Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\setup.exe

"C:\Users\user\Desktop\setup.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6184
Target ID:	0
Parent PID:	1028
Name:	setup.exe
Path:	C:\Users\user\Desktop\setup.exe
Commandline:	"C:\Users\user\Desktop\setup.exe"
Size:	304128
MD5:	9AB4DE8B2F2B99F009D32AA790CD091B
Time:	18:25:56
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xff0000
Modulesize:	327680
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Creates install or setup log file	Compliance, Persistence and Installation Behavior
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

185.215.113.67:40960

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

https://bitbucket.org/blog/announcing-our-new-ci-cd-runtime-with-up-to-8x-faster-builds

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/img/logos/bitbucket/mstile-150x150.png

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

https://bitbucket.status.atlassian.com/

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

https://id.atlassian.com/profile/rest/profile"

unknown

https://aui-cdn.atlassian.com/

unknown

http://tempuri.org/Entity/Id15Response

unknown

https://bitbucket.org/gateway/api/emoji/

unknown

https://bqlf8qjztdtr.statuspage.io

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://bitbucket.org

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/css/entry/vendor-aui-8.css

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/img/logos/bitbucket/android-chrome-192x192.png

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/img/default_avatar/user_blue.svg

unknown

https://api.ip.sb/ip

unknown

https://id.atlassian.com/login

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

https://id.atlassian.com/logout

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

https://id.atlassian.com/manage-profile/

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

https://bitbucket.org/tanosx/clockbrix.git

unknown

https://cdn.cookielaw.org/

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

https://d136azpfpnge1l.cloudfront.net/

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

https://admin.atlassian.com

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/dist/webpack/early.js

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/dist/webpack/locales/en.js

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT

unknown

http://tempuri.org/D

unknown

http://schemas.xmlsoap.org/ws/2004/06/addressingex

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

https://bitbucket.org/account/tanosx/avatar/

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510

unknown

http://tempuri.org/Entity/Id13Response

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif

unknown

http://tempuri.org/Entity/Id12ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct

unknown

http://tempuri.org/Entity/Id7ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/Entity/Id4ResponseD

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/img/logos/bitbucket/apple-touch-icon.png

unknown

https://web-security-reports.services.atlassian.com/csp-report/bb-website

unknown

http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap

unknown

http://schemas.xmlsoap.org/ws/2002/12/policy

unknown

https://bitbucket.org/tanosx/clockbrix

unknown

http://tempuri.org/Entity/Id22Response

unknown

http://tempuri.org/Entity/Id22ResponseD

unknown

http://tempuri.org/Entity/Id16ResponseD

unknown

https://d136azpfpnge1l.cloudfront.net/;

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue

unknown

https://d301sr5gafysq2.cloudfront.net/a022e62940a9/css/entry/adg3.css

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

bitbucket.org

104.192.141.1

Details

Name:	bitbucket.org
IP:	104.192.141.1
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

185.215.113.67

unknown

Portugal

Details

IP:	185.215.113.67
TargetID:	0
Current Path:	C:\Users\user\Desktop\setup.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

104.192.141.1

bitbucket.org

United States

Details

IP:	104.192.141.1
TargetID:	0
Current Path:	C:\Users\user\Desktop\setup.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	bitbucket.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\setup_RASMANCS

FileDirectory

There are 10 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

FF2000

unkown

page readonly

77BE000

stack

page read and write

63DE000

stack

page read and write

77FE000

stack

page read and write

5B00000

trusted library allocation

page read and write

3A7D000

trusted library allocation

page read and write

397D000

trusted library allocation

page read and write

740B000

heap

page read and write

36CF000

trusted library allocation

page read and write

1720000

trusted library allocation

page read and write

4501000

trusted library allocation

page read and write

483E000

trusted library allocation

page read and write

3B0B000

trusted library allocation

page read and write

10C9000

stack

page read and write

3BA8000

trusted library allocation

page read and write

11C7000

stack

page read and write

4804000

trusted library allocation

page read and write

17D7000

heap

page read and write

7660000

trusted library allocation

page read and write

3B7F000

trusted library allocation

page read and write

764F000

trusted library allocation

page read and write

643A000

heap

page read and write

3B19000

trusted library allocation

page read and write

6472000

heap

page read and write

3020000

trusted library allocation

page read and write

4879000

trusted library allocation

page read and write

3B76000

trusted library allocation

page read and write

5C20000

trusted library allocation

page execute and read and write

63E0000

heap

page read and write

3B03000

trusted library allocation

page read and write

1710000

trusted library allocation

page read and write

7C60000

trusted library allocation

page execute and read and write

7655000

trusted library allocation

page read and write

6820000

trusted library allocation

page execute and read and write

698C000

stack

page read and write

36CD000

trusted library allocation

page read and write

34F0000

heap

page execute and read and write

3726000

trusted library allocation

page read and write

370E000

trusted library allocation

page read and write

4836000

trusted library allocation

page read and write

63FD000

heap

page read and write

735C000

heap

page read and write

16F6000

heap

page read and write

5840000

trusted library allocation

page read and write

5866000

trusted library allocation

page read and write

5AC1000

trusted library allocation

page read and write

7379000

heap

page read and write

3501000

trusted library allocation

page read and write

16E0000

trusted library allocation

page read and write

5B30000

trusted library allocation

page read and write

3370000

heap

page read and write

8D2F000

stack

page read and write

5861000

trusted library allocation

page read and write

3A1D000

trusted library allocation

page read and write

58D0000

trusted library allocation

page read and write

5C30000

trusted library allocation

page execute and read and write

6462000

heap

page read and write

5DEE000

stack

page read and write

7630000

trusted library allocation

page read and write

38DB000

trusted library allocation

page read and write

5B2B000

trusted library allocation

page read and write

390E000

trusted library allocation

page read and write

7632000

trusted library allocation

page read and write

764A000

trusted library allocation

page read and write

7DE0000

heap

page read and write

1580000

heap

page read and write

4643000

trusted library allocation

page read and write

5B50000

trusted library allocation

page read and write

39BF000

trusted library allocation

page read and write

5AF0000

trusted library allocation

page read and write

6880000

trusted library allocation

page execute and read and write

72D0000

trusted library allocation

page read and write

648F000

heap

page read and write

3B26000

trusted library allocation

page read and write

7680000

trusted library allocation

page read and write

5C40000

trusted library allocation

page read and write

645C000

heap

page read and write

399F000

trusted library allocation

page read and write

5AEA000

trusted library allocation

page read and write

7675000

trusted library allocation

page read and write

17A0000

heap

page read and write

7672000

trusted library allocation

page read and write

58FA000

trusted library allocation

page read and write

58F5000

trusted library allocation

page read and write

7C80000

trusted library allocation

page read and write

169E000

stack

page read and write

726C000

stack

page read and write

7F1E0000

trusted library allocation

page execute and read and write

585E000

trusted library allocation

page read and write

69A0000

heap

page read and write

3030000

trusted library allocation

page read and write

4819000

trusted library allocation

page read and write

6405000

heap

page read and write

7CDC000

stack

page read and write

8E7E000

stack

page read and write

3360000

trusted library allocation

page read and write

5B11000

trusted library allocation

page read and write

4681000

trusted library allocation

page read and write

34BC000

stack

page read and write

1540000

heap

page read and write

772F000

stack

page read and write

671E000

stack

page read and write

4826000

trusted library allocation

page read and write

7270000

trusted library allocation

page read and write

5B20000

trusted library allocation

page read and write

7C4E000

stack

page read and write

1513000

heap

page read and write

33BB000

stack

page read and write

1726000

trusted library allocation

page execute and read and write

649B000

heap

page read and write

1025000

unkown

page readonly

36E9000

trusted library allocation

page read and write

7639000

trusted library allocation

page read and write

63E8000

heap

page read and write

FF0000

unkown

page readonly

3A5A000

trusted library allocation

page read and write

584B000

trusted library allocation

page read and write

3973000

trusted library allocation

page read and write

5900000

heap

page read and write

38ED000

trusted library allocation

page read and write

2F88000

trusted library allocation

page read and write

370A000

trusted library allocation

page read and write

39E6000

trusted library allocation

page read and write

5C70000

trusted library allocation

page read and write

5B70000

heap

page execute and read and write

4830000

trusted library allocation

page read and write

4820000

trusted library allocation

page read and write

3903000

trusted library allocation

page read and write

7530000

heap

page read and write

3B37000

trusted library allocation

page read and write

8E80000

trusted library allocation

page read and write

39DB000

trusted library allocation

page read and write

471B000

trusted library allocation

page read and write

7DDE000

stack

page read and write

36FD000

trusted library allocation

page read and write

3992000

trusted library allocation

page read and write

3B33000

trusted library allocation

page read and write

7C50000

trusted library allocation

page read and write

5B25000

trusted library allocation

page read and write

7360000

heap

page read and write

936E000

stack

page read and write

7664000

trusted library allocation

page read and write

72D3000

trusted library allocation

page read and write

171D000

trusted library allocation

page execute and read and write

1735000

trusted library allocation

page execute and read and write

7330000

heap

page read and write

73B1000

heap

page read and write

58E0000

trusted library allocation

page execute and read and write

38F3000

trusted library allocation

page read and write

7635000

trusted library allocation

page read and write

3AFA000

trusted library allocation

page read and write

1471000

heap

page read and write

743D000

heap

page read and write

8D30000

heap

page read and write

482D000

trusted library allocation

page read and write

34C5000

trusted library allocation

page read and write

72C0000

trusted library allocation

page execute and read and write

7770000

trusted library allocation

page execute and read and write

3A6C000

trusted library allocation

page read and write

6449000

heap

page read and write

364B000

trusted library allocation

page read and write

5AD2000

trusted library allocation

page read and write

58D2000

trusted library allocation

page read and write

47E8000

trusted library allocation

page read and write

170D000

trusted library allocation

page execute and read and write

5C50000

trusted library allocation

page read and write

8FCE000

stack

page read and write

7ACE000

stack

page read and write

1530000

heap

page read and write

36D5000

trusted library allocation

page read and write

47E1000

trusted library allocation

page read and write

642C000

heap

page read and write

1703000

trusted library allocation

page execute and read and write

450F000

trusted library allocation

page read and write

14EB000

heap

page read and write

17C0000

trusted library allocation

page execute and read and write

47F3000

trusted library allocation

page read and write

3B0D000

trusted library allocation

page read and write

7DF6000

heap

page read and write

7740000

trusted library allocation

page read and write

39CB000

trusted library allocation

page read and write

1020000

unkown

page readonly

3A2C000

trusted library allocation

page read and write

1704000

trusted library allocation

page read and write

4844000

trusted library allocation

page read and write

1034000

unkown

page readonly

8ECE000

stack

page read and write

1700000

trusted library allocation

page read and write

5880000

trusted library allocation

page read and write

4859000

trusted library allocation

page read and write

3594000

trusted library allocation

page read and write

38E6000

trusted library allocation

page read and write

58F8000

trusted library allocation

page read and write

38F8000

trusted library allocation

page read and write

7B4E000

stack

page read and write

58F0000

trusted library allocation

page read and write

325F000

stack

page read and write

5C80000

trusted library allocation

page read and write

3598000

trusted library allocation

page read and write

3A88000

trusted library allocation

page read and write

34C0000

trusted library allocation

page read and write

7B0E000

stack

page read and write

172A000

trusted library allocation

page execute and read and write

1428000

heap

page read and write

5ADE000

trusted library allocation

page read and write

1420000

heap

page read and write

7540000

heap

page read and write

34D0000

trusted library allocation

page read and write

765A000

trusted library allocation

page read and write

16F0000

heap

page read and write

5ABB000

trusted library allocation

page read and write

3B3F000

trusted library allocation

page read and write

3A61000

trusted library allocation

page read and write

3050000

heap

page read and write

5DA0000

trusted library allocation

page execute and read and write

7274000

trusted library allocation

page read and write

3040000

trusted library allocation

page read and write

39C5000

trusted library allocation

page read and write

7760000

trusted library allocation

page read and write

711E000

stack

page read and write

16DE000

stack

page read and write

393D000

trusted library allocation

page read and write

47C7000

trusted library allocation

page read and write

36BB000

trusted library allocation

page read and write

38BA000

trusted library allocation

page read and write

3729000

trusted library allocation

page read and write

483C000

trusted library allocation

page read and write

73C6000

heap

page read and write

1585000

heap

page read and write

5844000

trusted library allocation

page read and write

5AB0000

trusted library allocation

page read and write

765F000

trusted library allocation

page read and write

5B40000

trusted library allocation

page read and write

39B3000

trusted library allocation

page read and write

315F000

stack

page read and write

64CE000

heap

page read and write

5AE1000

trusted library allocation

page read and write

3B92000

trusted library allocation

page read and write

89AD000

stack

page read and write

39D0000

trusted library allocation

page read and write

36DE000

trusted library allocation

page read and write

701E000

stack

page read and write

8AAF000

stack

page read and write

69B0000

trusted library allocation

page read and write

7348000

heap

page read and write

1730000

trusted library allocation

page read and write

3985000

trusted library allocation

page read and write

8C2D000

stack

page read and write

3A73000

trusted library allocation

page read and write

586D000

trusted library allocation

page read and write

66DF000

stack

page read and write

36D2000

trusted library allocation

page read and write

65DF000

stack

page read and write

8D7E000

stack

page read and write

73FF000

heap

page read and write

64D5000

heap

page read and write

480F000

trusted library allocation

page read and write

38C7000

trusted library allocation

page read and write

1737000

trusted library allocation

page execute and read and write

7415000

heap

page read and write

173B000

trusted library allocation

page execute and read and write

16FB000

heap

page read and write

686C000

stack

page read and write

47D4000

trusted library allocation

page read and write

3053000

heap

page read and write

5872000

trusted library allocation

page read and write

145E000

heap

page read and write

335E000

stack

page read and write

7750000

trusted library allocation

page execute and read and write

47FF000

trusted library allocation

page read and write

5BD0000

trusted library allocation

page read and write

8AEE000

stack

page read and write

7648000

trusted library allocation

page read and write

36DB000

trusted library allocation

page read and write

5B60000

trusted library allocation

page read and write

1722000

trusted library allocation

page read and write

179E000

stack

page read and write

64B5000

heap

page read and write

7C90000

heap

page read and write

911E000

stack

page read and write

39AC000

trusted library allocation

page read and write

76ED000

stack

page read and write

3A94000

trusted library allocation

page read and write

716E000

stack

page read and write

681E000

stack

page read and write

17D0000

heap

page read and write

3AC3000

trusted library allocation

page read and write

1732000

trusted library allocation

page read and write

38D4000

trusted library allocation

page read and write

3A78000

trusted library allocation

page read and write

4521000

trusted library allocation

page read and write

3BAE000

trusted library allocation

page read and write

5AC6000

trusted library allocation

page read and write

901E000

stack

page read and write

64A8000

heap

page read and write

5BC0000

trusted library allocation

page read and write

3BA3000

trusted library allocation

page read and write

58C0000

heap

page read and write

36EE000

trusted library allocation

page read and write

1750000

trusted library allocation

page read and write

5B2E000

trusted library allocation

page read and write

7370000

heap

page read and write

5BB0000

trusted library allocation

page execute and read and write

47FA000

trusted library allocation

page read and write

926E000

stack

page read and write

8BEE000

stack

page read and write

6480000

heap

page read and write

5BA0000

trusted library allocation

page read and write

3B9E000

trusted library allocation

page read and write

7670000

trusted library allocation

page read and write

1504000

heap

page read and write

737B000

heap

page read and write

64DB000

heap

page read and write

5C60000

trusted library allocation

page execute and read and write

4839000

trusted library allocation

page read and write

7730000

trusted library allocation

page read and write

6483000

heap

page read and write

72D6000

trusted library allocation

page read and write

There are 308 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
setup.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsetup.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
setup.exe