Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1656
Target ID:	0
Parent PID:	4004
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1872896
MD5:	90CA710AAF9DBEB26796E2023B2C20A4
Time:	13:49:03
Date:	29/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x4f0000
Modulesize:	4890624
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected LummaC Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

Details

Is windows:	true
Is dropped:	false
PID:	4236
Target ID:	5
Parent PID:	1656
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	13:49:42
Date:	29/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1616,i,1849646799519399230,5755203485963844661,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	940
Target ID:	7
Parent PID:	4236
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1616,i,1849646799519399230,5755203485963844661,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	13:49:43
Date:	29/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

Details

Is windows:	true
Is dropped:	false
PID:	7644
Target ID:	8
Parent PID:	1656
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	13:49:45
Date:	29/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2060,i,10926334977255808972,13126981693382377171,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	7840
Target ID:	9
Parent PID:	7644
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2060,i,10926334977255808972,13126981693382377171,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	13:49:45
Date:	29/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/

unknown

https://www.linkedin.com/cws/share?url=$

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://github.com/Youssef1313

unknown

https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg

unknown

https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0

unknown

https://aka.ms/msignite_docs_banner

unknown

https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9

unknown

http://polymer.github.io/AUTHORS.txt

unknown

https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml

unknown

https://management.azure.com/subscriptions?api-version=2016-06-01

unknown

https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

https://aka.ms/pshelpmechoose

unknown

https://aka.ms/feedback/report?space=61

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://learn-video.azurefd.net/vod/player

unknown

https://twitter.com/intent/tweet?original_referer=$

unknown

https://github.com/gewarren

unknown

https://support.mozilla.org/products/firefoxgro.all

unknown

http://polymer.github.io/CONTRIBUTORS.txt

unknown

https://www.mozilla.or

unknown

https://atten-supporse.biz/apik

unknown

https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md

unknown

https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725

unknown

https://client-api.arkoselabs.com/v2/api.js

unknown

https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl

unknown

https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://github.com/Thraka

unknown

https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi

unknown

http://polymer.github.io/PATENTS.txt

unknown

https://aka.ms/certhelp

unknown

http://185.215.113.16/steam/random.exe

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://crl.rootca1.amazontrust.com/rootca1.crl0

unknown

https://atten-supporse.biz/api

104.21.16.9

https://github.com/mairaw

unknown

https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js

13.107.246.63

http://ocsp.rootca1.amazontrust.com0:

unknown

https://schema.org

unknown

http://polymer.github.io/LICENSE.txt

unknown

https://www.ecosia.org/newtab/

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

unknown

https://aka.ms/yourcaliforniaprivacychoices

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://github.com/nschonni

unknown

https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05

unknown

https://github.com/adegeo

unknown

https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg

unknown

https://github.com/jonschlinkert/is-plain-object

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3

unknown

http://crt.rootca1.amazontrust.com/rootca1.cer0?

unknown

https://octokit.github.io/rest.js/#throttling

unknown

https://github.com/js-cookie/js-cookie

unknown

http://185.215.113.16/off/def.exe

unknown

http://schema.org/Organization

unknown

https://atten-supporse.biz/

unknown

https://atten-supporse.biz/api.

unknown

https://channel9.msdn.com/

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta

unknown

https://github.com/dotnet/try

unknown

There are 59 hidden URLs, click here to show them.

Domains

Name

Malicious

atten-supporse.biz

104.21.16.9

Details

Name:	atten-supporse.biz
IP:	104.21.16.9
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Suricata IDS alerts with low severity for network traffic	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.google.com

172.217.21.36

Details

Name:	www.google.com
IP:	172.217.21.36
TargetID:	7
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

s-part-0035.t-0009.t-msedge.net

13.107.246.63

js.monitor.azure.com

unknown

Details

Name:	js.monitor.azure.com
TargetID:	7
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

mdec.nelreports.net

unknown

IPs

Domain

Country

Malicious

192.168.2.6

unknown

Details

IP:	192.168.2.6
TargetID:	5
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Private:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.107.246.63

s-part-0035.t-0009.t-msedge.net

United States

Details

IP:	13.107.246.63
TargetID:	7
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	8068
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false
Domain:	s-part-0035.t-0009.t-msedge.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

192.168.2.16

unknown

185.215.113.16

unknown

Portugal

Details

IP:	185.215.113.16
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

239.255.255.250

unknown

Reserved

104.21.16.9

atten-supporse.biz

United States

Details

IP:	104.21.16.9
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	atten-supporse.biz

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.217.21.36

www.google.com

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

5D47000

trusted library allocation

page read and write

E86000

heap

page read and write

E8B000

heap

page read and write

57F2000

trusted library allocation

page read and write

5809000

trusted library allocation

page read and write

57A2000

trusted library allocation

page read and write

582F000

trusted library allocation

page read and write

57A6000

trusted library allocation

page read and write

57CB000

trusted library allocation

page read and write

5C59000

trusted library allocation

page read and write

57A1000

trusted library allocation

page read and write

5DC6000

trusted library allocation

page read and write

57AA000

trusted library allocation

page read and write

E86000

heap

page read and write

5A17000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

57C4000

trusted library allocation

page read and write

5C51000

trusted library allocation

page read and write

4841000

heap

page read and write

5C56000

trusted library allocation

page read and write

E76000

heap

page read and write

5EBF000

trusted library allocation

page read and write

57AB000

trusted library allocation

page read and write

57AE000

trusted library allocation

page read and write

5811000

trusted library allocation

page read and write

5EF0000

trusted library allocation

page read and write

4841000

heap

page read and write

57A2000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

4841000

heap

page read and write

57F6000

trusted library allocation

page read and write

57B5000

trusted library allocation

page read and write

5D6B000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57AD000

trusted library allocation

page read and write

5E77000

trusted library allocation

page read and write

5D5C000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

57E1000

trusted library allocation

page read and write

57A1000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

57C9000

trusted library allocation

page read and write

5D4F000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

4CD0000

direct allocation

page read and write

5C60000

trusted library allocation

page read and write

5C5A000

trusted library allocation

page read and write

5C5B000

trusted library allocation

page read and write

E91000

heap

page read and write

5842000

trusted library allocation

page read and write

57A5000

trusted library allocation

page read and write

57CB000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

5DBD000

trusted library allocation

page read and write

5C55000

trusted library allocation

page read and write

5A52000

trusted library allocation

page read and write

57C6000

trusted library allocation

page read and write

57E7000

trusted library allocation

page read and write

4CD0000

direct allocation

page read and write

57F5000

trusted library allocation

page read and write

5CF5000

trusted library allocation

page read and write

4841000

heap

page read and write

5C50000

trusted library allocation

page read and write

4841000

heap

page read and write

5DA9000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5D38000

trusted library allocation

page read and write

5C5B000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

E7A000

heap

page read and write

4841000

heap

page read and write

57BE000

trusted library allocation

page read and write

57CF000

trusted library allocation

page read and write

58A5000

trusted library allocation

page read and write

E7C000

heap

page read and write

5D93000

trusted library allocation

page read and write

4E60000

direct allocation

page execute and read and write

5D19000

trusted library allocation

page read and write

4E60000

direct allocation

page execute and read and write

5D84000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

580E000

trusted library allocation

page read and write

5806000

trusted library allocation

page read and write

5C5E000

trusted library allocation

page read and write

E7C000

heap

page read and write

57D1000

trusted library allocation

page read and write

5F3F000

trusted library allocation

page read and write

E80000

heap

page read and write

4841000

heap

page read and write

5C50000

trusted library allocation

page read and write

5D56000

trusted library allocation

page read and write

5822000

trusted library allocation

page read and write

57E8000

trusted library allocation

page read and write

5CFE000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5C53000

trusted library allocation

page read and write

5DA8000

trusted library allocation

page read and write

5C5C000

trusted library allocation

page read and write

5D99000

trusted library allocation

page read and write

57A1000

trusted library allocation

page read and write

5C59000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

5D6B000

trusted library allocation

page read and write

5C5A000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

5E9B000

trusted library allocation

page read and write

5808000

trusted library allocation

page read and write

5E64000

trusted library allocation

page read and write

58DF000

trusted library allocation

page read and write

57E9000

trusted library allocation

page read and write

4841000

heap

page read and write

5D80000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

5D23000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

5D1E000

trusted library allocation

page read and write

5DAA000

trusted library allocation

page read and write

57F5000

trusted library allocation

page read and write

5C53000

trusted library allocation

page read and write

5C5A000

trusted library allocation

page read and write

E92000

heap

page read and write

5C54000

trusted library allocation

page read and write

5C55000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

5C5B000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57AF000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

5E2A000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

5C57000

trusted library allocation

page read and write

5801000

trusted library allocation

page read and write

5822000

trusted library allocation

page read and write

5E66000

trusted library allocation

page read and write

5D07000

trusted library allocation

page read and write

5D3A000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

4841000

heap

page read and write

5C59000

trusted library allocation

page read and write

5E8E000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

4841000

heap

page read and write

5C58000

trusted library allocation

page read and write

5E47000

trusted library allocation

page read and write

57D2000

trusted library allocation

page read and write

5D4A000

trusted library allocation

page read and write

5D49000

trusted library allocation

page read and write

5D93000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5F41000

trusted library allocation

page read and write

5E66000

trusted library allocation

page read and write

4841000

heap

page read and write

5842000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

4841000

heap

page read and write

57BF000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

4E60000

direct allocation

page execute and read and write

58A1000

trusted library allocation

page read and write

E78000

heap

page read and write

5D2B000

trusted library allocation

page read and write

5DAB000

trusted library allocation

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

57AF000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5D19000

trusted library allocation

page read and write

57C0000

trusted library allocation

page read and write

57D5000

trusted library allocation

page read and write

4841000

heap

page read and write

5C55000

trusted library allocation

page read and write

5D3D000

trusted library allocation

page read and write

580F000

trusted library allocation

page read and write

5C50000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

5DB3000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

5D09000

trusted library allocation

page read and write

57CF000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

5D4A000

trusted library allocation

page read and write

57C8000

trusted library allocation

page read and write

5DBF000

trusted library allocation

page read and write

5EFB000

trusted library allocation

page read and write

57E8000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5DE9000

trusted library allocation

page read and write

5D59000

trusted library allocation

page read and write

5D76000

trusted library allocation

page read and write

583A000

trusted library allocation

page read and write

57C9000

trusted library allocation

page read and write

E92000

heap

page read and write

5809000

trusted library allocation

page read and write

5E68000

trusted library allocation

page read and write

5DB3000

trusted library allocation

page read and write

5801000

trusted library allocation

page read and write

E5B000

heap

page read and write

E9B000

heap

page read and write

5EDA000

trusted library allocation

page read and write

5E79000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

5C5F000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

57E9000

trusted library allocation

page read and write

57AE000

trusted library allocation

page read and write

58A6000

trusted library allocation

page read and write

4841000

heap

page read and write

57F0000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

4CD0000

direct allocation

page read and write

57D6000

trusted library allocation

page read and write

57E3000

trusted library allocation

page read and write

57CE000

trusted library allocation

page read and write

E76000

heap

page read and write

E83000

heap

page read and write

57AB000

trusted library allocation

page read and write

57CF000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

58A8000

trusted library allocation

page read and write

5D3B000

trusted library allocation

page read and write

5C55000

trusted library allocation

page read and write

E76000

heap

page read and write

57D4000

trusted library allocation

page read and write

5D27000

trusted library allocation

page read and write

5EEE000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

4EA9000

trusted library allocation

page read and write

5C59000

trusted library allocation

page read and write

5E3D000

trusted library allocation

page read and write

57F9000

trusted library allocation

page read and write

57CA000

trusted library allocation

page read and write

5DEB000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57E1000

trusted library allocation

page read and write

5808000

trusted library allocation

page read and write

5DC4000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

5D1C000

trusted library allocation

page read and write

62B4000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

5DC1000

trusted library allocation

page read and write

E77000

heap

page read and write

57A8000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57C9000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

7F6000

unkown

page execute and write copy

4841000

heap

page read and write

5803000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

58A8000

trusted library allocation

page read and write

5801000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

57E0000

trusted library allocation

page read and write

5822000

trusted library allocation

page read and write

5C50000

trusted library allocation

page read and write

E50000

heap

page read and write

5D29000

trusted library allocation

page read and write

5987000

trusted library allocation

page read and write

57F9000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

57C9000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

5CF5000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

57F6000

trusted library allocation

page read and write

5D16000

trusted library allocation

page read and write

5D9B000

trusted library allocation

page read and write

5C50000

trusted library allocation

page read and write

5806000

trusted library allocation

page read and write

5DAA000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

5D82000

trusted library allocation

page read and write

5806000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

5E28000

trusted library allocation

page read and write

5D8C000

trusted library allocation

page read and write

57E1000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

4F1000

unkown

page execute and write copy

57B6000

trusted library allocation

page read and write

594F000

trusted library allocation

page read and write

5D8A000

trusted library allocation

page read and write

4E50000

direct allocation

page execute and read and write

5C53000

trusted library allocation

page read and write

5822000

trusted library allocation

page read and write

57B8000

trusted library allocation

page read and write

5D9B000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

5D6D000

trusted library allocation

page read and write

5340000

remote allocation

page read and write

57FC000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

57F2000

trusted library allocation

page read and write

57E9000

trusted library allocation

page read and write

5D17000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57E3000

trusted library allocation

page read and write

5340000

remote allocation

page read and write

5C58000

trusted library allocation

page read and write

5D61000

trusted library allocation

page read and write

5D36000

trusted library allocation

page read and write

582E000

trusted library allocation

page read and write

57CF000

trusted library allocation

page read and write

5C5C000

trusted library allocation

page read and write

E7E000

heap

page read and write

5812000

trusted library allocation

page read and write

57EF000

trusted library allocation

page read and write

E74000

heap

page read and write

5C5A000

trusted library allocation

page read and write

E81000

heap

page read and write

57BF000

trusted library allocation

page read and write

5801000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5E9D000

trusted library allocation

page read and write

5CF7000

trusted library allocation

page read and write

57C9000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

4D12000

direct allocation

page read and write

5DCF000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5C61000

trusted library allocation

page read and write

4E60000

direct allocation

page execute and read and write

4E60000

direct allocation

page execute and read and write

5E0F000

trusted library allocation

page read and write

58A4000

trusted library allocation

page read and write

5D09000

trusted library allocation

page read and write

5C59000

trusted library allocation

page read and write

4E40000

direct allocation

page execute and read and write

57DE000

trusted library allocation

page read and write

E97000

heap

page read and write

57DA000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

57E6000

trusted library allocation

page read and write

5812000

trusted library allocation

page read and write

5DB5000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

57C8000

trusted library allocation

page read and write

58AE000

trusted library allocation

page read and write

5C57000

trusted library allocation

page read and write

5EC1000

trusted library allocation

page read and write

5C5E000

trusted library allocation

page read and write

E69000

heap

page read and write

57E8000

trusted library allocation

page read and write

5803000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5CF4000

trusted library allocation

page read and write

57A5000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57EC000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

5D21000

trusted library allocation

page read and write

57EF000

trusted library allocation

page read and write

57D5000

trusted library allocation

page read and write

57C6000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

57D7000

trusted library allocation

page read and write

5D66000

trusted library allocation

page read and write

57D4000

trusted library allocation

page read and write

57D7000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

E76000

heap

page read and write

5D58000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

57F0000

trusted library allocation

page read and write

5340000

remote allocation

page read and write

5D1F000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5D9D000

trusted library allocation

page read and write

57A1000

trusted library allocation

page read and write

5C57000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

5D74000

trusted library allocation

page read and write

5C59000

trusted library allocation

page read and write

5E3F000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

5C5F000

trusted library allocation

page read and write

4841000

heap

page read and write

57C1000

trusted library allocation

page read and write

5D91000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

57C4000

trusted library allocation

page read and write

4841000

heap

page read and write

5C57000

trusted library allocation

page read and write

57AA000

trusted library allocation

page read and write

E80000

heap

page read and write

57AD000

trusted library allocation

page read and write

57A3000

trusted library allocation

page read and write

57EA000

trusted library allocation

page read and write

57F1000

trusted library allocation

page read and write

5CF2000

trusted library allocation

page read and write

5C53000

trusted library allocation

page read and write

5C52000

trusted library allocation

page read and write

5C5D000

trusted library allocation

page read and write

4841000

heap

page read and write

E9A000

heap

page read and write

4F0000

unkown

page readonly

E78000

heap

page read and write

57BE000

trusted library allocation

page read and write

5E0D000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57B1000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

5D1B000

trusted library allocation

page read and write

58B0000

trusted library allocation

page read and write

5DAC000

trusted library allocation

page read and write

5C5D000

trusted library allocation

page read and write

58A6000

trusted library allocation

page read and write

57D7000

trusted library allocation

page read and write

58C7000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

5CF3000

trusted library allocation

page read and write

57EF000

trusted library allocation

page read and write

57DA000

trusted library allocation

page read and write

5C5E000

trusted library allocation

page read and write

5D92000

trusted library allocation

page read and write

5808000

trusted library allocation

page read and write

5E45000

trusted library allocation

page read and write

5C5C000

trusted library allocation

page read and write

5C53000

trusted library allocation

page read and write

57A1000

trusted library allocation

page read and write

5C5A000

trusted library allocation

page read and write

E8D000

heap

page read and write

57DE000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

4E30000

direct allocation

page execute and read and write

57E8000

trusted library allocation

page read and write

57D4000

trusted library allocation

page read and write

5C59000

trusted library allocation

page read and write

57D7000

trusted library allocation

page read and write

57D0000

trusted library allocation

page read and write

57E8000

trusted library allocation

page read and write

5EDC000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

58AA000

trusted library allocation

page read and write

E92000

heap

page read and write

5C57000

trusted library allocation

page read and write

5D94000

trusted library allocation

page read and write

57F1000

trusted library allocation

page read and write

5C51000

trusted library allocation

page read and write

57C0000

trusted library allocation

page read and write

E76000

heap

page read and write

57ED000

trusted library allocation

page read and write

5C5D000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

597F000

trusted library allocation

page read and write

57C0000

trusted library allocation

page read and write

5E8C000

trusted library allocation

page read and write

5DA6000

trusted library allocation

page read and write

5EFD000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5D9B000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

5C57000

trusted library allocation

page read and write

5D1D000

trusted library allocation

page read and write

5C57000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

580F000

trusted library allocation

page read and write

5D07000

trusted library allocation

page read and write

57DA000

trusted library allocation

page read and write

5C5A000

trusted library allocation

page read and write

E74000

heap

page read and write

E69000

heap

page read and write

57BF000

trusted library allocation

page read and write

58AE000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5803000

trusted library allocation

page read and write

57AA000

trusted library allocation

page read and write

57C0000

trusted library allocation

page read and write

5809000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

4841000

heap

page read and write

E74000

heap

page read and write

57C8000

trusted library allocation

page read and write

5D5F000

trusted library allocation

page read and write

5DBF000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

5D82000

trusted library allocation

page read and write

5D5E000

trusted library allocation

page read and write

5D48000

trusted library allocation

page read and write

5DD1000

trusted library allocation

page read and write

57D2000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

5D51000

trusted library allocation

page read and write

57A6000

trusted library allocation

page read and write

57E3000

trusted library allocation

page read and write

5977000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

4E60000

direct allocation

page execute and read and write

5803000

trusted library allocation

page read and write

5C51000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

57C6000

trusted library allocation

page read and write

57CB000

trusted library allocation

page read and write

5D18000

trusted library allocation

page read and write

5C5C000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

5F2B000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

57C9000

trusted library allocation

page read and write

57E8000

trusted library allocation

page read and write

57AF000

trusted library allocation

page read and write

58A3000

trusted library allocation

page read and write

545000

unkown

page write copy

5822000

trusted library allocation

page read and write

57FE000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

5811000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57C1000

trusted library allocation

page read and write

57AA000

trusted library allocation

page read and write

580E000

trusted library allocation

page read and write

57F8000

trusted library allocation

page read and write

5D29000

trusted library allocation

page read and write

5D48000

trusted library allocation

page read and write

5C53000

trusted library allocation

page read and write

5C54000

trusted library allocation

page read and write

5D87000

trusted library allocation

page read and write

57D1000

trusted library allocation

page read and write

5D9D000

trusted library allocation

page read and write

E7A000

heap

page read and write

5D69000

trusted library allocation

page read and write

5C56000

trusted library allocation

page read and write

57D4000

trusted library allocation

page read and write

57A8000

trusted library allocation

page read and write

E76000

heap

page read and write

5F0A000

trusted library allocation

page read and write

4841000

heap

page read and write

5D85000

trusted library allocation

page read and write

57E0000

trusted library allocation

page read and write

57C6000

trusted library allocation

page read and write

5D68000

trusted library allocation

page read and write

5D38000

trusted library allocation

page read and write

E80000

heap

page read and write

5C58000

trusted library allocation

page read and write

57C6000

trusted library allocation

page read and write

5F29000

trusted library allocation

page read and write

5CFC000

trusted library allocation

page read and write

5D95000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

5C58000

trusted library allocation

page read and write

4830000

direct allocation

page read and write

57E4000

trusted library allocation

page read and write

5D57000

trusted library allocation

page read and write

4940000

trusted library allocation

page read and write

5C5A000

trusted library allocation

page read and write

5F0C000

trusted library allocation

page read and write

57F5000

trusted library allocation

page read and write

5DB5000

trusted library allocation

page read and write

There are 554 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Memdumps

DOM / HTML

IOC Report
file.exe