Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Payment_Advice.exe

"C:\Users\user\Desktop\Payment_Advice.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7896
Target ID:	0
Parent PID:	3964
Name:	Payment_Advice.exe
Path:	C:\Users\user\Desktop\Payment_Advice.exe
Commandline:	"C:\Users\user\Desktop\Payment_Advice.exe"
Size:	1227264
MD5:	B78875D3B0CFB4321E48BDE829350317
Time:	10:24:39
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xfe0000
Modulesize:	1257472
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Initial sample is a PE file and has a suspicious name	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe

"C:\Users\user\Desktop\Payment_Advice.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7912
Target ID:	1
Parent PID:	7896
Name:	cacostomia.exe
Path:	C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe
Commandline:	"C:\Users\user\Desktop\Payment_Advice.exe"
Size:	1227264
MD5:	B78875D3B0CFB4321E48BDE829350317
Time:	10:24:40
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb30000
Modulesize:	1257472
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Drops script at startup location	Data Obfuscation
Binary is likely a compiled AutoIt script file	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Users\user\Desktop\Payment_Advice.exe"

Details

Is windows:	true
Is dropped:	false
PID:	8060
Target ID:	3
Parent PID:	7912
Name:	RegSvcs.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Commandline:	"C:\Users\user\Desktop\Payment_Advice.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	10:24:41
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x830000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample uses process hollowing technique	HIPS / PFW / Operating System Protection Evasion	Shared Modules Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection

C:\Windows\System32\wscript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cacostomia.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	1432
Target ID:	10
Parent PID:	3964
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cacostomia.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	10:24:51
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff67cc00000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe

"C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe"

Details

Is windows:	false
Is dropped:	true
PID:	1268
Target ID:	11
Parent PID:	1432
Name:	cacostomia.exe
Path:	C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe
Commandline:	"C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe"
Size:	1227264
MD5:	B78875D3B0CFB4321E48BDE829350317
Time:	10:24:52
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0xb30000
Modulesize:	1257472
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Drops script at startup location	Data Obfuscation
Binary is likely a compiled AutoIt script file	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7672
Target ID:	12
Parent PID:	1268
Name:	RegSvcs.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Commandline:	"C:\Users\user\AppData\Local\undiscernibleness\cacostomia.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	10:24:53
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x400000
Modulesize:	0
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample uses process hollowing technique	HIPS / PFW / Operating System Protection Evasion	Shared Modules Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	8092
Target ID:	4
Parent PID:	8060
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	10:24:41
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff62fc20000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 12

Details

Is windows:	true
Is dropped:	false
PID:	8164
Target ID:	15
Parent PID:	7672
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 12
Size:	483680
MD5:	C31336C1EFC2CCB44B4326EA793040F2
Time:	10:24:54
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xff0000
Modulesize:	499712
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

185.172.128.70:3808

http://www.apache.org/licenses/LICENSE-2.0

unknown

http://www.fontbureau.com

unknown

http://www.fontbureau.com/designersG

unknown

https://api.ip.sb/ip

unknown

http://www.fontbureau.com/designers/?

unknown

http://www.founder.com.cn/cn/bThe

unknown

http://www.fontbureau.com/designers?

unknown

http://www.tiro.com

unknown

https://api.ip.s

unknown

http://www.fontbureau.com/designers

unknown

http://www.carterandcone.coml

unknown

http://www.sajatypeworks.com

unknown

http://www.typography.netD

unknown

http://www.fontbureau.com/designers/cabarga.htmlN

unknown

http://www.founder.com.cn/cn/cThe

unknown

http://www.galapagosdesign.com/staff/dennis.htm

unknown

http://www.founder.com.cn/cn

unknown

http://www.fontbureau.com/designers/frere-user.html

unknown

http://www.jiyu-kobo.co.jp/

unknown

https://discord.com/api/v9/users/

unknown

http://www.galapagosdesign.com/DPlease

unknown

http://www.fontbureau.com/designers8

unknown

http://www.fonts.com

unknown

http://www.urwpp.deDPlease

unknown

http://www.zhongyicts.com.cn

unknown

http://www.sakkal.com

unknown

There are 17 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

00184012D1FD5612

Details

TargetID:	15
Path:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
Value name:	00184012D1FD5612
Value data:	01 00 00 00 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 28 35 6A 1C FA D5 32 49 99 61 6F 2F 74 A5 F5 43 00 00 00 00 02 00 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 95 F1 94 68 F7 FA E8 D6 FD F1 57 D0 DC 6A D6 C6 20 29 1A 2A 14 C0 76 40 A6 88 A8 8A 44 EB FD 1D 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 57 AB 9C C2 23 50 2D 63 A0 D3 9F 14 7B 34 69 62 CB 4B 6D D1 D6 7B EE FC 53 C3 73 BB FD A1 42 88 80 00 00 00 17 4B F3 48 1D 3F 6D 48 C1 CA 57 8C 9E C5 B4 56 2B D8 4F F2 D8 0A 70 BD 29 52 50 DF B7 24 57 12 B5 70 62 AC BA AC A8 E7 CD 1D E5 A8 30 B1 A0 E9 FD C7 F4 AF 4C 39 59 4D B9 89 46 1B 15 36 8A 38 A8 50 14 88 3B 67 8F 94 EF C8 92 81 57 38 8C B7 F7 05 5B 0D 1F A0 FD E4 1E D1 7F 49 1D 53 4D 99 50 2D A6 48 28 35 6C 53 AB 77 F5 30 09 46 64 84 5E 96 DA 17 0B 51 28 00 CA E8 0D 27 B5 FE 54 F7 40 00 00 00 8D 38 9C 5F 61 E3 74 F5 AA 0F 2C BC 06 C7 60 05 E0 CE 0F D1 ED 69 A7 64 DA D8 39 93 79 04 35 28 24 DA 62 AD 5A 0B 01 1C B1 5B 15 94 51 53 7B 6E FD 3D 15 2C 10 05 02 AB BF C5 13 22 7A 65 DE EE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

Details

TargetID:	15
Path:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
Value name:	DeviceTicket
Value data:	01 00 00 00 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 28 35 6A 1C FA D5 32 49 99 61 6F 2F 74 A5 F5 43 00 00 00 00 02 00 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 F3 FD EE 78 90 6C 6A BB DD A2 BB A7 29 71 BE E1 18 4A 8B C9 FF 5F AE 1B C6 3D B8 67 AE 07 F2 04 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 C6 7F A4 6A 68 7D 2D 7D 2F 03 8F E7 29 D1 94 7E 15 0C 70 F0 F8 C5 29 B4 C9 8E 8B 83 F6 BB 96 F2 70 0A 00 00 50 88 D0 04 D8 26 05 5D A2 3C B3 06 4B F7 7B 83 9F ED 98 E5 CD 52 BE 0B 16 3F 2F CB DD FB A5 62 66 A2 4A 79 E8 C4 B5 10 1A E4 44 82 BA 91 35 4C 82 07 44 E2 0A 02 9A 59 65 10 25 D1 E4 5A F7 26 C2 51 31 2E A9 1D F7 65 74 A2 2C 7C 88 68 27 3F 81 60 2D BD CF D2 8E 0A D0 A5 F0 73 5A DA 55 38 53 49 45 5A 52 31 A2 82 99 9E 96 C8 E1 8D 3D 73 C2 C4 9A 21 82 D5 D5 ED 9B FE F3 13 65 CD CD 82 50 C2 4C 71 56 BF 07 39 4D 67 21 6F 72 B6 D5 BF EF 63 7F 10 DC 36 33 61 2B 7B F5 F1 42 F8 2E 38 A6 B6 A1 B7 02 C9 D1 C8 0D 5B C1 17 D1 28 6F C6 41 49 BA 4C DD 41 81 42 AA 1A EE 3F 67 6A 1F BF 5A 8B 8F BA 5C 8C D6 F5 91 C0 69 EF 5E C4 6D 6F 10 19 65 D5 44 0F DC F8 4D A4 7C 12 6A 17 67 8A EE F1 04 D3 56 CA 5C 7C 8F DD 3F DF A9 CD 54 61 B8 4A ED 02 EE 7F D2 F4 9D 5A C0 6D 4F C9 4C 6C A4 3D 63 4C 91 4C 16 D7 56 2A 29 ED AF EC DC 7A 38 02 12 0B B5 9D 25 1D 17 F6 FC 1B E2 E3 59 70 8D 5B E6 72 1B F5 47 E0 2E 27 32 7E C9 04 E8 A4 88 13 E1 F9 5C 32 92 ED 14 FF 2F DE 55 B7 7B 9D 7F 25 10 AB AC 77 D7 B1 7E 3A 1A 82 45 C4 D2 1A A4 EB C1 3A 2E 61 A7 FF E3 C0 04 E3 C5 BA 1D 3C FE 5F 43 86 DE 35 8E 05 A6 00 83 A7 27 96 39 C2 47 FD A5 2D F9 18 EB FC 62 94 54 98 FF 80 7E AB E2 1F D6 33 5D 62 57 8C 13 5A DA 52 FC 38 D7 AD 8D 9E CC EA EF 19 ED AA 1D BC 7B 51 3E 53 68 2A EB E9 EC 42 4A BA C9 FF 5B 9F 4B DF 95 AC C7 45 1B 3A D0 71 EE 3B F1 01 7C 05 8C 1E A9 FB 3A 9C 88 F2 2A 39 CA 11 44 C2 A3 FF FB 93 8C BC 27 86 A7 EC E6 74 C6 6C 41 5A B2 94 24 AF 75 C6 2F 04 4B 82 16 D2 B5 6E B6 94 E1 5F 13 FC F7 11 27 5B 91 36 18 8E 1C DC B6 E2 37 F2 F9 3F F8 16 EA BB 07 F1 81 3A 0F 6C CD 37 B3 CF 57 A5 91 31 A4 46 9F BF AE A2 68 E8 70 2D B5 64 AC 17 0C 9E B9 5A 30 9F 48 2E B9 1B 4E 01 B4 41 9D 65 E5 C7 6E 4A C2 5B DF 33 3C BD 21 82 B2 F1 62 E9 3C 00 7C 75 0D B7 8E 4C 23 B2 AB 97 B6 F5 64 3C 93 B2 64 08 8A F8 04 F7 2F 42 C3 EC 72 1D 5A 17 AD 4A D5 E9 CF 69 D8 19 9B 37 47 08 1A B0 F9 D4 1D C0 27 7E FE 8E 80 D5 A5 E0 DB 01 95 B2 D9 16 91 B2 CA 17 BE E9 BA A6 94 53 96 66 11 CA 9C 68 07 7A 02 10 2F 40 12 7E CE E4 CF 9E 99 09 7D 84 2F 41 9D 28 7E 52 2E 0A 7A 71 83 E0 66 C8 8F 53 A6 C6 F3 17 4B 5A 44 94 CA 48 0A A9 E2 2A D6 7B 3A E2 66 1E BB 9F 02 51 FF 23 85 A4 9B 08 54 6C 61 6A D9 91 2F A2 08 C3 DB 5D 98 21 DD 4F 4A AD 7C 2F 8B D3 B6 4C AA 80 13 6B 73 AF 01 82 E2 2A 6C A9 E7 3E 6C 05 E5 AD 04 61 7F 72 72 34 11 4B 39 2F B8 9D 70 28 20 A9 CD 87 59 3B E6 EB 6C 47 2C 50 70 71 48 38 CB 62 21 43 AA 9D 29 5C B0 D3 55 54 F8 06 3C AA D1 D2 0A F6 9C B7 29 48 D3 50 CB B5 AA D2 AC C4 A6 09 F5 AE 05 A5 47 51 80 CC 62 7E EC B6 AE 3A D9 BF AB B2 36 73 A6 60 D2 5D CC 32 FB DD AB 0F 8C 48 A2 E8 CA 52 EC AE FD 66 6B 67 8E 83 3C DA 8B 80 0C C1 CF 7A 83 A6 9E 5C FE 10 BB 05 55 BD 34 5F FE 2E 42 13 44 53 9D 26 9A 58 80 E9 C5 B7 98 37 9A E0 49 2F 39 A6 79 5F B5 06 17 37 CA C0 E6 FD 18 C7 3A 2A 3C 70 98 AC 5C 09 93 3F CC 6F 9F 19 C3 FE B9 7A 4A F5 85 A4 A0 4D D9 D5 01 A6 5B BB 6F 69 41 9F 52 94 F2 A7 B9 13 15 4C DB E7 E0 DA 16 F1 52 7C 4E 3B AE F9 5C 06 4C 7D A1 3F C9 36 07 A9 48 D0 45 1B F6 D7 1F 4F 0C 62 E9 06 7C 08 46 6F DF CF 43 7E 73 8C DD B7 35 D3 ED 56 59 F0 9A 73 31 BB 2F 78 FB 01 AA 68 EA 5D E8 66 CA AA CC 14 15 95 4E 3F 79 3B 72 AF 8E 9B 98 31 4B F8 30 4D 73 F6 12 64 00 52 6E A2 C7 54 17 9C CE 8B 62 17 B5 EB 88 EA BA 3B 61 F1 B1 67 D4 FE BE E4 89 EF F0 F3 98 95 FB B1 81 F7 47 C7 4E 13 EC 5D 33 54 27 BD 21 AE 75 87 DD DF FA 9B 31 97 EB 41 78 2B 09 B6 E0 D0 C4 A1 63 01 CD 7D 85 30 40 8C 04 A4 86 26 98 ED C3 D1 E4 51 8B B0 6F 18 25 67 63 4A 15 B2 22 53 9E 54 D5 33 C2 78 89 25 A9 EC 67 34 41 CC BB FA 97 DE 28 AF 14 04 B4 33 06 F7 08 0B 61 F8 AC 03 03 1D E7 DB 2C CC 41 CD EF 61 F3 FE 2D 76 2C C1 58 DD CD 8D DE 13 3D 78 20 A4 57 EE 36 32 73 6F B2 05 5F AE 52 1D 72 45 72 A9 95 5C E1 D2 B5 BC C3 0C 54 10 2A DE 4D D2 56 07 96 41 BF 58 D9 D8 8D E5 42 12 DA F3 D3 4B 22 A9 D7 D8 C7 57 FF 62 21 84 92 4C EF 80 10 E4 AD 99 8F E3 2B 05 A6 9D C8 7D 5E A8 8A AF 2B 30 F0 73 F8 49 E9 B9 8A 8B 5B 2E 68 85 0F CA E3 AB 04 B3 25 11 6F 58 34 9E E2 8A 9C 09 8F EF 0B D6 91 D0 28 0A 80 CC FD AA 0F 4E 73 17 25 63 79 45 27 7A 9F 9B 61 FF 8D AE 91 B3 75 3C 87 31 5E 36 C5 DD 69 4E 16 CD 07 29 E9 E0 D4 D2 A6 C3 2A E0 EF C8 50 DF F3 1C 29 C1 6F BD C3 00 F0 9A 1C 07 F2 9F 8D 5A 76 B5 01 02 15 1C 53 1C E1 54 CA F4 DB CE 1F 8F 63 87 14 58 CC DE 05 54 67 F9 8B B9 86 68 CC 3C 18 4C B7 4F 3A 09 ED 1C 78 9C 5D F8 93 92 A4 37 F1 10 BF 7A BE B7 6E 42 3A 21 BE 54 74 81 73 6E 4B 77 01 15 5C F6 FE F3 F4 BF 37 9A D7 1C A0 D7 1B E1 EF 0E 7F 5B DD 88 65 1B B2 D8 D0 21 AD 74 74 5B AF 87 A1 16 28 06 8D 89 82 A5 02 EB E7 C9 8A 99 EB 1A A0 ED 7F 07 7C 0F CE 1F B7 B3 4C DA CD FF 9D 1C 94 A8 09 D1 5D 7D 58 57 CA 5E 2C 68 2D B6 FC 76 E5 36 41 89 1A D0 3F E2 1B 5A F1 F7 0A B1 19 9E 32 24 80 F2 6A FB 8F C7 DC 0D 8D 3F 81 B7 E6 46 DF F5 C7 A0 2D 9A 84 8C 34 EC 63 98 BD 9E 58 D2 E6 2B 95 85 E1 0B 1F 7B BF 49 8F 30 74 26 CE 4E A6 0D BA 4D 2C 9E B5 4D 8C 59 0F BA 5F F3 B0 99 45 DC 0D 7B 97 AC 98 80 59 E2 36 D7 F1 3B D9 FA DD 15 84 4D B5 AE BD 89 4C 8F 51 3A 9B 7B 24 63 1A 6D E5 4F 0F B9 2F A7 A0 C4 AE 72 29 1F E8 04 35 DC 36 58 24 83 23 46 96 D0 26 B3 6E 96 2B 96 DD BE B2 BC E8 44 10 39 14 F4 F3 F9 08 D8 56 84 D9 71 C8 AF 30 9A E2 86 73 E5 21 E1 48 A9 DA E0 E3 88 1A 29 83 97 F3 70 22 6E B3 9F DF 94 2B 35 86 54 46 48 EE 14 99 26 AD E5 69 C8 3E DE 0B B6 2F 5B 0C E2 5F CE 4A D5 12 E3 F2 8D D7 C9 C9 46 72 50 2F FC 2E 94 84 6A AC FA 51 17 5B 7B 81 88 FC 47 A2 4C 08 D2 C8 DE 60 C3 C5 A7 7E 2F 14 68 2B 65 58 DA B1 2C 27 68 64 B3 0F 28 5F 2B C6 0F 53 C7 2A 08 24 8F 81 1D B7 A3 03 EE 59 2D 05 11 13 08 C4 1A CA F5 AE 94 65 78 0F 65 43 F5 83 7F A7 BA 8E 2C 07 7C F2 09 D3 87 5A 01 75 EC 0E F5 86 C5 47 BB 5F 23 C8 80 2C 8D E9 FD A9 2B BE E7 FE 37 F7 B7 FB 2B 47 05 50 E7 5F AC 69 F2 47 3A 8A 4C 93 0D 22 74 3E 6C BA 5A AE 29 10 F3 BF 41 0E A8 A2 84 CD A2 B4 C0 C8 66 58 2B CB E8 59 1A C4 06 87 C0 C5 DD FE 8E 2A C9 E9 7F 78 8A 56 0C 4F 3F 28 68 50 24 48 2E 31 C6 FC 85 30 89 43 59 16 0D E1 15 57 22 FE 91 0C 52 E9 8F E9 19 DB FF C6 09 8B B0 85 17 5E B5 6E 46 AC 40 D0 B8 06 DA 0C BB C3 E2 8C 1D 6D 2A 6A 06 30 84 5A 54 97 3B 9F 82 E2 CF 75 46 91 75 80 97 23 A4 E3 56 62 F8 CC F6 A0 66 82 52 26 19 AC D0 0E ED 98 11 3F 2C 85 D4 80 70 DE 1D 78 89 09 E1 26 CC 1A 65 64 3A 74 F3 25 34 A5 FE 07 FC E0 96 F0 76 74 36 90 EE E7 1C CB 49 86 44 80 7B 80 93 71 8F 89 FD C2 5B E2 46 F6 BA 84 45 8A D1 D9 3E FD D6 A1 51 25 98 78 BA 30 5A 90 0A C3 70 E3 B7 B3 7D 38 B8 BD CE 29 67 0F 25 09 2D 1A 7A CC 0B 8B 1E BF C1 89 84 36 50 A1 98 8D 33 D4 80 7E 7B 0D 6C EF 49 F4 42 5A 6D 9F 8E F4 C3 6E 61 BA DC DF 7D 2A 6C 39 3A EB 5B 7C 82 38 96 BC D6 E2 AF DD 3D C4 55 C7 62 8B 53 1B E0 53 F0 30 22 4D 0F FA DA 4A 7F FC 85 77 44 AC 64 4D 04 26 59 5E 79 CA 39 8A 9A 0A 17 EC B7 81 0F DD 26 FC C1 0F 79 A7 6A 2E D2 40 9E 76 3D 75 6C 25 67 51 78 27 61 EB 72 23 AC 0F E6 D9 BC 0D 99 B0 32 70 0C F7 4D 96 DC 0B 31 26 3B CB ED 52 FC 40 C3 89 10 06 E9 02 16 26 D7 7E 3B 9C BD 90 85 BA 0D 0A 5E 08 D5 CD 71 F1 B6 40 11 2E FB 9D 17 81 C8 87 81 CE 6E 94 D6 D7 3D E2 81 7A 6F B3 AC AD 11 45 67 6A 8B 55 41 00 70 00 F3 F9 8C E1 5C 66 B9 56 EA 0E A1 19 D6 98 37 3B F6 BF AC C8 12 8C BD CB A5 C9 27 45 8B 43 39 70 C0 E1 8A 28 30 F4 EB 6E B0 27 74 17 D9 4D C4 55 02 74 14 F5 CC BE 92 67 67 33 67 F7 68 AB 8F 76 C0 81 BF 90 11 49 4D F2 87 89 86 D5 80 88 20 4A 7E D5 E8 5A 97 D4 C1 5A 03 CA 95 A8 E7 F2 A2 D4 56 51 1E 8D 37 D5 B6 6B 48 66 AA DC FD 62 88 93 EC D3 D7 23 AD D4 65 75 15 50 6D 3C 38 98 9F 4C 89 66 5D CE CC F8 89 28 E4 A4 4A 4B DD 47 EA 9F 5E B6 5D CA 05 99 AB 4E 0A A3 CD 67 BE 96 B2 BD 4B 79 8C E3 E3 13 D0 69 77 E8 83 3A 29 24 11 E2 3C 7B 4A 4A 60 A0 30 9D 9A 57 A3 E5 A0 D6 DB 03 AC B1 4F 1B 8B 29 79 D3 AB 0F 6C BA FF 71 8D D5 FA 20 E0 C3 96 CC C8 88 1F 87 8A 18 A4 0B B1 D8 D9 82 84 83 9A 22 B3 4C 1B A4 A9 E3 DF 3D D7 29 6E 29 06 FB 14 2A 79 29 9C 6B 99 E9 C1 CE BA 95 D6 A1 3C E0 64 59 6B AC 8C E3 23 C2 AE A0 D8 16 52 0E 99 60 E9 B0 1F FF 65 3A 37 6F 68 B4 0D E4 69 6E 86 ED EA 83 37 52 3C 47 09 8B 58 87 9A 5E FE 9F 78 0C F6 10 A2 09 A4 76 75 6C 2A B0 2B 62 77 00 2A 2D 1F 71 AE B6 F6 7E 24 36 1B 83 53 95 AA 5B 64 72 81 80 B8 2D 5E 76 76 58 B6 A4 0F 57 5C 0E 6F DA E0 51 C5 40 00 00 00 2D 62 41 9B 22 A5 09 47 2C 0D AD 6F 24 7E 19 6B 95 3B 38 D1 E7 DE 10 9D FA AE 3F 9D 20 7F D0 53 51 15 15 15 69 42 2C 13 93 C5 FF 83 3D 17 9B 86 E4 A7 F3 0C ED EA 2B 03 B4 B4 76 E2 2B A8 3C 23

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceId

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

2C11000

trusted library allocation

page read and write

CEB000

heap

page read and write

D4A000

heap

page read and write

B30000

unkown

page readonly

F40C2FE000

stack

page read and write

CF6000

heap

page read and write

2DE2000

trusted library allocation

page read and write

24FE000

stack

page read and write

FF0000

heap

page read and write

D1C000

heap

page read and write

F8A000

heap

page read and write

39CD000

direct allocation

page read and write

CC1000

heap

page read and write

2584C9BE000

heap

page read and write

BE4000

unkown

page readonly

4D0C000

stack

page read and write

2DFD000

trusted library allocation

page read and write

8F5E000

stack

page read and write

D1C000

heap

page read and write

FFF000

heap

page read and write

D4D000

heap

page read and write

2D59000

trusted library allocation

page read and write

2D85000

trusted library allocation

page read and write

F10000

trusted library allocation

page read and write

1094000

unkown

page readonly

110000

heap

page read and write

CF6000

heap

page execute and read and write

9C7000

stack

page read and write

FE0000

heap

page read and write

109E000

unkown

page read and write

5410000

trusted library section

page readonly

371E000

direct allocation

page read and write

2584C6F0000

heap

page read and write

2DCD000

trusted library allocation

page read and write

5123000

heap

page read and write

CF7000

heap

page read and write

5420000

heap

page read and write

F8F000

heap

page read and write

D25000

heap

page read and write

7FD000

stack

page read and write

26D0000

heap

page read and write

2D76000

trusted library allocation

page read and write

F20000

heap

page read and write

199C000

heap

page read and write

5444000

trusted library allocation

page read and write

371E000

direct allocation

page read and write

371E000

direct allocation

page read and write

3580000

direct allocation

page read and write

E2E000

heap

page read and write

D5B000

heap

page read and write

364B000

direct allocation

page read and write

CF7000

heap

page read and write

B30000

unkown

page readonly

E00000

trusted library allocation

page read and write

D60000

heap

page read and write

D65000

heap

page read and write

33E0000

direct allocation

page read and write

2584C7F0000

heap

page read and write

2BD1000

trusted library allocation

page read and write

2584E240000

heap

page read and write

39C9000

direct allocation

page read and write

1094000

unkown

page readonly

2D61000

trusted library allocation

page read and write

19BE000

heap

page read and write

F4B000

heap

page read and write

199C000

heap

page read and write

8E5E000

stack

page read and write

F58000

heap

page read and write

1580000

heap

page read and write

E32000

trusted library allocation

page read and write

50E0000

trusted library allocation

page execute and read and write

D4A000

heap

page read and write

D1A000

heap

page read and write

FCE000

heap

page read and write

CB3000

heap

page read and write

1977000

heap

page read and write

3580000

direct allocation

page read and write

9CE000

stack

page read and write

555D000

stack

page read and write

F9C000

heap

page read and write

D8A000

heap

page read and write

1A0000

heap

page read and write

F28000

heap

page read and write

36AD000

direct allocation

page read and write

B30000

unkown

page readonly

38A0000

direct allocation

page read and write

373D000

direct allocation

page read and write

37AE000

direct allocation

page read and write

BEE000

unkown

page read and write

195F000

heap

page read and write

82C000

system

page execute and read and write

FBF000

heap

page read and write

D4C000

heap

page read and write

2D80000

trusted library allocation

page read and write

2D97000

trusted library allocation

page read and write

199C000

heap

page read and write

373D000

direct allocation

page read and write

183D000

stack

page read and write

3610000

direct allocation

page read and write

3593000

direct allocation

page read and write

39C9000

direct allocation

page read and write

3503000

direct allocation

page read and write

CF6000

heap

page read and write

3580000

direct allocation

page read and write

D3B000

heap

page read and write

3580000

direct allocation

page read and write

D0D000

heap

page read and write

19E000

stack

page read and write

3580000

direct allocation

page read and write

2DD3000

trusted library allocation

page read and write

400000

system

page execute and read and write

BE4000

unkown

page readonly

39C9000

direct allocation

page read and write

D1A000

heap

page read and write

792E000

stack

page read and write

8CDE000

stack

page read and write

2584C820000

heap

page read and write

FC4000

heap

page read and write

3470000

direct allocation

page read and write

199F000

heap

page read and write

D25000

heap

page read and write

3670000

direct allocation

page read and write

5430000

heap

page read and write

371E000

direct allocation

page read and write

A9000

stack

page read and write

199C000

heap

page read and write

2D91000

trusted library allocation

page read and write

D1A000

heap

page read and write

3700000

direct allocation

page read and write

2DCB000

trusted library allocation

page read and write

D1A000

heap

page read and write

10A7000

unkown

page readonly

17FC000

stack

page read and write

1AB2000

heap

page read and write

C30000

heap

page read and write

CC7000

heap

page execute and read and write

393D000

direct allocation

page read and write

2D5D000

trusted library allocation

page read and write

33E0000

direct allocation

page read and write

2CB7000

trusted library allocation

page read and write

402000

system

page execute and read and write

2BDD000

trusted library allocation

page read and write

2C7A000

trusted library allocation

page read and write

CCE000

heap

page read and write

1B0000

heap

page read and write

1524000

heap

page read and write

CF6000

heap

page read and write

2D7A000

trusted library allocation

page read and write

1977000

heap

page read and write

BEE000

unkown

page write copy

3810000

direct allocation

page read and write

D4E000

stack

page read and write

D3D000

heap

page read and write

5354000

heap

page read and write

6D10000

trusted library allocation

page read and write

50C0000

heap

page read and write

199E000

heap

page read and write

2690000

heap

page read and write

CF6000

heap

page read and write

F40BEFF000

stack

page read and write

C88000

heap

page read and write

3C0000

heap

page read and write

5690000

trusted library allocation

page read and write

CDD000

heap

page read and write

3939000

direct allocation

page read and write

14E0000

heap

page read and write

2E03000

trusted library allocation

page read and write

3823000

direct allocation

page read and write

4200000

direct allocation

page read and write

E57000

trusted library allocation

page execute and read and write

194F000

heap

page read and write

2DEC000

trusted library allocation

page read and write

49C000

stack

page read and write

CE2000

heap

page read and write

DB4000

heap

page read and write

3503000

direct allocation

page read and write

1977000

heap

page read and write

531A000

heap

page read and write

2DEA000

trusted library allocation

page read and write

2D3B000

trusted library allocation

page read and write

FAE000

stack

page read and write

2DEE000

trusted library allocation

page read and write

5596000

heap

page read and write

FF4000

heap

page read and write

3593000

direct allocation

page read and write

33E0000

direct allocation

page read and write

2D9B000

trusted library allocation

page read and write

2E01000

trusted library allocation

page read and write

2DD1000

trusted library allocation

page read and write

3350000

direct allocation

page read and write

1977000

heap

page read and write

194A000

heap

page read and write

711E000

heap

page read and write

D3C000

heap

page read and write

2CED000

trusted library allocation

page read and write

3470000

direct allocation

page read and write

D1A000

heap

page read and write

FE1000

unkown

page execute read

199C000

heap

page read and write

42E000

system

page execute and read and write

195A000

heap

page read and write

19DE000

heap

page read and write

2CBB000

trusted library allocation

page read and write

17CE000

stack

page read and write

E36000

trusted library allocation

page execute and read and write

2DE4000

trusted library allocation

page read and write

2D63000

trusted library allocation

page read and write

1900000

heap

page read and write

D25000

heap

page read and write

3823000

direct allocation

page read and write

9DB000

stack

page read and write

D50000

heap

page read and write

3939000

direct allocation

page read and write

2D7E000

trusted library allocation

page read and write

2DC3000

trusted library allocation

page read and write

CF6000

heap

page read and write

CB0000

heap

page read and write

2584C9B0000

heap

page read and write

E14000

trusted library allocation

page read and write

39AE000

direct allocation

page read and write

3610000

direct allocation

page read and write

F40000

heap

page read and write

36AD000

direct allocation

page read and write

3793000

direct allocation

page read and write

E3A000

trusted library allocation

page execute and read and write

2D93000

trusted library allocation

page read and write

35E0000

direct allocation

page read and write

36A9000

direct allocation

page read and write

2D82000

trusted library allocation

page read and write

4170000

direct allocation

page read and write

DC0000

heap

page read and write

F92000

heap

page read and write

BBF000

unkown

page readonly

DAE000

stack

page read and write

2D65000

trusted library allocation

page read and write

147F000

stack

page read and write

2584C855000

heap

page read and write

3000000

heap

page read and write

1942000

heap

page read and write

2BB0000

trusted library allocation

page read and write

1990000

heap

page read and write

2E05000

trusted library allocation

page read and write

2DB6000

trusted library allocation

page read and write

FE0000

unkown

page readonly

FAB000

heap

page read and write

3C15000

trusted library allocation

page read and write

36AD000

direct allocation

page read and write

BBF000

unkown

page readonly

FF8000

heap

page read and write

3670000

direct allocation

page read and write

1936000

heap

page read and write

DE4000

heap

page read and write

3E20000

heap

page read and write

CF6000

heap

page read and write

42B3000

direct allocation

page read and write

782D000

stack

page read and write

F40BCFF000

stack

page read and write

312F000

stack

page read and write

36A9000

direct allocation

page read and write

E52000

trusted library allocation

page read and write

1949000

heap

page execute and read and write

EF0000

trusted library allocation

page read and write

7110000

heap

page read and write

B10000

heap

page read and write

106F000

unkown

page readonly

1908000

heap

page read and write

18AF000

stack

page read and write

3810000

direct allocation

page read and write

FE6000

heap

page read and write

195E000

heap

page read and write

371E000

direct allocation

page read and write

3939000

direct allocation

page read and write

CC8000

heap

page read and write

3739000

direct allocation

page read and write

38A0000

direct allocation

page read and write

42C1000

direct allocation

page read and write

6D32000

trusted library allocation

page read and write

50D0000

trusted library allocation

page read and write

7DB000

stack

page read and write

BEE000

unkown

page read and write

BF7000

unkown

page readonly

13F7000

heap

page read and write

36AD000

direct allocation

page read and write

3793000

direct allocation

page read and write

2DC7000

trusted library allocation

page read and write

CF0000

heap

page read and write

E70000

trusted library allocation

page read and write

7EF000

stack

page read and write

2E4C000

trusted library allocation

page read and write

E13000

trusted library allocation

page execute and read and write

2D5F000

trusted library allocation

page read and write

E0F000

heap

page read and write

F40BBFE000

stack

page read and write

B0E000

stack

page read and write

2D95000

trusted library allocation

page read and write

D07000

heap

page read and write

5560000

trusted library allocation

page execute and read and write

2DB2000

trusted library allocation

page read and write

2E47000

trusted library allocation

page read and write

F1F000

trusted library allocation

page read and write

9FC000

stack

page read and write

3503000

direct allocation

page read and write

121F000

stack

page read and write

CB8000

heap

page read and write

14BE000

stack

page read and write

35A000

stack

page read and write

ED0000

trusted library allocation

page read and write

13EC000

stack

page read and write

D25000

heap

page read and write

199C000

heap

page read and write

5570000

heap

page read and write

2DB4000

trusted library allocation

page read and write

3593000

direct allocation

page read and write

1500000

direct allocation

page read and write

BBF000

unkown

page readonly

D3B000

heap

page read and write

18E0000

heap

page read and write

37AE000

direct allocation

page read and write

2D99000

trusted library allocation

page read and write

199C000

heap

page read and write

5440000

trusted library allocation

page read and write

1A93000

heap

page read and write

3670000

direct allocation

page read and write

EBE000

stack

page read and write

BE4000

unkown

page readonly

CFE000

heap

page read and write

532A000

heap

page read and write

8D1E000

stack

page read and write

7BE000

stack

page read and write

E1D000

trusted library allocation

page execute and read and write

E5B000

trusted library allocation

page execute and read and write

14AD000

stack

page read and write

5080000

trusted library allocation

page read and write

1520000

heap

page read and write

D4A000

heap

page read and write

CB2000

heap

page read and write

193E000

heap

page read and write

2BB4000

trusted library allocation

page read and write

D6A000

heap

page read and write

F40BAFA000

stack

page read and write

37AE000

direct allocation

page read and write

D6B000

heap

page read and write

BF2000

unkown

page write copy

36A9000

direct allocation

page read and write

13F0000

heap

page read and write

17DB000

stack

page read and write

5450000

heap

page read and write

1941000

heap

page execute and read and write

E30000

trusted library allocation

page read and write

36AD000

direct allocation

page read and write

CBA000

heap

page read and write

111E000

stack

page read and write

D1A000

heap

page read and write

3793000

direct allocation

page read and write

D1D000

heap

page read and write

5322000

heap

page read and write

B31000

unkown

page execute read

5300000

heap

page execute and read and write

2CE6000

trusted library allocation

page read and write

F40C5FB000

stack

page read and write

EC0000

trusted library allocation

page execute and read and write

EDA000

stack

page read and write

5090000

trusted library allocation

page execute and read and write

CC0000

heap

page execute and read and write

BF2000

unkown

page write copy

2BCE000

trusted library allocation

page read and write

D25000

heap

page read and write

2E07000

trusted library allocation

page read and write

1977000

heap

page read and write

5100000

trusted library allocation

page read and write

2DFF000

trusted library allocation

page read and write

3503000

direct allocation

page read and write

3004000

heap

page read and write

38A0000

direct allocation

page read and write

BF7000

unkown

page readonly

1977000

heap

page read and write

CC1000

heap

page read and write

FE1000

unkown

page execute read

F50000

heap

page read and write

1A38000

heap

page read and write

199E000

heap

page read and write

2D55000

trusted library allocation

page read and write

E10000

trusted library allocation

page read and write

2BD6000

trusted library allocation

page read and write

3739000

direct allocation

page read and write

F40C3FE000

stack

page read and write

3E24000

heap

page read and write

F65000

heap

page read and write

F40C4FE000

stack

page read and write

BEE000

unkown

page write copy

2D8F000

trusted library allocation

page read and write

F00000

trusted library allocation

page read and write

39AE000

direct allocation

page read and write

106F000

unkown

page readonly

36A9000

direct allocation

page read and write

FE0000

unkown

page readonly

CEF000

heap

page execute and read and write

15D000

stack

page read and write

B30000

unkown

page readonly

CD8000

heap

page read and write

2DC9000

trusted library allocation

page read and write

BF7000

unkown

page readonly

3503000

direct allocation

page read and write

2B0F000

stack

page read and write

1935000

heap

page read and write

BE4000

unkown

page readonly

33E0000

direct allocation

page read and write

3470000

direct allocation

page read and write

1942000

heap

page read and write

9BE000

stack

page read and write

10A2000

unkown

page write copy

55C7000

heap

page read and write

39AE000

direct allocation

page read and write

3739000

direct allocation

page read and write

2C00000

heap

page read and write

BBF000

unkown

page readonly

E2D000

trusted library allocation

page execute and read and write

2DA2000

trusted library allocation

page read and write

393D000

direct allocation

page read and write

393D000

direct allocation

page read and write

3E0000

heap

page read and write

5310000

heap

page read and write

2DF0000

trusted library allocation

page read and write

1977000

heap

page read and write

A60000

heap

page read and write

D5C000

heap

page read and write

B31000

unkown

page execute read

5050000

trusted library allocation

page read and write

3810000

direct allocation

page read and write

D0D000

heap

page read and write

2BF5000

trusted library allocation

page read and write

8CA000

stack

page read and write

19BF000

heap

page read and write

5120000

heap

page read and write

3D0000

heap

page read and write

10A7000

unkown

page readonly

2BE2000

trusted library allocation

page read and write

E40000

heap

page read and write

FFA000

heap

page read and write

F60000

heap

page read and write

20FE000

stack

page read and write

C80000

heap

page read and write

3C11000

trusted library allocation

page read and write

796E000

stack

page read and write

2BF0000

trusted library allocation

page read and write

D4A000

heap

page read and write

CF6000

heap

page read and write

D6A000

heap

page read and write

E3F000

heap

page read and write

D5C000

heap

page read and write

F40C1FE000

stack

page read and write

2DB9000

trusted library allocation

page read and write

F40BFFF000

stack

page read and write

5575000

heap

page read and write

B31000

unkown

page execute read

3A3E000

direct allocation

page read and write

2CE2000

trusted library allocation

page read and write

E20000

trusted library allocation

page read and write

8E1F000

stack

page read and write

17BF000

stack

page read and write

3610000

direct allocation

page read and write

2BBB000

trusted library allocation

page read and write

2584C7D0000

heap

page read and write

109E000

unkown

page write copy

CDE000

heap

page read and write

7CE000

stack

page read and write

19BE000

heap

page read and write

36A9000

direct allocation

page read and write

2D74000

trusted library allocation

page read and write

D4A000

heap

page read and write

2584C886000

heap

page read and write

3823000

direct allocation

page read and write

52FB000

stack

page read and write

2DE6000

trusted library allocation

page read and write

B31000

unkown

page execute read

2D5B000

trusted library allocation

page read and write

33E0000

direct allocation

page read and write

39CD000

direct allocation

page read and write

EE0000

heap

page execute and read and write

39CD000

direct allocation

page read and write

535A000

heap

page read and write

CF0000

heap

page read and write

5590000

heap

page read and write

2D0E000

trusted library allocation

page read and write

33BB000

direct allocation

page read and write

3A3E000

direct allocation

page read and write

2584C9B5000

heap

page read and write

D4A000

heap

page read and write

3A3E000

direct allocation

page read and write

D1A000

heap

page read and write

3700000

direct allocation

page read and write

2DCF000

trusted library allocation

page read and write

BF7000

unkown

page readonly

FD5000

heap

page read and write

3700000

direct allocation

page read and write

373D000

direct allocation

page read and write

5580000

heap

page read and write

CE3000

heap

page read and write

There are 488 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Payment_Advice.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPayment_Advice.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
Payment_Advice.exe