Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
RALbxU9itw.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RALbxU9itw.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\RALbxU9itw.exe
|
"C:\Users\user\Desktop\RALbxU9itw.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
amrican-sport-live-stream.cc:4581
|
|||
http://tempuri.org/Entity/Id24LR
|
unknown
|
||
http://tempuri.org/Entity/Id2ResponseX7
|
unknown
|
||
http://tempuri.org/Entity/Id20LR
|
unknown
|
||
https://api.telegram.org/bot
|
unknown
|
||
http://tempuri.org/Entity/Id12Response
|
unknown
|
||
http://tempuri.org/Entity/Id3Responseht
|
unknown
|
||
http://tempuri.org/
|
unknown
|
||
http://tempuri.org/Entity/Id2Response
|
unknown
|
||
http://tempuri.org/Entity/Id21Response
|
unknown
|
||
http://tempuri.org/Entity/Id9
|
unknown
|
||
http://tempuri.org/Entity/Id2Responsent
|
unknown
|
||
http://tempuri.org/Entity/Id8
|
unknown
|
||
http://tempuri.org/Entity/Id5
|
unknown
|
||
http://tempuri.org/Entity/Id4
|
unknown
|
||
http://tempuri.org/Entity/Id17LR
|
unknown
|
||
http://tempuri.org/Entity/Id7
|
unknown
|
||
http://tempuri.org/Entity/Id6
|
unknown
|
||
http://tempuri.org/Entity/Id9LR
|
unknown
|
||
http://tempuri.org/Entity/Id19Response
|
unknown
|
||
http://tempuri.org/Entity/Id13LR
|
unknown
|
||
http://tempuri.org/Entity/Id1LR
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
http://tempuri.org/Entity/Id19Responsehi
|
unknown
|
||
http://tempuri.org/Entity/Id5LR
|
unknown
|
||
http://tempuri.org/Entity/Id15Response
|
unknown
|
||
http://tempuri.org/Entity/Id1ResponseMo
|
unknown
|
||
http://tempuri.org/Entity/Id6Response
|
unknown
|
||
https://api.ip.sb/ip
|
unknown
|
||
http://tempuri.org/Entity/Id21LR
|
unknown
|
||
http://tempuri.org/Entity/Id1ResponseD
|
unknown
|
||
http://tempuri.org/Entity/Id9Response
|
unknown
|
||
http://tempuri.org/Entity/Id20
|
unknown
|
||
http://tempuri.org/Entity/Id21
|
unknown
|
||
http://tempuri.org/Entity/Id22
|
unknown
|
||
http://tempuri.org/Entity/Id23
|
unknown
|
||
http://tempuri.org/Entity/Id24
|
unknown
|
||
http://tempuri.org/Entity/Id2Responsedo
|
unknown
|
||
http://tempuri.org/Entity/Id24Response
|
unknown
|
||
http://tempuri.org/Entity/Id1Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
http://tempuri.org/Entity/Id18LR
|
unknown
|
||
http://tempuri.org/Entity/Id14LR
|
unknown
|
||
http://tempuri.org/Entity/Id6LR
|
unknown
|
||
http://tempuri.org/Entity/Id1Response&
|
unknown
|
||
http://tempuri.org/Entity/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
http://tempuri.org/Entity/Id10LR
|
unknown
|
||
https://www.newtonsoft.com/jsonschema
|
unknown
|
||
http://tempuri.org/Entity/Id2LR
|
unknown
|
||
http://tempuri.org/Entity/Id10
|
unknown
|
||
http://tempuri.org/Entity/Id11
|
unknown
|
||
http://tempuri.org/Entity/Id1Responsepu
|
unknown
|
||
http://tempuri.org/Entity/Id12
|
unknown
|
||
http://tempuri.org/Entity/Id16Response
|
unknown
|
||
http://tempuri.org/Entity/Id13
|
unknown
|
||
http://tempuri.org/Entity/Id14
|
unknown
|
||
http://tempuri.org/Entity/Id15
|
unknown
|
||
http://tempuri.org/Entity/Id16
|
unknown
|
||
http://tempuri.org/Entity/Id17
|
unknown
|
||
http://tempuri.org/Entity/Id18
|
unknown
|
||
http://tempuri.org/Entity/Id5Response
|
unknown
|
||
http://tempuri.org/Entity/Id19
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
http://tempuri.org/Entity/Id10Response
|
unknown
|
||
http://tempuri.org/Entity/Id8Response
|
unknown
|
||
http://tempuri.org/Entity/Id22LR
|
unknown
|
||
http://tempuri.org/Entity/Id4$
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
http://tempuri.org/Entity/Id3ResponseD
|
unknown
|
||
http://tempuri.org/Entity/Id19LR
|
unknown
|
||
http://tempuri.org/Entity/Id23Response
|
unknown
|
||
http://tempuri.org/Entity/Id15LR
|
unknown
|
||
http://tempuri.org/Entity/Id7LR
|
unknown
|
||
http://tempuri.org/Entity/Id11LR
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
|
unknown
|
||
http://tempuri.org/Entity/Id17Response
|
unknown
|
||
http://tempuri.org/Entity/Id20Response
|
unknown
|
||
http://tempuri.org/Entity/Id4nt
|
unknown
|
||
http://tempuri.org/Entity/Id3LR
|
unknown
|
||
http://tempuri.org/Entity/Id13Response
|
unknown
|
||
http://tempuri.org/Entity/Id4Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
|
unknown
|
||
http://tempuri.org/Entity/Id23LR
|
unknown
|
||
http://tempuri.org/Entity/Id7Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyP~$
|
unknown
|
||
http://tempuri.org/Entity/Id11Response
|
unknown
|
||
http://tempuri.org/Entity/Id22Response
|
unknown
|
||
http://tempuri.org/Entity/Id1ResponsetY
|
unknown
|
||
http://james.newtonking.com/projects/json
|
unknown
|
||
http://tempuri.org/Entity/Id22(
|
unknown
|
||
http://tempuri.org/Entity/Id1
|
unknown
|
||
http://tempuri.org/Entity/Id16LR
|
unknown
|
||
http://tempuri.org/Entity/Id8LR
|
unknown
|
||
http://tempuri.org/Entity/Id3
|
unknown
|
||
http://tempuri.org/Entity/Id2
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rmd
|
unknown
|
||
http://tempuri.org/Entity/Id18Response
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
amrican-sport-live-stream.cc
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
4DD0000
|
trusted library section
|
page read and write
|
||
2C41000
|
trusted library allocation
|
page read and write
|
||
402000
|
remote allocation
|
page execute and read and write
|
||
362A000
|
trusted library allocation
|
page read and write
|
||
36BC000
|
trusted library allocation
|
page read and write
|
||
5471000
|
trusted library allocation
|
page read and write
|
||
5130000
|
trusted library allocation
|
page read and write
|
||
4FD0000
|
trusted library allocation
|
page read and write
|
||
CBF000
|
stack
|
page read and write
|
||
B30000
|
trusted library allocation
|
page read and write
|
||
5570000
|
trusted library allocation
|
page read and write
|
||
53A3000
|
heap
|
page read and write
|
||
5480000
|
trusted library allocation
|
page read and write
|
||
850000
|
heap
|
page read and write
|
||
98E000
|
stack
|
page read and write
|
||
B23000
|
trusted library allocation
|
page execute and read and write
|
||
5467000
|
trusted library allocation
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
3D95E000
|
stack
|
page read and write
|
||
2B30000
|
heap
|
page read and write
|
||
EDE000
|
stack
|
page read and write
|
||
F38000
|
trusted library allocation
|
page read and write
|
||
2846000
|
trusted library allocation
|
page read and write
|
||
2872000
|
trusted library allocation
|
page read and write
|
||
F55000
|
trusted library allocation
|
page execute and read and write
|
||
2B00000
|
heap
|
page execute and read and write
|
||
5220000
|
trusted library allocation
|
page read and write
|
||
2878000
|
trusted library allocation
|
page read and write
|
||
54E0000
|
trusted library allocation
|
page read and write
|
||
5080000
|
trusted library allocation
|
page read and write
|
||
D80000
|
heap
|
page read and write
|
||
5540000
|
trusted library allocation
|
page read and write
|
||
5590000
|
trusted library allocation
|
page execute and read and write
|
||
2859000
|
trusted library allocation
|
page read and write
|
||
756000
|
heap
|
page read and write
|
||
54C0000
|
trusted library allocation
|
page read and write
|
||
288F000
|
trusted library allocation
|
page read and write
|
||
F52000
|
trusted library allocation
|
page read and write
|
||
FC2000
|
heap
|
page read and write
|
||
4B80000
|
heap
|
page execute and read and write
|
||
4CDB000
|
trusted library allocation
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
25CE000
|
stack
|
page read and write
|
||
1054000
|
heap
|
page read and write
|
||
7A1000
|
heap
|
page read and write
|
||
3DBA0000
|
heap
|
page read and write
|
||
7BE000
|
heap
|
page read and write
|
||
297E000
|
stack
|
page read and write
|
||
B40000
|
trusted library allocation
|
page read and write
|
||
7F060000
|
trusted library allocation
|
page execute and read and write
|
||
4B90000
|
heap
|
page read and write
|
||
25F5000
|
trusted library allocation
|
page read and write
|
||
4B50000
|
trusted library allocation
|
page read and write
|
||
3D990000
|
trusted library allocation
|
page read and write
|
||
5241000
|
trusted library allocation
|
page read and write
|
||
B24000
|
trusted library allocation
|
page read and write
|
||
2A7E000
|
stack
|
page read and write
|
||
3D6DF000
|
stack
|
page read and write
|
||
4B93000
|
heap
|
page read and write
|
||
F20000
|
trusted library allocation
|
page read and write
|
||
5030000
|
trusted library allocation
|
page read and write
|
||
53F7000
|
heap
|
page read and write
|
||
73E000
|
heap
|
page read and write
|
||
4B30000
|
trusted library allocation
|
page read and write
|
||
4BDB000
|
heap
|
page read and write
|
||
1031000
|
heap
|
page read and write
|
||
286E000
|
trusted library allocation
|
page read and write
|
||
2838000
|
trusted library allocation
|
page read and write
|
||
35D1000
|
trusted library allocation
|
page read and write
|
||
352000
|
unkown
|
page readonly
|
||
536B000
|
heap
|
page read and write
|
||
26C1000
|
trusted library allocation
|
page read and write
|
||
B57000
|
trusted library allocation
|
page execute and read and write
|
||
9B0000
|
heap
|
page read and write
|
||
5211000
|
trusted library allocation
|
page read and write
|
||
1043000
|
heap
|
page read and write
|
||
3D9D0000
|
trusted library allocation
|
page read and write
|
||
5000000
|
trusted library allocation
|
page execute and read and write
|
||
28A0000
|
trusted library allocation
|
page read and write
|
||
4CCE000
|
stack
|
page read and write
|
||
B70000
|
trusted library allocation
|
page read and write
|
||
2876000
|
trusted library allocation
|
page read and write
|
||
3D590000
|
trusted library allocation
|
page execute and read and write
|
||
51F6000
|
trusted library allocation
|
page read and write
|
||
55A0000
|
trusted library allocation
|
page read and write
|
||
51CE000
|
stack
|
page read and write
|
||
285B000
|
trusted library allocation
|
page read and write
|
||
F10000
|
trusted library allocation
|
page read and write
|
||
E70000
|
heap
|
page read and write
|
||
47AD000
|
stack
|
page read and write
|
||
4B60000
|
trusted library allocation
|
page execute and read and write
|
||
1025000
|
heap
|
page read and write
|
||
285D000
|
trusted library allocation
|
page read and write
|
||
45D8000
|
trusted library allocation
|
page read and write
|
||
B2D000
|
trusted library allocation
|
page execute and read and write
|
||
3EB000
|
stack
|
page read and write
|
||
F5B000
|
trusted library allocation
|
page execute and read and write
|
||
77DF000
|
stack
|
page read and write
|
||
55B0000
|
trusted library allocation
|
page read and write
|
||
5120000
|
trusted library allocation
|
page read and write
|
||
B80000
|
trusted library allocation
|
page execute and read and write
|
||
5360000
|
heap
|
page read and write
|
||
440000
|
remote allocation
|
page execute and read and write
|
||
24CE000
|
stack
|
page read and write
|
||
4B70000
|
trusted library allocation
|
page execute and read and write
|
||
3C4D000
|
trusted library allocation
|
page read and write
|
||
4DDE000
|
stack
|
page read and write
|
||
359000
|
unkown
|
page readonly
|
||
4DCE000
|
stack
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
3D81F000
|
stack
|
page read and write
|
||
ABF000
|
stack
|
page read and write
|
||
B90000
|
trusted library allocation
|
page read and write
|
||
1063000
|
heap
|
page read and write
|
||
4B10000
|
trusted library allocation
|
page read and write
|
||
3D53000
|
trusted library allocation
|
page read and write
|
||
4CD0000
|
trusted library allocation
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
282A000
|
trusted library allocation
|
page read and write
|
||
4CBE000
|
stack
|
page read and write
|
||
3D85E000
|
stack
|
page read and write
|
||
4C7E000
|
stack
|
page read and write
|
||
2480000
|
heap
|
page execute and read and write
|
||
5090000
|
trusted library allocation
|
page execute and read and write
|
||
546D000
|
trusted library allocation
|
page read and write
|
||
5560000
|
trusted library allocation
|
page execute and read and write
|
||
875000
|
heap
|
page read and write
|
||
5230000
|
trusted library allocation
|
page read and write
|
||
4445000
|
trusted library allocation
|
page read and write
|
||
3C49000
|
trusted library allocation
|
page read and write
|
||
5040000
|
trusted library allocation
|
page read and write
|
||
2874000
|
trusted library allocation
|
page read and write
|
||
283A000
|
trusted library allocation
|
page read and write
|
||
F8B000
|
heap
|
page read and write
|
||
4CD5000
|
trusted library allocation
|
page read and write
|
||
283C000
|
trusted library allocation
|
page read and write
|
||
5050000
|
trusted library allocation
|
page read and write
|
||
50A0000
|
trusted library allocation
|
page read and write
|
||
4447000
|
trusted library allocation
|
page read and write
|
||
F3D000
|
trusted library allocation
|
page execute and read and write
|
||
E60000
|
heap
|
page read and write
|
||
99DE000
|
stack
|
page read and write
|
||
5010000
|
trusted library allocation
|
page read and write
|
||
730000
|
heap
|
page read and write
|
||
2844000
|
trusted library allocation
|
page read and write
|
||
F46000
|
trusted library allocation
|
page execute and read and write
|
||
B4A000
|
trusted library allocation
|
page execute and read and write
|
||
B42000
|
trusted library allocation
|
page read and write
|
||
520E000
|
trusted library allocation
|
page read and write
|
||
FB4000
|
heap
|
page read and write
|
||
F3B000
|
trusted library allocation
|
page read and write
|
||
54F0000
|
trusted library allocation
|
page read and write
|
||
B33000
|
trusted library allocation
|
page read and write
|
||
4FB0000
|
trusted library allocation
|
page read and write
|
||
25D1000
|
trusted library allocation
|
page read and write
|
||
771000
|
heap
|
page read and write
|
||
E65000
|
heap
|
page read and write
|
||
B55000
|
trusted library allocation
|
page execute and read and write
|
||
860000
|
heap
|
page read and write
|
||
2889000
|
trusted library allocation
|
page read and write
|
||
287B000
|
trusted library allocation
|
page read and write
|
||
539D000
|
heap
|
page read and write
|
||
98DD000
|
stack
|
page read and write
|
||
D37000
|
stack
|
page read and write
|
||
51E0000
|
trusted library allocation
|
page read and write
|
||
252000
|
unkown
|
page readonly
|
||
1210000
|
trusted library allocation
|
page execute and read and write
|
||
76F000
|
heap
|
page read and write
|
||
50C0000
|
trusted library allocation
|
page execute and read and write
|
||
EE0000
|
heap
|
page read and write
|
||
5202000
|
trusted library allocation
|
page read and write
|
||
4B95000
|
heap
|
page read and write
|
||
70000
|
unkown
|
page readonly
|
||
5460000
|
trusted library allocation
|
page read and write
|
||
7EFE0000
|
trusted library allocation
|
page execute and read and write
|
||
74B0000
|
trusted library allocation
|
page read and write
|
||
6F7000
|
stack
|
page read and write
|
||
3D51000
|
trusted library allocation
|
page read and write
|
||
51D0000
|
trusted library section
|
page read and write
|
||
870000
|
heap
|
page read and write
|
||
5490000
|
trusted library allocation
|
page read and write
|
||
3D9C0000
|
trusted library allocation
|
page read and write
|
||
288D000
|
trusted library allocation
|
page read and write
|
||
53FC000
|
heap
|
page read and write
|
||
4FC0000
|
trusted library allocation
|
page execute and read and write
|
||
51EB000
|
trusted library allocation
|
page read and write
|
||
4B40000
|
trusted library allocation
|
page read and write
|
||
F42000
|
trusted library allocation
|
page read and write
|
||
283E000
|
trusted library allocation
|
page read and write
|
||
4C07000
|
heap
|
page read and write
|
||
5060000
|
trusted library allocation
|
page read and write
|
||
3D994000
|
trusted library allocation
|
page read and write
|
||
B3D000
|
trusted library allocation
|
page execute and read and write
|
||
F2D000
|
trusted library allocation
|
page execute and read and write
|
||
53F0000
|
heap
|
page read and write
|
||
F80000
|
heap
|
page read and write
|
||
293E000
|
stack
|
page read and write
|
||
4B98000
|
heap
|
page read and write
|
||
53E7000
|
heap
|
page read and write
|
||
764000
|
heap
|
page read and write
|
||
25E5000
|
trusted library allocation
|
page read and write
|
||
5580000
|
trusted library allocation
|
page read and write
|
||
4FF0000
|
trusted library allocation
|
page read and write
|
||
B5B000
|
trusted library allocation
|
page execute and read and write
|
||
2460000
|
heap
|
page read and write
|
||
51F1000
|
trusted library allocation
|
page read and write
|
||
AFE000
|
stack
|
page read and write
|
||
F4A000
|
trusted library allocation
|
page execute and read and write
|
||
46AC000
|
stack
|
page read and write
|
||
5550000
|
trusted library allocation
|
page execute and read and write
|
||
F30000
|
trusted library allocation
|
page read and write
|
||
F24000
|
trusted library allocation
|
page read and write
|
||
54D0000
|
trusted library allocation
|
page execute and read and write
|
||
3D5DE000
|
stack
|
page read and write
|
||
5070000
|
trusted library allocation
|
page execute and read and write
|
||
C3C000
|
stack
|
page read and write
|
||
FE8000
|
heap
|
page read and write
|
||
F57000
|
trusted library allocation
|
page execute and read and write
|
||
1220000
|
heap
|
page read and write
|
||
3D9B5000
|
trusted library allocation
|
page read and write
|
||
5250000
|
heap
|
page execute and read and write
|
||
2AFC000
|
stack
|
page read and write
|
||
B36000
|
trusted library allocation
|
page read and write
|
||
B10000
|
trusted library allocation
|
page read and write
|
||
2840000
|
trusted library allocation
|
page read and write
|
||
285F000
|
trusted library allocation
|
page read and write
|
||
B46000
|
trusted library allocation
|
page execute and read and write
|
||
3C41000
|
trusted library allocation
|
page read and write
|
||
B20000
|
trusted library allocation
|
page read and write
|
||
4FE0000
|
trusted library allocation
|
page read and write
|
||
4B25000
|
trusted library allocation
|
page read and write
|
||
102F000
|
heap
|
page read and write
|
||
3D9C6000
|
trusted library allocation
|
page read and write
|
||
288B000
|
trusted library allocation
|
page read and write
|
||
2B10000
|
heap
|
page read and write
|
||
F40000
|
trusted library allocation
|
page read and write
|
||
2861000
|
trusted library allocation
|
page read and write
|
||
F23000
|
trusted library allocation
|
page execute and read and write
|
||
B52000
|
trusted library allocation
|
page read and write
|
||
3D71E000
|
stack
|
page read and write
|
||
5464000
|
trusted library allocation
|
page read and write
|
||
3D970000
|
trusted library allocation
|
page read and write
|
||
50B0000
|
trusted library allocation
|
page read and write
|
||
72000
|
unkown
|
page readonly
|
There are 234 hidden memdumps, click here to show them.