Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

x4UbCbpqkP.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	4.809458973082986
Filename:	x4UbCbpqkP.exe
Filesize:	292864
MD5:	187049e720e9545fc7c567f85ee870ec
SHA1:	1fd8edb9da446de7c24d633b10ca6a4c03c9499f
SHA256:	6ad54ede2fb8a622eb23f83ccce4138aee91178b62183999cca5a0f4fb3b0d93
SHA512:	ae8f75b7bfe61bb5251fe20d5ac69c9d1140539e17df11f05f1665b57844ee68a288ba1f8e2791830785baed916fae7a0599506a530f8f7ca4f4d3f393b8d403
SSDEEP:	3072:4qFFrqwIOGBHy9MGSwTca9G2f6ZkOEhdIVLZ0fHIOcZqf7D34yyCbBOr:LBIOGfardaLZifcZqf7DIyy
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.N...............0.................. ........@.. ....................................@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)	Malware Analysis System Evasion
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information	Windows Management Instrumentation Security Software Discovery
AV process strings found (often used to terminate AV products)	Lowering of HIPS / PFW / Operating System Security Settings
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings	Windows Management Instrumentation Security Software Discovery
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities	Obfuscated Files or Information
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x4UbCbpqkP.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x4UbCbpqkP.exe.log
Category:	dropped
Dump:	x4UbCbpqkP.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\x4UbCbpqkP.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.33145931749415
Encrypted:	false
Ssdeep:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
Size:	3094
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\x4UbCbpqkP.exe

"C:\Users\user\Desktop\x4UbCbpqkP.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6860
Target ID:	0
Parent PID:	2580
Name:	x4UbCbpqkP.exe
Path:	C:\Users\user\Desktop\x4UbCbpqkP.exe
Commandline:	"C:\Users\user\Desktop\x4UbCbpqkP.exe"
Size:	292864
MD5:	187049E720E9545FC7C567F85EE870EC
Time:	03:21:50
Date:	02/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x9f0000
Modulesize:	311296
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

144.172.122.232:20131

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

https://duckduckgo.com/chrome_newtab

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

https://duckduckgo.com/ac/?q=

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id5ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

bg.microsoft.map.fastly.net

199.232.210.172

IPs

Domain

Country

Malicious

144.172.122.232

unknown

United States

Details

IP:	144.172.122.232
TargetID:	0
Current Path:	C:\Users\user\Desktop\x4UbCbpqkP.exe
Country:	United States
Countrycode:	USA
ASN number:	9009
ASN name:	M247GB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

9F2000

unkown

page readonly

3310000

trusted library allocation

page read and write

3405000

trusted library allocation

page read and write

700F000

trusted library allocation

page read and write

6B8C000

stack

page read and write

6C90000

heap

page read and write

3298000

trusted library allocation

page read and write

7130000

trusted library allocation

page read and write

7120000

trusted library allocation

page read and write

6A40000

heap

page read and write

6A30000

heap

page read and write

6FE2000

trusted library allocation

page read and write

6A8E000

heap

page read and write

6DE0000

heap

page read and write

53B0000

trusted library allocation

page read and write

51E3000

heap

page read and write

6E29000

heap

page read and write

5250000

trusted library allocation

page read and write

71DE000

stack

page read and write

69A1000

heap

page read and write

3208000

trusted library allocation

page read and write

32FE000

trusted library allocation

page read and write

5D9E000

stack

page read and write

6E21000

heap

page read and write

3331000

trusted library allocation

page read and write

52D0000

trusted library allocation

page read and write

51F4000

trusted library allocation

page read and write

6DC4000

trusted library allocation

page read and write

5D50000

trusted library allocation

page execute and read and write

2F50000

trusted library allocation

page read and write

51E0000

heap

page read and write

6FE9000

trusted library allocation

page read and write

2FE0000

trusted library allocation

page read and write

2B0B000

trusted library allocation

page execute and read and write

E40000

heap

page read and write

EEA000

heap

page read and write

53D2000

trusted library allocation

page read and write

122D000

trusted library allocation

page execute and read and write

6A67000

heap

page read and write

6A5D000

heap

page read and write

2FED000

trusted library allocation

page read and write

2F85000

trusted library allocation

page read and write

2F93000

trusted library allocation

page read and write

5570000

trusted library allocation

page read and write

7005000

trusted library allocation

page read and write

32D3000

trusted library allocation

page read and write

6DF6000

heap

page read and write

AC9000

stack

page read and write

2F3A000

trusted library allocation

page read and write

628C000

stack

page read and write

33F0000

trusted library allocation

page read and write

6340000

trusted library allocation

page read and write

3011000

trusted library allocation

page read and write

5400000

heap

page execute and read and write

3258000

trusted library allocation

page read and write

2ECA000

trusted library allocation

page read and write

7240000

trusted library allocation

page execute and read and write

2AF0000

trusted library allocation

page read and write

A31000

unkown

page readonly

6A84000

heap

page read and write

3DAF000

trusted library allocation

page read and write

7010000

trusted library allocation

page read and write

3318000

trusted library allocation

page read and write

31DF000

trusted library allocation

page read and write

2AF6000

trusted library allocation

page execute and read and write

5630000

trusted library allocation

page execute and read and write

FF8000

heap

page read and write

414F000

trusted library allocation

page read and write

5390000

trusted library allocation

page read and write

2FAD000

trusted library allocation

page read and write

F85000

heap

page read and write

3244000

trusted library allocation

page read and write

6E3A000

heap

page read and write

E30000

heap

page read and write

2B70000

trusted library allocation

page read and write

2B00000

trusted library allocation

page read and write

4E6C000

stack

page read and write

721F000

stack

page read and write

5255000

trusted library allocation

page read and write

601E000

stack

page read and write

31E7000

trusted library allocation

page read and write

616C000

stack

page read and write

6A08000

heap

page read and write

53BB000

trusted library allocation

page read and write

EA0000

heap

page read and write

69CF000

heap

page read and write

6DB0000

trusted library allocation

page read and write

5511000

trusted library allocation

page read and write

5530000

trusted library allocation

page read and write

7580000

heap

page read and write

2EEB000

trusted library allocation

page read and write

6A52000

heap

page read and write

2C50000

heap

page execute and read and write

62E0000

trusted library allocation

page read and write

3D71000

trusted library allocation

page read and write

336F000

trusted library allocation

page read and write

3241000

trusted library allocation

page read and write

2F24000

trusted library allocation

page read and write

3DAC000

trusted library allocation

page read and write

3019000

trusted library allocation

page read and write

33C1000

trusted library allocation

page read and write

2ED0000

trusted library allocation

page read and write

31CF000

trusted library allocation

page read and write

55C0000

trusted library allocation

page read and write

EE7000

heap

page read and write

7230000

trusted library allocation

page read and write

52C0000

heap

page read and write

6FFA000

trusted library allocation

page read and write

55A0000

trusted library allocation

page read and write

7020000

trusted library allocation

page read and write

31F2000

trusted library allocation

page read and write

333A000

trusted library allocation

page read and write

2FEA000

trusted library allocation

page read and write

5FDE000

stack

page read and write

6DD0000

trusted library allocation

page execute and read and write

5240000

trusted library allocation

page read and write

F2E000

stack

page read and write

5211000

trusted library allocation

page read and write

552B000

trusted library allocation

page read and write

F5E000

heap

page read and write

324C000

trusted library allocation

page read and write

69D5000

heap

page read and write

2EF4000

trusted library allocation

page read and write

6F33000

heap

page read and write

102B000

heap

page read and write

32A7000

trusted library allocation

page read and write

7220000

trusted library allocation

page execute and read and write

2EE3000

trusted library allocation

page read and write

6120000

trusted library allocation

page execute and read and write

3182000

trusted library allocation

page read and write

2F27000

trusted library allocation

page read and write

3DA0000

trusted library allocation

page read and write

711F000

stack

page read and write

2FB4000

trusted library allocation

page read and write

2F2F000

trusted library allocation

page read and write

6E6C000

heap

page read and write

3D99000

trusted library allocation

page read and write

121F000

stack

page read and write

5230000

trusted library allocation

page read and write

F58000

heap

page read and write

719E000

stack

page read and write

53EA000

trusted library allocation

page read and write

32CB000

trusted library allocation

page read and write

5770000

trusted library allocation

page execute and read and write

F40000

trusted library allocation

page read and write

6A49000

heap

page read and write

51B0000

trusted library allocation

page execute and read and write

1220000

trusted library allocation

page read and write

BC7000

stack

page read and write

6993000

heap

page read and write

2E04000

trusted library allocation

page read and write

F50000

heap

page read and write

2ED6000

trusted library allocation

page read and write

330A000

trusted library allocation

page read and write

A20000

unkown

page readonly

E8E000

stack

page read and write

341F000

trusted library allocation

page read and write

51C0000

trusted library allocation

page read and write

3364000

trusted library allocation

page read and write

3DB3000

trusted library allocation

page read and write

69F5000

heap

page read and write

6FE0000

trusted library allocation

page read and write

69E3000

heap

page read and write

EE0000

heap

page read and write

EB0000

heap

page read and write

32BD000

trusted library allocation

page read and write

62DE000

stack

page read and write

2B02000

trusted library allocation

page read and write

323E000

trusted library allocation

page read and write

2F89000

trusted library allocation

page read and write

2F9F000

trusted library allocation

page read and write

3233000

trusted library allocation

page read and write

33FA000

trusted library allocation

page read and write

6E07000

heap

page read and write

6EB0000

heap

page read and write

51F0000

trusted library allocation

page read and write

52E0000

trusted library allocation

page execute and read and write

52D2000

trusted library allocation

page read and write

633E000

stack

page read and write

9F0000

unkown

page readonly

6FFF000

trusted library allocation

page read and write

2D6E000

stack

page read and write

2B78000

trusted library allocation

page read and write

EEE000

heap

page read and write

2AF2000

trusted library allocation

page read and write

699D000

heap

page read and write

F78000

heap

page read and write

70DE000

stack

page read and write

2C4B000

stack

page read and write

32AA000

trusted library allocation

page read and write

3413000

trusted library allocation

page read and write

1224000

trusted library allocation

page read and write

2FF8000

trusted library allocation

page read and write

5398000

trusted library allocation

page read and write

6A1E000

heap

page read and write

318D000

trusted library allocation

page read and write

7140000

trusted library allocation

page execute and read and write

5525000

trusted library allocation

page read and write

337E000

trusted library allocation

page read and write

319B000

trusted library allocation

page read and write

78FE000

stack

page read and write

6A22000

heap

page read and write

5222000

trusted library allocation

page read and write

5560000

trusted library allocation

page read and write

53E1000

trusted library allocation

page read and write

2F7A000

trusted library allocation

page read and write

307B000

trusted library allocation

page read and write

2FF0000

trusted library allocation

page read and write

2EF2000

trusted library allocation

page read and write

3389000

trusted library allocation

page read and write

6DB5000

trusted library allocation

page read and write

75CE000

stack

page read and write

2B05000

trusted library allocation

page execute and read and write

31DC000

trusted library allocation

page read and write

6E97000

heap

page read and write

53DE000

trusted library allocation

page read and write

31CD000

trusted library allocation

page read and write

51FB000

trusted library allocation

page read and write

5500000

trusted library allocation

page read and write

2B6E000

stack

page read and write

5260000

trusted library allocation

page read and write

5650000

trusted library allocation

page read and write

2EDE000

trusted library allocation

page read and write

611F000

stack

page read and write

5640000

trusted library allocation

page read and write

2F21000

trusted library allocation

page read and write

1230000

trusted library allocation

page read and write

6FF8000

trusted library allocation

page read and write

521D000

trusted library allocation

page read and write

3323000

trusted library allocation

page read and write

2EEF000

trusted library allocation

page read and write

53C1000

trusted library allocation

page read and write

7015000

trusted library allocation

page read and write

326D000

trusted library allocation

page read and write

2ED4000

trusted library allocation

page read and write

1223000

trusted library allocation

page execute and read and write

2AFA000

trusted library allocation

page execute and read and write

6E38000

heap

page read and write

338F000

trusted library allocation

page read and write

69DD000

heap

page read and write

2F17000

trusted library allocation

page read and write

700A000

trusted library allocation

page read and write

524E000

trusted library allocation

page read and write

6E4E000

heap

page read and write

634A000

trusted library allocation

page read and write

6A74000

heap

page read and write

3003000

trusted library allocation

page read and write

5790000

trusted library allocation

page read and write

2EC8000

trusted library allocation

page read and write

7150000

trusted library allocation

page read and write

751F000

stack

page read and write

134E000

stack

page read and write

539A000

trusted library allocation

page read and write

55B0000

trusted library allocation

page execute and read and write

69EB000

heap

page read and write

5540000

heap

page read and write

32B2000

trusted library allocation

page read and write

2D71000

trusted library allocation

page read and write

2C60000

heap

page read and write

3D91000

trusted library allocation

page read and write

75F0000

heap

page read and write

552E000

trusted library allocation

page read and write

3057000

trusted library allocation

page read and write

2ECE000

trusted library allocation

page read and write

5216000

trusted library allocation

page read and write

7716000

heap

page read and write

7F700000

trusted library allocation

page execute and read and write

3DA5000

trusted library allocation

page read and write

6E93000

heap

page read and write

5780000

trusted library allocation

page read and write

520E000

trusted library allocation

page read and write

3D7F000

trusted library allocation

page read and write

5EDE000

stack

page read and write

2B20000

trusted library allocation

page read and write

3300000

trusted library allocation

page read and write

6A0E000

heap

page read and write

32A4000

trusted library allocation

page read and write

5E9F000

stack

page read and write

53C6000

trusted library allocation

page read and write

69B9000

heap

page read and write

5280000

trusted library allocation

page read and write

330D000

trusted library allocation

page read and write

6F19000

heap

page read and write

6DC0000

trusted library allocation

page read and write

76FE000

stack

page read and write

53F0000

trusted library allocation

page read and write

55D0000

trusted library allocation

page read and write

6C8D000

stack

page read and write

5550000

trusted library allocation

page read and write

123D000

trusted library allocation

page execute and read and write

EA5000

heap

page read and write

5620000

trusted library allocation

page execute and read and write

51D0000

trusted library allocation

page read and write

7570000

trusted library allocation

page read and write

3DF3000

trusted library allocation

page read and write

2EF6000

trusted library allocation

page read and write

2F15000

trusted library allocation

page read and write

5520000

trusted library allocation

page read and write

756C000

stack

page read and write

6180000

trusted library allocation

page execute and read and write

2F8B000

trusted library allocation

page read and write

7700000

heap

page read and write

329A000

trusted library allocation

page read and write

3FA1000

trusted library allocation

page read and write

F92000

heap

page read and write

31A3000

trusted library allocation

page read and write

31D9000

trusted library allocation

page read and write

2B07000

trusted library allocation

page execute and read and write

2F48000

trusted library allocation

page read and write

6990000

heap

page read and write

75E0000

trusted library allocation

page read and write

2EE0000

trusted library allocation

page read and write

2E57000

trusted library allocation

page read and write

7012000

trusted library allocation

page read and write

5395000

trusted library allocation

page read and write

3265000

trusted library allocation

page read and write

7E80000

heap

page read and write

1240000

heap

page read and write

3200000

trusted library allocation

page read and write

6FE5000

trusted library allocation

page read and write

6E81000

heap

page read and write

2FDE000

trusted library allocation

page read and write

6DB7000

trusted library allocation

page read and write

There are 313 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
x4UbCbpqkP.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportx4UbCbpqkP.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
x4UbCbpqkP.exe