Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Purchase Order.exe

"C:\Users\user\Desktop\Purchase Order.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7744
Target ID:	0
Parent PID:	3968
Name:	Purchase Order.exe
Path:	C:\Users\user\Desktop\Purchase Order.exe
Commandline:	"C:\Users\user\Desktop\Purchase Order.exe"
Size:	1103359
MD5:	231E4C689B7B4A7B7DDD4AA4CEFB8C25
Time:	10:26:14
Date:	03/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	716800
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Users\user\Desktop\Purchase Order.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7836
Target ID:	2
Parent PID:	7744
Name:	RegSvcs.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Commandline:	"C:\Users\user\Desktop\Purchase Order.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	10:26:18
Date:	03/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xc10000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"

Details

Is windows:	false
Is dropped:	true
PID:	8136
Target ID:	4
Parent PID:	3968
Name:	BjTxJte.exe
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	10:26:31
Date:	03/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x8d0000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7412
Target ID:	6
Parent PID:	3968
Name:	BjTxJte.exe
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	10:26:39
Date:	03/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xa80000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Hides that the sample has been downloaded from the Internet (zone.identifier)	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	8148
Target ID:	5
Parent PID:	8136
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	10:26:31
Date:	03/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff620390000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7432
Target ID:	7
Parent PID:	7412
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	10:26:39
Date:	03/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff620390000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://api.ipify.org/

104.26.12.205

Details

Name:	https://api.ipify.org/
IP:	104.26.12.205
TargetID:	2
From Memory:	false
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
IP address seen in connection with other malware	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://api.ipify.org

unknown

Details

Name:	https://api.ipify.org
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\Purchase Order.exe
Source:	Purchase Order.exe, 00000000.00000002.1438729227.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3863395024.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003091000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://r10.o.lencr.org0#

unknown

Details

Name:	http://r10.o.lencr.org0#
TargetID:	2
From Memory:	true
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	RegSvcs.exe, 00000002.00000002.3865598480.000000000320A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869521309.00000000063CB000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874740668.0000000007D41000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869102028.000000000631E000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003515000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000030DB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000314E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874652307.0000000007D16000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874888683.0000000007D65000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000035AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874568457.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3864191426.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000339A000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://account.dyn.com/

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://x1.c.lencr.org/0

unknown

Details

Name:	http://x1.c.lencr.org/0
TargetID:	2
From Memory:	true
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	RegSvcs.exe, 00000002.00000002.3875115990.0000000007DA8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000320A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869521309.00000000063CB000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874740668.0000000007D41000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869062726.0000000006312000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869102028.000000000631E000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869311154.0000000006395000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003515000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874652307.0000000007D16000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000035AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3863857435.00000000011A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3864191426.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000339A000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://x1.i.lencr.org/0

unknown

Details

Name:	http://x1.i.lencr.org/0
TargetID:	2
From Memory:	true
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	RegSvcs.exe, 00000002.00000002.3875115990.0000000007DA8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000320A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869521309.00000000063CB000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874740668.0000000007D41000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869062726.0000000006312000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869102028.000000000631E000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869311154.0000000006395000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003515000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874652307.0000000007D16000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000035AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3863857435.00000000011A2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3864191426.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000339A000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://mail.starmech.net

unknown

Details

Name:	http://mail.starmech.net
TargetID:	2
From Memory:	true
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	RegSvcs.exe, 00000002.00000002.3865598480.000000000320A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000031C0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003515000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003500000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003479000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000035AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000339A000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://r10.i.lencr.org/0W

unknown

Details

Name:	http://r10.i.lencr.org/0W
TargetID:	2
From Memory:	true
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	RegSvcs.exe, 00000002.00000002.3865598480.000000000320A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869521309.00000000063CB000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874740668.0000000007D41000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3869102028.000000000631E000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.0000000003515000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000030DB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000314E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874652307.0000000007D16000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874888683.0000000007D65000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.00000000035AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3874568457.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3864191426.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3865598480.000000000339A000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

mail.starmech.net

207.174.215.249

Details

Name:	mail.starmech.net
IP:	207.174.215.249
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

api.ipify.org

104.26.12.205

Details

Name:	api.ipify.org
IP:	104.26.12.205
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

56.163.245.4.in-addr.arpa

unknown

198.187.3.20.in-addr.arpa

unknown

IPs

Domain

Country

Malicious

207.174.215.249

mail.starmech.net

United States

Details

IP:	207.174.215.249
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	United States
Countrycode:	USA
ASN number:	394695
ASN name:	PUBLIC-DOMAIN-REGISTRYUS
Private:	false
Domain:	mail.starmech.net

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

104.26.12.205

api.ipify.org

United States

Details

IP:	104.26.12.205
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	api.ipify.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

FileDirectory

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

BjTxJte

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run

BjTxJte

There are 7 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

402000

system

page execute and read and write

30DB000

trusted library allocation

page read and write

2EC0000

direct allocation

page read and write

2F60000

trusted library allocation

page read and write

3FA2000

heap

page read and write

40F7000

trusted library allocation

page read and write

7DA8000

heap

page read and write

15A0000

heap

page read and write

7F60000

trusted library allocation

page read and write

3F31000

trusted library allocation

page read and write

A40000

heap

page read and write

1154000

heap

page read and write

88EF000

trusted library allocation

page read and write

106E000

stack

page read and write

3FE8000

heap

page read and write

109B000

trusted library allocation

page execute and read and write

3FA2000

heap

page read and write

5070000

trusted library allocation

page read and write

AAE000

heap

page read and write

2A10000

trusted library allocation

page execute and read and write

334A000

trusted library allocation

page read and write

3455000

trusted library allocation

page read and write

8921000

trusted library allocation

page read and write

42D8000

trusted library allocation

page read and write

4197000

trusted library allocation

page read and write

3FE8000

heap

page read and write

4AB000

unkown

page readonly

97B9000

trusted library allocation

page read and write

6900000

trusted library allocation

page read and write

1063000

trusted library allocation

page execute and read and write

47C9000

direct allocation

page read and write

3FA2000

heap

page read and write

3FE8000

heap

page read and write

68DE000

stack

page read and write

8903000

trusted library allocation

page read and write

3FE8000

heap

page read and write

68F0000

trusted library allocation

page read and write

1146000

heap

page read and write

41B7000

trusted library allocation

page read and write

1166000

heap

page read and write

4500000

direct allocation

page read and write

6966000

trusted library allocation

page read and write

16B0000

heap

page read and write

41D7000

trusted library allocation

page read and write

3FA2000

heap

page read and write

1440000

trusted library allocation

page read and write

890D000

trusted library allocation

page read and write

CCDF000

stack

page read and write

583C000

stack

page read and write

3FE8000

heap

page read and write

3376000

trusted library allocation

page read and write

2F11000

heap

page read and write

1130000

heap

page read and write

15E000

stack

page read and write

52DE000

stack

page read and write

169F000

stack

page read and write

96C000

stack

page read and write

3FA2000

heap

page read and write

1138000

heap

page read and write

3FE8000

heap

page read and write

6970000

trusted library allocation

page execute and read and write

41F7000

trusted library allocation

page read and write

4623000

direct allocation

page read and write

6A70000

trusted library allocation

page read and write

3E02000

heap

page read and write

483E000

direct allocation

page read and write

AA0000

heap

page read and write

DF8000

heap

page read and write

1460000

trusted library allocation

page read and write

63BE000

heap

page read and write

53DE000

stack

page read and write

320A000

trusted library allocation

page read and write

19E000

stack

page read and write

1150000

heap

page read and write

2C10000

heap

page execute and read and write

100E000

stack

page read and write

42F8000

trusted library allocation

page read and write

14A0000

trusted library allocation

page read and write

1490000

trusted library allocation

page execute and read and write

3091000

trusted library allocation

page read and write

46A0000

direct allocation

page read and write

1462000

trusted library allocation

page read and write

63CB000

heap

page read and write

E1B000

heap

page read and write

502E000

stack

page read and write

6A5C000

stack

page read and write

88FE000

trusted library allocation

page read and write

3BCF000

stack

page read and write

3FE8000

heap

page read and write

47CD000

direct allocation

page read and write

3FE8000

heap

page read and write

3FA2000

heap

page read and write

6300000

heap

page read and write

129E000

stack

page read and write

47CD000

direct allocation

page read and write

10E0000

heap

page read and write

143D000

trusted library allocation

page execute and read and write

1456000

trusted library allocation

page execute and read and write

3FA2000

heap

page read and write

3FE8000

heap

page read and write

11B9000

heap

page read and write

1010000

heap

page read and write

1050000

heap

page read and write

31C0000

trusted library allocation

page read and write

7D41000

heap

page read and write

46A0000

direct allocation

page read and write

146B000

trusted library allocation

page execute and read and write

46A0000

direct allocation

page read and write

7010000

heap

page read and write

1055000

heap

page read and write

2974000

trusted library allocation

page read and write

BD0000

heap

page read and write

89F000

stack

page read and write

88EA000

trusted library allocation

page read and write

46A0000

direct allocation

page read and write

401000

unkown

page execute read

7CE0000

heap

page read and write

1175000

heap

page read and write

106D000

trusted library allocation

page execute and read and write

6312000

heap

page read and write

7020000

heap

page read and write

6A1F000

stack

page read and write

7FD90000

trusted library allocation

page execute and read and write

3FA2000

heap

page read and write

4217000

trusted library allocation

page read and write

3FE8000

heap

page read and write

980000

heap

page read and write

4177000

trusted library allocation

page read and write

3FA2000

heap

page read and write

404A000

heap

page read and write

97B6000

trusted library allocation

page read and write

154C000

stack

page read and write

62EE000

heap

page read and write

4623000

direct allocation

page read and write

6DDC000

stack

page read and write

B80000

heap

page read and write

B6DE000

stack

page read and write

404A000

heap

page read and write

490000

unkown

page write copy

E28000

heap

page read and write

4D1D000

stack

page read and write

3FE8000

heap

page read and write

10DB000

stack

page read and write

3FE8000

heap

page read and write

3FA2000

heap

page read and write

10E0000

trusted library allocation

page read and write

35F4000

trusted library allocation

page read and write

631E000

heap

page read and write

1064000

trusted library allocation

page read and write

400000

unkown

page readonly

4137000

trusted library allocation

page read and write

8D0000

unkown

page readonly

2F32000

trusted library allocation

page read and write

1580000

trusted library allocation

page execute and read and write

400000

system

page execute and read and write

6395000

heap

page read and write

6E20000

heap

page read and write

29A7000

trusted library allocation

page execute and read and write

31BE000

trusted library allocation

page read and write

3FA2000

heap

page read and write

112E000

stack

page read and write

2F2B000

trusted library allocation

page read and write

1191000

heap

page read and write

10A0000

heap

page read and write

A70000

heap

page read and write

3FE8000

heap

page read and write

62E0000

heap

page read and write

1010000

heap

page read and write

1074000

trusted library allocation

page read and write

3F51000

heap

page read and write

42B7000

trusted library allocation

page read and write

561E000

stack

page read and write

3FE8000

heap

page read and write

572E000

stack

page read and write

1090000

trusted library allocation

page read and write

893A000

trusted library allocation

page read and write

EF9000

stack

page read and write

37CE000

stack

page read and write

47C9000

direct allocation

page read and write

11BA000

heap

page read and write

30C2000

trusted library allocation

page read and write

3BDB000

heap

page read and write

3515000

trusted library allocation

page read and write

29AB000

trusted library allocation

page execute and read and write

3FA2000

heap

page read and write

562E000

stack

page read and write

7D9A000

heap

page read and write

3FE8000

heap

page read and write

297D000

trusted library allocation

page execute and read and write

2F10000

heap

page read and write

527E000

stack

page read and write

3FE8000

heap

page read and write

4623000

direct allocation

page read and write

2F20000

trusted library allocation

page read and write

1118000

heap

page read and write

4AB000

unkown

page readonly

3108000

trusted library allocation

page read and write

B1C000

stack

page read and write

16E0000

heap

page read and write

3FE8000

heap

page read and write

597C000

stack

page read and write

314E000

trusted library allocation

page read and write

3FE8000

heap

page read and write

32AB000

trusted library allocation

page read and write

F2E000

stack

page read and write

483E000

direct allocation

page read and write

47C9000

direct allocation

page read and write

3FE8000

heap

page read and write

3FE8000

heap

page read and write

3FE8000

heap

page read and write

5A7C000

stack

page read and write

6910000

trusted library allocation

page read and write

7D91000

heap

page read and write

145A000

trusted library allocation

page execute and read and write

2F80000

heap

page execute and read and write

522E000

stack

page read and write

3FA2000

heap

page read and write

29C0000

trusted library allocation

page read and write

2984000

trusted library allocation

page read and write

1090000

trusted library allocation

page read and write

3F97000

heap

page read and write

1480000

trusted library allocation

page read and write

47CD000

direct allocation

page read and write

7D16000

heap

page read and write

6377000

heap

page read and write

9DE000

stack

page read and write

ADB000

heap

page read and write

400000

unkown

page readonly

669E000

stack

page read and write

629E000

stack

page read and write

402A000

heap

page read and write

541E000

stack

page read and write

67DE000

stack

page read and write

10D0000

trusted library allocation

page read and write

2F4D000

trusted library allocation

page read and write

3FA1000

heap

page read and write

4117000

trusted library allocation

page read and write

DE0000

heap

page read and write

8A4000

stack

page read and write

679D000

stack

page read and write

2F00000

trusted library allocation

page read and write

6E10000

trusted library allocation

page execute and read and write

655D000

stack

page read and write

54AE000

stack

page read and write

13E0000

heap

page read and write

47C9000

direct allocation

page read and write

7D65000

heap

page read and write

2F3E000

trusted library allocation

page read and write

665F000

stack

page read and write

1148000

heap

page read and write

32D7000

trusted library allocation

page read and write

1060000

heap

page read and write

2F05000

heap

page read and write

11A6000

heap

page read and write

483E000

direct allocation

page read and write

3FA2000

heap

page read and write

2DEE000

stack

page read and write

5640000

heap

page read and write

593E000

stack

page read and write

6C9E000

stack

page read and write

B7DE000

stack

page read and write

CF9000

stack

page read and write

1434000

trusted library allocation

page read and write

5630000

heap

page execute and read and write

2F10000

heap

page read and write

1040000

trusted library allocation

page read and write

3142000

trusted library allocation

page read and write

8908000

trusted library allocation

page read and write

32FB000

trusted library allocation

page read and write

55EF000

stack

page read and write

1080000

heap

page read and write

4297000

trusted library allocation

page read and write

16EA000

heap

page read and write

7CDB000

stack

page read and write

4257000

trusted library allocation

page read and write

3FE8000

heap

page read and write

6367000

heap

page read and write

6917000

trusted library allocation

page read and write

3EE0000

heap

page read and write

29A0000

trusted library allocation

page read and write

117F000

heap

page read and write

3FA2000

heap

page read and write

144D000

trusted library allocation

page execute and read and write

1660000

trusted library allocation

page read and write

2973000

trusted library allocation

page execute and read and write

3FE8000

heap

page read and write

1085000

heap

page read and write

16AC000

stack

page read and write

3587000

trusted library allocation

page read and write

2960000

trusted library allocation

page read and write

4157000

trusted library allocation

page read and write

4500000

direct allocation

page read and write

891C000

trusted library allocation

page read and write

30CB000

trusted library allocation

page read and write

115A000

heap

page read and write

6CDB000

stack

page read and write

3FA2000

heap

page read and write

31FE000

trusted library allocation

page read and write

298D000

trusted library allocation

page execute and read and write

5110000

trusted library allocation

page execute and read and write

4025000

heap

page read and write

5098000

trusted library allocation

page read and write

71D0000

heap

page read and write

2F31000

trusted library allocation

page read and write

3FA2000

heap

page read and write

2F70000

trusted library allocation

page read and write

1C0000

heap

page read and write

2F2E000

trusted library allocation

page read and write

3F50000

heap

page read and write

88F4000

trusted library allocation

page read and write

165B000

stack

page read and write

7D6C000

heap

page read and write

4031000

heap

page read and write

4398000

trusted library allocation

page read and write

3084000

heap

page read and write

2E20000

heap

page execute and read and write

14B4000

heap

page read and write

355C000

trusted library allocation

page read and write

6C5E000

stack

page read and write

2F85000

heap

page read and write

ADA000

heap

page read and write

2C21000

trusted library allocation

page read and write

3F03000

heap

page read and write

483E000

direct allocation

page read and write

AAA000

heap

page read and write

3FA2000

heap

page read and write

3FA2000

heap

page read and write

3F03000

heap

page read and write

3500000

trusted library allocation

page read and write

AD3000

heap

page read and write

14B0000

heap

page read and write

482000

unkown

page readonly

30CF000

trusted library allocation

page read and write

3FE8000

heap

page read and write

2FA4000

heap

page read and write

46A0000

direct allocation

page read and write

DA8000

stack

page read and write

4358000

trusted library allocation

page read and write

ADA000

heap

page read and write

3FA2000

heap

page read and write

9D0000

heap

page read and write

482000

unkown

page readonly

2F46000

trusted library allocation

page read and write

43E000

system

page execute and read and write

690D000

trusted library allocation

page read and write

7D0C000

heap

page read and write

4237000

trusted library allocation

page read and write

7D5E000

heap

page read and write

3FA2000

heap

page read and write

3FA2000

heap

page read and write

110000

heap

page read and write

1070000

trusted library allocation

page read and write

3FE8000

heap

page read and write

1616000

heap

page read and write

43B8000

trusted library allocation

page read and write

3FA2000

heap

page read and write

54E0000

heap

page execute and read and write

47CD000

direct allocation

page read and write

3FE8000

heap

page read and write

100000

heap

page read and write

2EFC000

stack

page read and write

3DCB000

heap

page read and write

8926000

trusted library allocation

page read and write

3FA2000

heap

page read and write

3E06000

heap

page read and write

30D7000

trusted library allocation

page read and write

2F00000

heap

page read and write

8912000

trusted library allocation

page read and write

1A0000

heap

page read and write

10C0000

trusted library allocation

page execute and read and write

4500000

direct allocation

page read and write

551F000

stack

page read and write

1467000

trusted library allocation

page execute and read and write

1097000

trusted library allocation

page execute and read and write

7DF2000

heap

page read and write

47C9000

direct allocation

page read and write

3FE8000

heap

page read and write

6980000

trusted library allocation

page execute and read and write

8935000

trusted library allocation

page read and write

34FE000

trusted library allocation

page read and write

55BC000

stack

page read and write

695D000

stack

page read and write

3FE8000

heap

page read and write

3FE8000

heap

page read and write

3146000

trusted library allocation

page read and write

47CD000

direct allocation

page read and write

6A60000

trusted library allocation

page read and write

5ABC000

stack

page read and write

9E0000

heap

page read and write

3429000

trusted library allocation

page read and write

6960000

trusted library allocation

page read and write

9A000

stack

page read and write

3FE8000

heap

page read and write

4623000

direct allocation

page read and write

2B2E000

stack

page read and write

3FA2000

heap

page read and write

4355000

heap

page read and write

DE5000

heap

page read and write

4378000

trusted library allocation

page read and write

7CF6000

heap

page read and write

4623000

direct allocation

page read and write

3FA2000

heap

page read and write

3479000

trusted library allocation

page read and write

1610000

heap

page read and write

1A5000

heap

page read and write

3FE8000

heap

page read and write

1450000

trusted library allocation

page read and write

35AD000

trusted library allocation

page read and write

1300000

heap

page read and write

3FE8000

heap

page read and write

4A7000

unkown

page read and write

160E000

stack

page read and write

7D4A000

heap

page read and write

15CD000

stack

page read and write

3FA2000

heap

page read and write

3FA2000

heap

page read and write

71E0000

trusted library allocation

page read and write

4500000

direct allocation

page read and write

3D50000

heap

page read and write

14C0000

heap

page read and write

BCE000

stack

page read and write

1100000

trusted library allocation

page execute and read and write

1420000

trusted library allocation

page read and write

30D3000

trusted library allocation

page read and write

97BE000

trusted library allocation

page read and write

105C000

stack

page read and write

3EC9000

heap

page read and write

1433000

trusted library allocation

page execute and read and write

4500000

direct allocation

page read and write

4338000

trusted library allocation

page read and write

CAA000

stack

page read and write

310A000

trusted library allocation

page read and write

9F0000

heap

page read and write

102F000

stack

page read and write

3080000

heap

page read and write

4091000

trusted library allocation

page read and write

119E000

heap

page read and write

88E6000

trusted library allocation

page read and write

4623000

direct allocation

page read and write

8917000

trusted library allocation

page read and write

46A0000

direct allocation

page read and write

5BE0000

heap

page read and write

4500000

direct allocation

page read and write

8DA000

unkown

page readonly

401000

unkown

page execute read

314A000

trusted library allocation

page read and write

517E000

stack

page read and write

3F39000

heap

page read and write

308E000

stack

page read and write

3C21000

trusted library allocation

page read and write

5B3E000

stack

page read and write

1465000

trusted library allocation

page execute and read and write

14C7000

heap

page read and write

4318000

trusted library allocation

page read and write

6362000

heap

page read and write

3FA2000

heap

page read and write

2F41000

trusted library allocation

page read and write

1452000

trusted library allocation

page read and write

3DF2000

heap

page read and write

8D2000

unkown

page readonly

313E000

trusted library allocation

page read and write

88F9000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

47CD000

direct allocation

page read and write

4277000

trusted library allocation

page read and write

6C1C000

stack

page read and write

2C0C000

stack

page read and write

401D000

heap

page read and write

12D0000

trusted library allocation

page read and write

3FA2000

heap

page read and write

490000

unkown

page read and write

6E00000

trusted library allocation

page read and write

40B9000

trusted library allocation

page read and write

440A000

heap

page read and write

150F000

stack

page read and write

5290000

heap

page execute and read and write

2F2E000

stack

page read and write

11A2000

heap

page read and write

483E000

direct allocation

page read and write

68F8000

trusted library allocation

page read and write

13DC000

stack

page read and write

546F000

stack

page read and write

1070000

heap

page read and write

E14000

heap

page read and write

DF0000

heap

page read and write

483E000

direct allocation

page read and write

140F000

stack

page read and write

3FE8000

heap

page read and write

47C9000

direct allocation

page read and write

5AFE000

stack

page read and write

43D8000

trusted library allocation

page read and write

11AF000

stack

page read and write

7CFA000

heap

page read and write

2A20000

heap

page read and write

3F03000

heap

page read and write

107D000

trusted library allocation

page execute and read and write

E67000

heap

page read and write

11A9000

heap

page read and write

1430000

trusted library allocation

page read and write

3FA2000

heap

page read and write

11F0000

heap

page read and write

339A000

trusted library allocation

page read and write

5060000

trusted library allocation

page read and write

3FA2000

heap

page read and write

7CEE000

heap

page read and write

1110000

heap

page read and write

3FA2000

heap

page read and write

113B000

heap

page read and write

402D000

heap

page execute and read and write

3FE8000

heap

page read and write

2980000

trusted library allocation

page read and write

892B000

trusted library allocation

page read and write

88F000

stack

page read and write

8930000

trusted library allocation

page read and write

2A0E000

stack

page read and write

1145000

heap

page read and write

A1E000

stack

page read and write

There are 507 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Purchase Order.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPurchase Order.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Purchase Order.exe