Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

file.exe

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp3035.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp3045.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp3056.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp3067.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp3087.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp3097.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp30A8.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp5469.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp546A.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp546B.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp547B.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp6621.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp6631.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp6642.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp6652.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp6663.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp6674.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp6684.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp8BF7.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp8C08.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp8C28.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp8C29.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp8C3A.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp8C4B.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp9B9F.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp9BB0.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp9BD0.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp9BE1.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp9BF1.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp9C02.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmpC31B.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpC34B.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpC36B.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpD0BF.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmpD0CF.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmpD0F0.tmp

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpD100.tmp

dropped

C:\Users\user\AppData\Local\Temp\tmpF9DD.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpF9EE.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpF9FF.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpFA1F.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpFA30.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

There are 34 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6724
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	97792
MD5:	14BD964C6E45AC40D474F56D03CB98CE
Time:	16:31:02
Date:	24/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x300000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6760
Target ID:	1
Parent PID:	6724
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	16:31:02
Date:	24/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://91.92.251.170:1334/

91.92.251.170

91.92.251.170:1334

https://ipinfo.io/ip%appdata%

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/Endpoint/CheckConnectResponse

unknown

http://schemas.datacontract.org/2004/07/

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX

unknown

http://91.92.251.170:1334

unknown

http://tempuri.org/Endpoint/EnvironmentSettings

unknown

https://api.ip.sb/geoip%USERPEnvironmentROFILE%

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/

unknown

http://tempuri.org/Endpoint/CheckConnect

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Endpoint/VerifyUpdateResponse

unknown

http://tempuri.org/Endpoint/SetEnvironment

unknown

http://tempuri.org/Endpoint/SetEnvironmentResponse

unknown

http://tempuri.org/Endpoint/GetUpdates

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://api.ipify.orgcookies//settinString.Removeg

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://tempuri.org/Endpoint/GetUpdatesResponse

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://tempuri.org/Endpoint/EnvironmentSettingsResponse

unknown

http://tempuri.org/Endpoint/VerifyUpdate

unknown

http://tempuri.org/0

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

There are 24 hidden URLs, click here to show them.

Domains

Name

Malicious

api.ip.sb

unknown

IPs

Domain

Country

Malicious

91.92.251.170

unknown

Bulgaria

Details

IP:	91.92.251.170
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34368
ASN name:	THEZONEBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\file_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

302000

unkown

page readonly

5EE9000

heap

page read and write

3AB000

stack

page read and write

273D000

stack

page read and write

8E0000

trusted library allocation

page read and write

28AA000

trusted library allocation

page read and write

274B000

trusted library allocation

page read and write

51E0000

trusted library allocation

page read and write

89D000

stack

page read and write

2790000

heap

page execute and read and write

900000

trusted library allocation

page read and write

51EE000

trusted library allocation

page read and write

68C2000

trusted library allocation

page read and write

D00000

trusted library allocation

page read and write

73A0000

heap

page read and write

5DEE000

stack

page read and write

C8E000

stack

page read and write

60BF000

trusted library allocation

page read and write

68E8000

trusted library allocation

page read and write

7FB40000

trusted library allocation

page execute and read and write

2751000

trusted library allocation

page read and write

37B8000

trusted library allocation

page read and write

60C4000

trusted library allocation

page read and write

60BA000

trusted library allocation

page read and write

618F000

stack

page read and write

50D0000

trusted library allocation

page execute and read and write

7040000

trusted library allocation

page execute and read and write

978000

heap

page read and write

70F0000

trusted library allocation

page read and write

6092000

trusted library allocation

page read and write

2B4E000

trusted library allocation

page read and write

27F0000

trusted library allocation

page read and write

4F40000

trusted library allocation

page read and write

6FEB000

stack

page read and write

4F30000

trusted library allocation

page read and write

68CC000

trusted library allocation

page read and write

4F90000

trusted library allocation

page read and write

60A8000

trusted library allocation

page read and write

5EAA000

heap

page read and write

4E2E000

stack

page read and write

4D20000

heap

page execute and read and write

2817000

trusted library allocation

page read and write

60E0000

trusted library allocation

page read and write

60AF000

trusted library allocation

page read and write

276E000

trusted library allocation

page read and write

4CDE000

stack

page read and write

37CB000

trusted library allocation

page read and write

382C000

trusted library allocation

page read and write

70A0000

trusted library allocation

page execute and read and write

70C0000

trusted library allocation

page read and write

3940000

trusted library allocation

page read and write

910000

trusted library allocation

page read and write

37AE000

trusted library allocation

page read and write

66FB000

heap

page read and write

7C0F000

stack

page read and write

D14000

trusted library allocation

page read and write

25B0000

heap

page read and write

39F0000

trusted library allocation

page read and write

5ECD000

heap

page read and write

51DF000

stack

page read and write

60C0000

trusted library allocation

page read and write

66EB000

heap

page read and write

398B000

trusted library allocation

page read and write

6230000

trusted library allocation

page read and write

6909000

trusted library allocation

page read and write

3845000

trusted library allocation

page read and write

8E3000

trusted library allocation

page execute and read and write

710000

heap

page read and write

73BA000

heap

page read and write

91B000

trusted library allocation

page execute and read and write

7D0E000

stack

page read and write

65AE000

stack

page read and write

553E000

stack

page read and write

282D000

trusted library allocation

page read and write

D26000

heap

page read and write

7F0000

heap

page read and write

2C58000

trusted library allocation

page read and write

6950000

trusted library allocation

page read and write

2780000

trusted library allocation

page read and write

5F20000

trusted library allocation

page read and write

70D0000

trusted library allocation

page execute and read and write

7100000

trusted library allocation

page read and write

614D000

stack

page read and write

6090000

trusted library allocation

page read and write

61B0000

trusted library allocation

page read and write

68ED000

trusted library allocation

page read and write

501D000

trusted library allocation

page read and write

4F70000

trusted library allocation

page execute and read and write

3829000

trusted library allocation

page read and write

3992000

trusted library allocation

page read and write

958000

heap

page read and write

4D10000

trusted library allocation

page read and write

652E000

stack

page read and write

489D000

stack

page read and write

656E000

stack

page read and write

CF0000

trusted library allocation

page read and write

508D000

stack

page read and write

2762000

trusted library allocation

page read and write

61A0000

trusted library allocation

page execute and read and write

3997000

trusted library allocation

page read and write

3B94000

trusted library allocation

page read and write

66FF000

heap

page read and write

3839000

trusted library allocation

page read and write

751E000

stack

page read and write

8D0000

trusted library allocation

page read and write

5F80000

trusted library allocation

page execute and read and write

5F30000

trusted library allocation

page execute and read and write

8ED000

trusted library allocation

page execute and read and write

66E6000

heap

page read and write

6920000

trusted library allocation

page read and write

27A1000

trusted library allocation

page read and write

622E000

stack

page read and write

7130000

heap

page read and write

5540000

trusted library allocation

page read and write

29D0000

trusted library allocation

page read and write

95E000

heap

page read and write

B4F000

stack

page read and write

8FD000

trusted library allocation

page execute and read and write

D1A000

trusted library allocation

page read and write

8F0000

trusted library allocation

page read and write

7030000

trusted library allocation

page read and write

51EB000

trusted library allocation

page read and write

5F7E000

stack

page read and write

381D000

trusted library allocation

page read and write

50CD000

stack

page read and write

6099000

trusted library allocation

page read and write

3816000

trusted library allocation

page read and write

850000

heap

page read and write

930000

trusted library allocation

page read and write

CCC000

stack

page read and write

29E0000

trusted library allocation

page read and write

2C29000

trusted library allocation

page read and write

2C86000

trusted library allocation

page read and write

6F8000

stack

page read and write

2C8C000

trusted library allocation

page read and write

3985000

trusted library allocation

page read and write

5EE3000

heap

page read and write

940000

trusted library allocation

page execute and read and write

70E0000

heap

page read and write

7120000

heap

page read and write

5E52000

heap

page read and write

8E4000

trusted library allocation

page read and write

61E0000

heap

page read and write

29D4000

trusted library allocation

page read and write

60D2000

trusted library allocation

page read and write

66B8000

heap

page read and write

5000000

trusted library allocation

page read and write

5CEE000

stack

page read and write

CD0000

heap

page read and write

3832000

trusted library allocation

page read and write

D20000

heap

page read and write

37CE000

trusted library allocation

page read and write

6095000

trusted library allocation

page read and write

2C2F000

trusted library allocation

page read and write

68C6000

trusted library allocation

page read and write

2A3B000

trusted library allocation

page read and write

68DE000

trusted library allocation

page read and write

68D4000

trusted library allocation

page read and write

5E18000

heap

page read and write

5BAD000

stack

page read and write

7060000

trusted library allocation

page read and write

917000

trusted library allocation

page execute and read and write

70B0000

trusted library allocation

page read and write

501A000

trusted library allocation

page read and write

5F22000

trusted library allocation

page read and write

4CE0000

trusted library allocation

page read and write

D2B000

heap

page read and write

60D0000

trusted library allocation

page read and write

68F2000

trusted library allocation

page read and write

37B2000

trusted library allocation

page read and write

60D5000

trusted library allocation

page read and write

73B6000

heap

page read and write

D10000

trusted library allocation

page read and write

990000

heap

page read and write

37D2000

trusted library allocation

page read and write

4FA0000

trusted library allocation

page execute and read and write

7110000

trusted library allocation

page read and write

7360000

trusted library allocation

page execute and read and write

28AC000

trusted library allocation

page read and write

66B0000

heap

page read and write

6910000

trusted library allocation

page read and write

C4E000

stack

page read and write

6956000

trusted library allocation

page read and write

2AF2000

trusted library allocation

page read and write

2740000

trusted library allocation

page read and write

29D6000

trusted library allocation

page read and write

68B0000

trusted library allocation

page read and write

5EFF000

heap

page read and write

723E000

stack

page read and write

993000

heap

page read and write

5CAE000

stack

page read and write

4F80000

trusted library allocation

page read and write

8C0000

heap

page read and write

5040000

trusted library allocation

page execute and read and write

950000

heap

page read and write

37BF000

trusted library allocation

page read and write

5E10000

heap

page read and write

2BAA000

trusted library allocation

page read and write

68F5000

trusted library allocation

page read and write

300000

unkown

page readonly

60AA000

trusted library allocation

page read and write

2A97000

trusted library allocation

page read and write

3860000

trusted library allocation

page read and write

855000

heap

page read and write

68D8000

trusted library allocation

page read and write

2820000

trusted library allocation

page read and write

68E1000

trusted library allocation

page read and write

3850000

trusted library allocation

page read and write

5EDB000

heap

page read and write

6900000

trusted library allocation

page read and write

26FE000

stack

page read and write

906000

trusted library allocation

page execute and read and write

68C4000

trusted library allocation

page read and write

5EB7000

heap

page read and write

3822000

trusted library allocation

page read and write

65B0000

heap

page read and write

5E28000

heap

page read and write

2756000

trusted library allocation

page read and write

2831000

trusted library allocation

page read and write

60B5000

trusted library allocation

page read and write

5EF4000

heap

page read and write

2C5D000

trusted library allocation

page read and write

7050000

trusted library allocation

page read and write

7390000

trusted library allocation

page execute and read and write

28CF000

trusted library allocation

page read and write

37C4000

trusted library allocation

page read and write

380F000

trusted library allocation

page read and write

37A1000

trusted library allocation

page read and write

902000

trusted library allocation

page read and write

74DE000

stack

page read and write

915000

trusted library allocation

page execute and read and write

608E000

stack

page read and write

26BF000

stack

page read and write

4FF0000

trusted library allocation

page read and write

68E6000

trusted library allocation

page read and write

7070000

trusted library allocation

page execute and read and write

4CF1000

trusted library allocation

page read and write

4F2E000

stack

page read and write

5EDE000

heap

page read and write

83E000

stack

page read and write

25AE000

stack

page read and write

5030000

trusted library allocation

page read and write

383E000

trusted library allocation

page read and write

5020000

trusted library allocation

page read and write

24D8000

trusted library allocation

page read and write

985000

heap

page read and write

912000

trusted library allocation

page read and write

68CF000

trusted library allocation

page read and write

There are 238 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
file.exe