Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll

Details

Is windows:	true
Is dropped:	false
PID:	5400
Target ID:	3
Parent PID:	6160
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\regsvr32.exe
Commandline:	regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll
Size:	20992
MD5:	878E47C8656E53AE8A8A21E927C6F7E0
Time:	07:06:24
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x3b0000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Registers a DLL	Data Obfuscation	Regsvr32
Sigma detected: Network Connection Initiated By Regsvr32.EXE	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll"

Details

Is windows:	true
Is dropped:	false
PID:	6160
Target ID:	0
Parent PID:	1028
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	07:06:24
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x4c0000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6380
Target ID:	1
Parent PID:	6160
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	07:06:24
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	6164
Target ID:	2
Parent PID:	6160
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	07:06:24
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x790000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	5424
Target ID:	4
Parent PID:	6164
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	07:06:24
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x6a0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall

Details

Is windows:	true
Is dropped:	false
PID:	6100
Target ID:	5
Parent PID:	6160
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	07:06:24
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x6a0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer

Details

Is windows:	true
Is dropped:	false
PID:	1240
Target ID:	7
Parent PID:	6160
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	07:06:27
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x6a0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer

Details

Is windows:	true
Is dropped:	false
PID:	6504
Target ID:	8
Parent PID:	6160
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	07:06:30
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x6a0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml

76.223.105.230

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml

76.223.105.230

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)

unknown

https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)

unknown

https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml1

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)

unknown

https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)

unknown

https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlF

unknown

https://img1.wsimg.com

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)

unknown

https://isteam.wsimg.com

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)

unknown

https://manageintel.com/s

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlS

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof__

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlc

unknown

https://github.com/clauseggers/Playfair-Display)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmla

unknown

https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)

unknown

https://manageintel.com/O

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)

unknown

https://manageintel.com/V

unknown

https://manageintel.com/=

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)

unknown

https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)

unknown

https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlP

unknown

https://manageintel.com/tificate

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlS

unknown

https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)

unknown

https://manageintel.com/(

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlD

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)

unknown

http://ocsp.sectigo.com0

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)

unknown

https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmls

unknown

https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlc

unknown

https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)

unknown

https://manageintel.com/Host:

unknown

https://sectigo.com/CPS0D

unknown

https://github.com/JulietaUla/Montserrat)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmly

unknown

https://manageintel.com/ot

unknown

https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)

unknown

https://sectigo.com/CPS0

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmls

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlertificates

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)

unknown

https://manageintel.com/404

unknown

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

unknown

https://manageintel.com/cies

unknown

https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y

unknown

https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlFindOIDInfo

unknown

https://img1.wsimg.com/isteam/videos/uA41GmyyG8IMaxXdb

unknown

https://manageintel.com/S_1

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

manageintel.com

76.223.105.230

Details

Name:	manageintel.com
IP:	76.223.105.230
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
HTTP GET or POST without a user agent	Networking
Sigma detected: Network Connection Initiated By Regsvr32.EXE	System Summary
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

76.223.105.230

manageintel.com

United States

Details

IP:	76.223.105.230
TargetID:	3
Current Path:	C:\Windows\SysWOW64\regsvr32.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	manageintel.com

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Network Connection Initiated By Regsvr32.EXE	System Summary
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

10CD000

heap

page read and write

4FAE000

stack

page read and write

2EFC000

heap

page read and write

2DD4000

heap

page read and write

4751000

heap

page read and write

2F01000

heap

page read and write

2EA8000

heap

page read and write

4751000

heap

page read and write

2C3C000

stack

page read and write

2F10000

heap

page read and write

2D4D000

heap

page read and write

BE0000

heap

page read and write

4F70000

remote allocation

page read and write

2D20000

heap

page read and write

2D67000

heap

page read and write

4EBE000

stack

page read and write

2DB0000

heap

page read and write

421F000

stack

page read and write

13AF000

stack

page read and write

4EFF000

stack

page read and write

488E000

stack

page read and write

4751000

heap

page read and write

2F2C000

heap

page read and write

2EA8000

heap

page read and write

306A000

heap

page read and write

2C3B000

stack

page read and write

2D45000

heap

page read and write

2C79000

stack

page read and write

2D3D000

heap

page read and write

2EBC000

heap

page read and write

10C7000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

EFC000

stack

page read and write

4770000

heap

page read and write

2EE1000

heap

page read and write

2EAF000

heap

page read and write

2F01000

heap

page read and write

4751000

heap

page read and write

2DD4000

heap

page read and write

2EB0000

heap

page read and write

2DD4000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2D4D000

heap

page read and write

4751000

heap

page read and write

4750000

heap

page read and write

2C39000

stack

page read and write

1000000

heap

page read and write

2DD4000

heap

page read and write

2D2A000

heap

page read and write

2F3B000

heap

page read and write

4751000

heap

page read and write

2EBD000

heap

page read and write

2D4A000

heap

page read and write

2D9A000

heap

page read and write

2F01000

heap

page read and write

2CD0000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

48F4000

heap

page read and write

2EAF000

heap

page read and write

2710000

heap

page read and write

2D4D000

heap

page read and write

2EE1000

heap

page read and write

29C0000

heap

page read and write

10015000

unkown

page readonly

4FEF000

stack

page read and write

2D59000

heap

page read and write

4751000

heap

page read and write

2C60000

heap

page read and write

4751000

heap

page read and write

2CE0000

heap

page read and write

2D80000

heap

page read and write

4751000

heap

page read and write

415E000

stack

page read and write

4751000

heap

page read and write

2D6A000

heap

page read and write

10000000

unkown

page readonly

2DD4000

heap

page read and write

4751000

heap

page read and write

2D3A000

heap

page read and write

10D9000

heap

page read and write

2EE1000

heap

page read and write

5010000

direct allocation

page read and write

10B0000

heap

page read and write

2BF0000

heap

page read and write

4751000

heap

page read and write

2DD4000

heap

page read and write

2A10000

heap

page read and write

48CE000

stack

page read and write

2EB7000

heap

page read and write

4751000

heap

page read and write

2E8A000

heap

page read and write

308E000

stack

page read and write

2EC0000

heap

page read and write

4DBF000

stack

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2D4D000

heap

page read and write

4751000

heap

page read and write

2F01000

heap

page read and write

2D6A000

heap

page read and write

4C7C000

stack

page read and write

12AE000

stack

page read and write

2F2B000

heap

page read and write

2DD4000

heap

page read and write

3130000

heap

page read and write

4CBD000

stack

page read and write

BF0000

heap

page read and write

4751000

heap

page read and write

46EF000

stack

page read and write

2CA0000

heap

page read and write

108E000

stack

page read and write

48F0000

heap

page read and write

1001E000

unkown

page readonly

2DD4000

heap

page read and write

29EB000

stack

page read and write

2EFB000

heap

page read and write

2E3E000

stack

page read and write

2FAE000

stack

page read and write

4751000

heap

page read and write

2D3E000

heap

page read and write

1001C000

unkown

page read and write

4751000

heap

page read and write

2D52000

heap

page read and write

4760000

heap

page read and write

4751000

heap

page read and write

2810000

heap

page read and write

4D3F000

stack

page read and write

310F000

stack

page read and write

4751000

heap

page read and write

2EC0000

heap

page read and write

27F0000

heap

page read and write

2DD4000

heap

page read and write

4751000

heap

page read and write

2D49000

heap

page read and write

2EBE000

heap

page read and write

2EAF000

heap

page read and write

104E000

stack

page read and write

4751000

heap

page read and write

4F70000

remote allocation

page read and write

4CFE000

stack

page read and write

2F2B000

heap

page read and write

4751000

heap

page read and write

2D45000

heap

page read and write

4751000

heap

page read and write

B7C000

stack

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2EBD000

heap

page read and write

630000

heap

page read and write

2D90000

heap

page read and write

2EE1000

heap

page read and write

4751000

heap

page read and write

2F3B000

heap

page read and write

4751000

heap

page read and write

2D51000

heap

page read and write

2E4A000

heap

page read and write

2EFB000

heap

page read and write

2DD4000

heap

page read and write

2EE1000

heap

page read and write

2F0F000

heap

page read and write

4751000

heap

page read and write

2EC0000

heap

page read and write

5010000

direct allocation

page read and write

4751000

heap

page read and write

10BB000

heap

page read and write

2EFA000

heap

page read and write

2EB0000

heap

page read and write

10001000

unkown

page execute read

2EE1000

heap

page read and write

2DD4000

heap

page read and write

4751000

heap

page read and write

2FEF000

stack

page read and write

2D30000

heap

page read and write

4751000

heap

page read and write

2D58000

heap

page read and write

2DD0000

heap

page read and write

2F1C000

heap

page read and write

5CC000

stack

page read and write

419F000

stack

page read and write

4250000

heap

page read and write

2BF0000

heap

page read and write

3020000

heap

page read and write

2CD0000

heap

page read and write

4D7E000

stack

page read and write

2F2B000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

3050000

heap

page read and write

3066000

heap

page read and write

48D0000

heap

page read and write

4751000

heap

page read and write

2EAA000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2CA0000

heap

page read and write

2F2E000

stack

page read and write

4E3E000

stack

page read and write

2EB0000

heap

page read and write

4F70000

remote allocation

page read and write

4751000

heap

page read and write

10DC000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2EBD000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

69C000

stack

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

3090000

heap

page read and write

2EE1000

heap

page read and write

2D58000

heap

page read and write

2F0E000

heap

page read and write

2EE1000

heap

page read and write

2EB7000

heap

page read and write

640000

heap

page read and write

2EFD000

heap

page read and write

2DD4000

heap

page read and write

65B000

stack

page read and write

41DE000

stack

page read and write

4751000

heap

page read and write

2F01000

heap

page read and write

2EFE000

heap

page read and write

2C7C000

stack

page read and write

2DD4000

heap

page read and write

2DD4000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2F2B000

heap

page read and write

2DD4000

heap

page read and write

476F000

stack

page read and write

58B000

stack

page read and write

6150000

trusted library allocation

page read and write

10BF000

heap

page read and write

4751000

heap

page read and write

4751000

heap

page read and write

2F34000

heap

page read and write

48B0000

heap

page read and write

2EE1000

heap

page read and write

3040000

heap

page read and write

4751000

heap

page read and write

2A1A000

heap

page read and write

472E000

stack

page read and write

2EE1000

heap

page read and write

2E6A000

heap

page read and write

2EB7000

heap

page read and write

2E40000

heap

page read and write

48F0000

heap

page read and write

2F6E000

stack

page read and write

4DFE000

stack

page read and write

3060000

heap

page read and write

4751000

heap

page read and write

There are 247 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
audiosrv.dll

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportaudiosrv.dll

Processes

URLs

Domains

IPs

Memdumps

IOC Report
audiosrv.dll