute and read and write

1350000

trusted library allocation

page read and write

3264000

trusted library allocation

page read and write

344C000

trusted library allocation

page read and write

5A40000

heap

page read and write

6B50000

trusted library allocation

page read and write

6D50000

trusted library allocation

page execute and read and write

1592000

heap

page read and write

446000

remote allocation

page execute and read and write

6A47000

trusted library allocation

page read and write

77FD000

heap

page read and write

46AF000

trusted library allocation

page read and write

1304000

trusted library allocation

page read and write

77DF000

heap

page read and write

3311000

trusted library allocation

page read and write

3424000

trusted library allocation

page read and write

151D000

trusted library allocation

page execute and read and write

3436000

trusted library allocation

page read and write

815E000

stack

page read and write

3FB2000

trusted library allocation

page read and write

4184000

trusted library allocation

page read and write

5700000

trusted library allocation

page execute and read and write

40AE000

trusted library allocation

page read and write

3167000

trusted library allocation

page read and write

79E0000

trusted library allocation

page read and write

7761000

heap

page read and write

7796000

heap

page read and write

41F9000

trusted library allocation

page read and write

3111000

trusted library allocation

page read and write

40B8000

trusted library allocation

page read and write

329F000

trusted library allocation

page read and write

7F820000

trusted library allocation

page execute and read and write

47DF000

trusted library allocation

page read and write

311F000

trusted library allocation

page read and write

5A59000

heap

page read and write

76F4000

heap

page read and write

68B0000

trusted library allocation

page read and write

5F8E000

stack

page read and write

34CD000

trusted library allocation

page read and write

1360000

trusted library allocation

page execute and read and write

3F30000

trusted library allocation

page read and write

3221000

trusted library allocation

page read and write

3290000

trusted library allocation

page read and write

5510000

trusted library allocation

page execute and read and write

1520000

trusted library allocation

page read and write

3072000

trusted library allocation

page read and write

4244000

trusted library allocation

page read and write

12F0000

trusted library allocation

page read and write

3030000

heap

page read and write

6A86000

trusted library allocation

page read and write

5454000

trusted library allocation

page read and write

59FE000

stack

page read and write

8160000

trusted library allocation

page read and write

3257000

trusted library allocation

page read and write

1320000

trusted library allocation

page read and write

32AB000

trusted library allocation

page read and write

322B000

trusted library allocation

page read and write

413B000

trusted library allocation

page read and write

131D000

trusted library allocation

page execute and read and write

546E000

trusted library allocation

page read and write

7F1E000

stack

page read and write

1503000

trusted library allocation

page execute and read and write

55C0000

trusted library allocation

page read and write

6B70000

trusted library allocation

page execute and read and write

4178000

trusted library allocation

page read and write

3443000

trusted library allocation

page read and write

62F8000

heap

page read and write

2F8B000

trusted library allocation

page read and write

79DA000

trusted library allocation

page read and write

412E000

trusted library allocation

page read and write

40C3000

trusted library allocation

page read and write

40EE000

trusted library allocation

page read and write

6940000

trusted library allocation

page execute and read and write

3F99000

trusted library allocation

page read and write

7773000

heap

page read and write

5482000

trusted library allocation

page read and write

32AD000

trusted library allocation

page read and write

3401000

trusted library allocation

page read and write

77AA000

heap

page read and write

34FA000

trusted library allocation

page read and write

130D000

trusted library allocation

page execute and read and write

78B0000

heap

page read and write

15E1000

heap

page read and write

30C8000

trusted library allocation

page read and write

1513000

trusted library allocation

page read and write

5FC2000

heap

page read and write

1303000

trusted library allocation

page execute and read and write

6EBC000

stack

page read and write

4048000

trusted library allocation

page read and write

7040000

trusted library allocation

page read and write

3140000

trusted library allocation

page read and write

34C0000

trusted library allocation

page read and write

547D000

trusted library allocation

page read and write

61EE000

stack

page read and write

7707000

heap

page read and write

55D0000

trusted library allocation

page read and write

3079000

trusted library allocation

page read and write

2E38000

trusted library allocation

page read and write

517D000

stack

page read and write

152A000

trusted library allocation

page execute and read and write

7AE0000

trusted library allocation

page execute and read and write

77E3000

heap

page read and write

76DE000

heap

page read and write

1548000

heap

page read and write

32B3000

trusted library allocation

page read and write

2F93000

trusted library allocation

page read and write

2F00000

trusted library allocation

page read and write

40A7000

trusted library allocation

page read and write

15FE000

heap

page read and write

4115000

trusted library allocation

page read and write

5670000

heap

page execute and read and write

6358000

heap

page read and write

330B000

trusted library allocation

page read and write

13A0000

trusted library allocation

page read and write

2DCE000

stack

page read and write

639E000

heap

page read and write

3067000

trusted library allocation

page read and write

14BF000

stack

page read and write

6258000

trusted library allocation

page read and write

6AE0000

trusted library allocation

page read and write

5E4E000

stack

page read and write

330F000

trusted library allocation

page read and write

315C000

trusted library allocation

page read and write

32CA000

trusted library allocation

page read and write

3FA2000

trusted library allocation

page read and write

408F000

trusted library allocation

page read and write

6BD0000

trusted library allocation

page execute and read and write

6A7B000

trusted library allocation

page read and write

7791000

heap

page read and write

7B2E000

stack

page read and write

3506000

trusted library allocation

page read and write

2FEC000

trusted library allocation

page read and write

62F0000

heap

page read and write

1526000

trusted library allocation

page execute and read and write

4053000

trusted library allocation

page read and write

6207000

trusted library allocation

page read and write

1390000

heap

page read and write

4159000

trusted library allocation

page read and write

422A000

trusted library allocation

page read and write

13CE000

stack

page read and write

3EF9000

trusted library allocation

page read and write

6D40000

trusted library allocation

page read and write

12AA000

heap

page read and write

777A000

heap

page read and write

63C5000

heap

page read and write

6AF0000

trusted library allocation

page read and write

1370000

trusted library allocation

page read and write

6B10000

trusted library allocation

page read and write

1236000

heap

page read and write

4173000

trusted library allocation

page read and write

77F5000

heap

page read and write

31B9000

trusted library allocation

page read and write

3113000

trusted library allocation

page read and write

7AC0000

trusted library allocation

page read and write

5BA0000

trusted library allocation

page execute and read and write

3206000

trusted library allocation

page read and write

3F0F000

trusted library allocation

page read and write

403F000

trusted library allocation

page read and write

437000

remote allocation

page execute and read and write

31DD000

trusted library allocation

page read and write

3204000

trusted library allocation

page read and write

7745000

heap

page read and write

3060000

trusted library allocation

page read and write

31F6000

trusted library allocation

page read and write

5733000

heap

page execute and read and write

4256000

trusted library allocation

page read and write

4793000

trusted library allocation

page read and write

34EE000

trusted library allocation

page read and write

54B0000

trusted library allocation

page read and write

6337000

heap

page read and write

6EFE000

stack

page read and write

40DB000

trusted library allocation

page read and write

5B50000

trusted library allocation

page read and write

6A70000

trusted library allocation

page read and write

68AE000

stack

page read and write

32DD000

trusted library allocation

page read and write

1517000

trusted library allocation

page read and write

5D4E000

stack

page read and write

41F3000

trusted library allocation

page read and write

34DA000

trusted library allocation

page read and write

FB5000

stack

page read and write

6A49000

trusted library allocation

page read and write

56EE000

stack

page read and write

432000

remote allocation

page execute and read and write

7A6D000

stack

page read and write

5476000

trusted library allocation

page read and write

10E0000

heap

page read and write

3501000

trusted library allocation

page read and write

3F51000

trusted library allocation

page read and write

CEA000

stack

page read and write

3F06000

trusted library allocation

page read and write

6A38000

trusted library allocation

page read and write

3404000

trusted library allocation

page read and write

5B40000

trusted library allocation

page read and write

79E8000

trusted library allocation

page read and write

3F89000

trusted library allocation

page read and write

2EE7000

trusted library allocation

page execute and read and write

805D000

stack

page read and write

32E3000

trusted library allocation

page read and write

666E000

stack

page read and write

7AB0000

trusted library allocation

page read and write

545B000

trusted library allocation

page read and write

3053000

trusted library allocation

page read and write

3F9F000

trusted library allocation

page read and write

3FA7000

trusted library allocation

page read and write

63BD000

heap

page read and write

3279000

trusted library allocation

page read and write

6AD0000

trusted library allocation

page read and write

3EB3000

trusted library allocation

page read and write

7775000

heap

page read and write

3000000

heap

page read and write

41E4000

trusted library allocation

page read and write

2E40000

trusted library allocation

page read and write

4249000

trusted library allocation

page read and write

AF2000

unkown

page readonly

5690000

trusted library allocation

page read and write

424B000

trusted library allocation

page read and write

11C0000

heap

page read and write

1380000

heap

page read and write

414D000

trusted library allocation

page read and write

6CF0000

trusted library allocation

page read and write

570E000

stack

page read and write

3100000

trusted library allocation

page read and write

133B000

trusted library allocation

page execute and read and write

1420000

heap

page read and write

33BD000

trusted library allocation

page read and write

1326000

trusted library allocation

page execute and read and write

1060000

heap

page read and write

404A000

trusted library allocation

page read and write

3020000

trusted library allocation

page execute and read and write

4191000

trusted library allocation

page read and write

624E000

stack

page read and write

3173000

trusted library allocation

page read and write

424B000

trusted library allocation

page read and write

3210000

trusted library allocation

page read and write

67AE000

stack

page read and write

480B000

trusted library allocation

page read and write

3FC9000

trusted library allocation

page read and write

41BD000

trusted library allocation

page read and write

1320000

heap

page read and write

60EE000

stack

page read and write

79D5000

trusted library allocation

page read and write

DE7000

stack

page read and write

4206000

trusted library allocation

page read and write

4154000

trusted library allocation

page read and write

3E71000

trusted library allocation

page read and write

5490000

trusted library allocation

page read and write

527E000

stack

page read and write

87B0000

heap

page read and write

1337000

trusted library allocation

page execute and read and write

1500000

trusted library allocation

page read and write

41F7000

trusted library allocation

page read and write

3448000

trusted library allocation

page read and write

4001000

trusted library allocation

page read and write

31F3000

trusted library allocation

page read and write

3FF6000

trusted library allocation

page read and write

40CE000

trusted library allocation

page read and write

54BE000

trusted library allocation

page read and write

1220000

heap

page read and write

3F63000

trusted library allocation

page read and write

32CC000

trusted library allocation

page read and write

3139000

trusted library allocation

page read and write

32A9000

trusted library allocation

page read and write

4141000

trusted library allocation

page read and write

3FA5000

trusted library allocation

page read and write

3F09000

trusted library allocation

page read and write

32C6000

trusted library allocation

page read and write

3F4A000

trusted library allocation

page read and write

2E30000

trusted library allocation

page read and write

309A000

trusted library allocation

page read and write

32B1000

trusted library allocation

page read and write

662E000

stack

page read and write

3083000

trusted library allocation

page read and write

40F0000

trusted library allocation

page read and write

5B90000

trusted library allocation

page execute and read and write

7AB4000

trusted library allocation

page read and write

401E000

trusted library allocation

page read and write

76BF000

heap

page read and write

7EDF000

stack

page read and write

1540000

heap

page read and write

403B000

trusted library allocation

page read and write

3F12000

trusted library allocation

page read and write

4044000

trusted library allocation

page read and write

47FC000

trusted library allocation

page read and write

41FC000

trusted library allocation

page read and write

31EB000

trusted library allocation

page read and write

4028000

trusted library allocation

page read and write

34B8000

trusted library allocation

page read and write

6260000

trusted library allocation

page read and write

425D000

trusted library allocation

page read and write

7A00000

trusted library allocation

page read and write

4067000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

6D70000

trusted library allocation

page execute and read and write

63B9000

heap

page read and write

2E10000

trusted library allocation

page read and write

32E7000

trusted library allocation

page read and write

3FE2000

trusted library allocation

page read and write

324A000

trusted library allocation

page read and write

3288000

trusted library allocation

page read and write

58CE000

stack

page read and write

41EA000

trusted library allocation

page read and write

12E2000

heap

page read and write

583F000

stack

page read and write

150D000

trusted library allocation

page execute and read and write

13B5000

heap

page read and write

6AB0000

trusted library allocation

page read and write

3FAD000

trusted library allocation

page read and write

2E45000

trusted library allocation

page read and write

330D000

trusted library allocation

page read and write

7AD0000

trusted library allocation

page execute and read and write

3F17000

trusted library allocation

page read and write

7818000

heap

page read and write

307E000

trusted library allocation

page read and write

1330000

trusted library allocation

page read and write

7050000

trusted library allocation

page execute and read and write

3F24000

trusted library allocation

page read and write

55C4000

trusted library allocation

page read and write

6ACB000

trusted library allocation

page read and write

3F6D000

trusted library allocation

page read and write

2E53000

heap

page read and write

1504000

trusted library allocation

page read and write

32FE000

trusted library allocation

page read and write

33B9000

trusted library allocation

page read and write

E16000

unkown

page readonly

3FEF000

trusted library allocation

page read and write

EBB000

stack

page read and write

3246000

trusted library allocation

page read and write

32E1000

trusted library allocation

page read and write

3292000

trusted library allocation

page read and write

4267000

trusted library allocation

page read and write

5FCE000

stack

page read and write

32C4000

trusted library allocation

page read and write

7080000

trusted library allocation

page read and write

5D0E000

stack

page read and write

58B0000

heap

page read and write

76EE000

heap

page read and write

3157000

trusted library allocation

page read and write

76B0000

heap

page read and write

3270000

trusted library allocation

page read and write

3297000

trusted library allocation

page read and write

61F0000

heap

page read and write

56A7000

trusted library allocation

page read and write

3046000

trusted library allocation

page read and write

87EC000

heap

page read and write

32E5000

trusted library allocation

page read and write

6D00000

trusted library allocation

page read and write

There are 579 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
setup.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsetup.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
setup.exe