Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

pdusf6w2SJ.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.082222552122564
Filename:	pdusf6w2SJ.exe
Filesize:	307712
MD5:	41085a0b812617eaf8124548ea23a71c
SHA1:	68157e5cd95221a6e59ce19dfd72ab9741052d1a
SHA256:	14f4f088a5819dbc02cdd63e5fc0784e2b7817d9db354fb393f4f06a20502837
SHA512:	36d63aedf130bc186847d272af7ca4369ee62bff2c9c5669921c206fc6debbc1194b23a11d8697763604b55f3b51015e993ba9beb5cb9d350685693da7bc0967
SSDEEP:	3072:WcZqf7D34up/0+mACkyI+EQEjgWvB1fA0PuTVAtkxzM3RIeqiOL2bBOA:WcZqf7DIWnGfEtB1fA0GTV8kSIL
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation Security Software Discovery
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)	Malware Analysis System Evasion
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information	Data from Local System
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pdusf6w2SJ.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pdusf6w2SJ.exe.log
Category:	dropped
Dump:	pdusf6w2SJ.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\pdusf6w2SJ.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.33145931749415
Encrypted:	false
Ssdeep:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
Size:	3094
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\pdusf6w2SJ.exe

"C:\Users\user\Desktop\pdusf6w2SJ.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6764
Target ID:	0
Parent PID:	2580
Name:	pdusf6w2SJ.exe
Path:	C:\Users\user\Desktop\pdusf6w2SJ.exe
Commandline:	"C:\Users\user\Desktop\pdusf6w2SJ.exe"
Size:	307712
MD5:	41085A0B812617EAF8124548EA23A71C
Time:	03:41:59
Date:	17/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe40000
Modulesize:	335872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

147.45.44.221:1912

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

https://duckduckgo.com/ac/?q=

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust

unknown

https://duckduckgo.com/chrome_newtabS

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback

unknown

http://tempuri.org/Entity/Id3ResponseD

unknown

http://tempuri.org/Entity/Id23Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT

unknown

http://tempuri.org/D

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

147.45.44.221

unknown

Russian Federation

Details

IP:	147.45.44.221
TargetID:	0
Current Path:	C:\Users\user\Desktop\pdusf6w2SJ.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

E42000

unkown

page readonly

31F4000

trusted library allocation

page read and write

FC0000

heap

page read and write

303C000

stack

page read and write

564B000

trusted library allocation

page read and write

148A000

trusted library allocation

page execute and read and write

4256000

trusted library allocation

page read and write

17B0000

trusted library allocation

page read and write

32C1000

trusted library allocation

page read and write

158F000

heap

page read and write

5AA0000

trusted library allocation

page read and write

75D2000

trusted library allocation

page read and write

6440000

heap

page read and write

F90000

heap

page read and write

5980000

trusted library allocation

page read and write

75FF000

trusted library allocation

page read and write

3534000

trusted library allocation

page read and write

64B5000

heap

page read and write

3395000

trusted library allocation

page read and write

149B000

trusted library allocation

page execute and read and write

66CE000

stack

page read and write

7E90000

trusted library allocation

page read and write

5753000

heap

page read and write

145D000

trusted library allocation

page execute and read and write

5BA0000

trusted library allocation

page read and write

324E000

trusted library allocation

page read and write

680C000

stack

page read and write

7605000

trusted library allocation

page read and write

5AF0000

trusted library allocation

page read and write

5C10000

trusted library allocation

page read and write

594B000

trusted library allocation

page read and write

596E000

trusted library allocation

page read and write

5971000

trusted library allocation

page read and write

76C0000

trusted library allocation

page read and write

1480000

trusted library allocation

page read and write

5661000

trusted library allocation

page read and write

1800000

trusted library allocation

page read and write

3526000

trusted library allocation

page read and write

64A5000

heap

page read and write

35CE000

trusted library allocation

page read and write

373B000

trusted library allocation

page read and write

3644000

trusted library allocation

page read and write

70FC000

stack

page read and write

7CA6000

heap

page read and write

7AAF000

stack

page read and write

63D2000

heap

page read and write

35DE000

trusted library allocation

page read and write

5644000

trusted library allocation

page read and write

358B000

trusted library allocation

page read and write

36E9000

trusted library allocation

page read and write

7700000

trusted library allocation

page execute and read and write

7C8E000

stack

page read and write

6FFC000

stack

page read and write

1582000

heap

page read and write

3252000

trusted library allocation

page read and write

68DE000

stack

page read and write

7203000

trusted library allocation

page read and write

7610000

trusted library allocation

page read and write

181A000

heap

page read and write

32D8000

trusted library allocation

page read and write

75EF000

trusted library allocation

page read and write

75D9000

trusted library allocation

page read and write

645D000

heap

page read and write

5640000

trusted library allocation

page read and write

43EC000

trusted library allocation

page read and write

565E000

trusted library allocation

page read and write

569E000

trusted library allocation

page read and write

32C9000

trusted library allocation

page read and write

72CB000

heap

page read and write

72B2000

heap

page read and write

6820000

trusted library allocation

page execute and read and write

3256000

trusted library allocation

page read and write

72C2000

heap

page read and write

3665000

trusted library allocation

page read and write

4161000

trusted library allocation

page read and write

5AC0000

trusted library allocation

page read and write

42AF000

trusted library allocation

page read and write

5962000

trusted library allocation

page read and write

5168000

trusted library allocation

page read and write

5D00000

trusted library allocation

page execute and read and write

7366000

heap

page read and write

7602000

trusted library allocation

page read and write

5CBE000

stack

page read and write

593E000

stack

page read and write

36A9000

trusted library allocation

page read and write

3040000

trusted library allocation

page read and write

5B40000

trusted library allocation

page read and write

1490000

trusted library allocation

page read and write

644A000

heap

page read and write

35FF000

trusted library allocation

page read and write

6497000

heap

page read and write

7B80000

heap

page read and write

75D5000

trusted library allocation

page read and write

36F7000

trusted library allocation

page read and write

3599000

trusted library allocation

page read and write

7B10000

heap

page read and write

32DA000

trusted library allocation

page read and write

5AE0000

trusted library allocation

page read and write

36CA000

trusted library allocation

page read and write

1495000

trusted library allocation

page execute and read and write

36BD000

trusted library allocation

page read and write

5748000

trusted library allocation

page read and write

1482000

trusted library allocation

page read and write

1450000

trusted library allocation

page read and write

1497000

trusted library allocation

page execute and read and write

3709000

trusted library allocation

page read and write

332C000

trusted library allocation

page read and write

416F000

trusted library allocation

page read and write

779E000

stack

page read and write

5710000

heap

page read and write

17C0000

trusted library allocation

page execute and read and write

144E000

stack

page read and write

36D4000

trusted library allocation

page read and write

3607000

trusted library allocation

page read and write

5C20000

trusted library allocation

page read and write

1492000

trusted library allocation

page read and write

63D0000

heap

page read and write

35E6000

trusted library allocation

page read and write

767D000

stack

page read and write

3580000

trusted library allocation

page read and write

63E2000

heap

page read and write

7A6F000

stack

page read and write

17D0000

heap

page read and write

597A000

trusted library allocation

page read and write

5956000

trusted library allocation

page read and write

3372000

trusted library allocation

page read and write

14A8000

heap

page read and write

5CFE000

stack

page read and write

3305000

trusted library allocation

page read and write

169E000

stack

page read and write

3657000

trusted library allocation

page read and write

76D0000

trusted library allocation

page read and write

74A0000

heap

page read and write

5C30000

trusted library allocation

page execute and read and write

5C00000

trusted library allocation

page execute and read and write

5B70000

trusted library allocation

page read and write

3161000

trusted library allocation

page read and write

3503000

trusted library allocation

page read and write

63F4000

heap

page read and write

32F9000

trusted library allocation

page read and write

56A0000

trusted library allocation

page read and write

687E000

stack

page read and write

351B000

trusted library allocation

page read and write

35CC000

trusted library allocation

page read and write

32CC000

trusted library allocation

page read and write

72A0000

heap

page read and write

1460000

trusted library allocation

page read and write

140E000

stack

page read and write

574A000

trusted library allocation

page read and write

1470000

heap

page read and write

12F7000

stack

page read and write

7AFC000

stack

page read and write

3568000

trusted library allocation

page read and write

72D7000

heap

page read and write

5C7E000

stack

page read and write

353C000

trusted library allocation

page read and write

1810000

heap

page read and write

7B6E000

stack

page read and write

36A6000

trusted library allocation

page read and write

5AC5000

trusted library allocation

page read and write

3510000

trusted library allocation

page read and write

76E0000

trusted library allocation

page read and write

3578000

trusted library allocation

page read and write

4238000

trusted library allocation

page read and write

5951000

trusted library allocation

page read and write

363E000

trusted library allocation

page read and write

7710000

trusted library allocation

page read and write

FF0000

trusted library allocation

page read and write

65CF000

stack

page read and write

5A9F000

stack

page read and write

181E000

heap

page read and write

56B0000

trusted library allocation

page read and write

5BF0000

trusted library allocation

page read and write

3575000

trusted library allocation

page read and write

3313000

trusted library allocation

page read and write

73A9000

heap

page read and write

E77000

unkown

page readonly

3632000

trusted library allocation

page read and write

5730000

trusted library allocation

page execute and read and write

72A8000

heap

page read and write

5B80000

trusted library allocation

page execute and read and write

72EB000

heap

page read and write

6412000

heap

page read and write

179F000

stack

page read and write

5745000

trusted library allocation

page read and write

3641000

trusted library allocation

page read and write

75EA000

trusted library allocation

page read and write

648F000

heap

page read and write

56A5000

trusted library allocation

page read and write

17E0000

heap

page read and write

315F000

stack

page read and write

5690000

trusted library allocation

page read and write

3572000

trusted library allocation

page read and write

5940000

trusted library allocation

page read and write

76F0000

trusted library allocation

page execute and read and write

6423000

heap

page read and write

330B000

trusted library allocation

page read and write

1486000

trusted library allocation

page execute and read and write

3698000

trusted library allocation

page read and write

75D0000

trusted library allocation

page read and write

E72000

unkown

page readonly

56D0000

trusted library allocation

page read and write

72FA000

heap

page read and write

5740000

trusted library allocation

page read and write

7C90000

heap

page read and write

36B1000

trusted library allocation

page read and write

7600000

trusted library allocation

page read and write

44EF000

trusted library allocation

page read and write

1453000

trusted library allocation

page execute and read and write

14AE000

heap

page read and write

67CE000

stack

page read and write

44FC000

trusted library allocation

page read and write

1817000

heap

page read and write

75B0000

trusted library allocation

page read and write

32CF000

trusted library allocation

page read and write

6400000

heap

page read and write

75F5000

trusted library allocation

page read and write

75A0000

trusted library allocation

page read and write

423D000

trusted library allocation

page read and write

5AB1000

trusted library allocation

page read and write

35D8000

trusted library allocation

page read and write

5ACB000

trusted library allocation

page read and write

75E8000

trusted library allocation

page read and write

14A0000

heap

page read and write

5672000

trusted library allocation

page read and write

3703000

trusted library allocation

page read and write

6880000

trusted library allocation

page read and write

5B00000

trusted library allocation

page execute and read and write

71FD000

stack

page read and write

5AD0000

trusted library allocation

page read and write

7E8E000

stack

page read and write

F2A000

stack

page read and write

775E000

stack

page read and write

36A3000

trusted library allocation

page read and write

3308000

trusted library allocation

page read and write

5B90000

trusted library allocation

page execute and read and write

7B00000

trusted library allocation

page read and write

350D000

trusted library allocation

page read and write

35F1000

trusted library allocation

page read and write

3050000

heap

page execute and read and write

3333000

trusted library allocation

page read and write

3501000

trusted library allocation

page read and write

75A3000

trusted library allocation

page read and write

75A6000

trusted library allocation

page read and write

1565000

heap

page read and write

5750000

heap

page read and write

7200000

trusted library allocation

page read and write

FA0000

heap

page read and write

35A1000

trusted library allocation

page read and write

5680000

trusted library allocation

page read and write

5720000

trusted library allocation

page read and write

5990000

heap

page execute and read and write

2FFE000

stack

page read and write

146D000

trusted library allocation

page execute and read and write

3513000

trusted library allocation

page read and write

331E000

trusted library allocation

page read and write

5722000

trusted library allocation

page read and write

4181000

trusted library allocation

page read and write

6439000

heap

page read and write

4231000

trusted library allocation

page read and write

FC5000

heap

page read and write

6474000

heap

page read and write

75C0000

trusted library allocation

page execute and read and write

36DE000

trusted library allocation

page read and write

5ACE000

trusted library allocation

page read and write

6461000

heap

page read and write

E86000

unkown

page readonly

5B50000

trusted library allocation

page read and write

4501000

trusted library allocation

page read and write

33B5000

trusted library allocation

page read and write

E40000

unkown

page readonly

7F1C0000

trusted library allocation

page execute and read and write

5666000

trusted library allocation

page read and write

75B4000

trusted library allocation

page read and write

75FA000

trusted library allocation

page read and write

1454000

trusted library allocation

page read and write

74B0000

heap

page read and write

427E000

trusted library allocation

page read and write

366C000

trusted library allocation

page read and write

35DB000

trusted library allocation

page read and write

5B60000

heap

page read and write

5B30000

trusted library allocation

page read and write

14C7000

heap

page read and write

52FC000

stack

page read and write

14E1000

heap

page read and write

3566000

trusted library allocation

page read and write

566D000

trusted library allocation

page read and write

364C000

trusted library allocation

page read and write

42EC000

trusted library allocation

page read and write

76BE000

stack

page read and write

4244000

trusted library allocation

page read and write

There are 281 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
pdusf6w2SJ.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportpdusf6w2SJ.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
pdusf6w2SJ.exe