Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Plat#U0103 revizuit#U0103_shrunk.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

C:\Program Files (x86)\AutoIt3\Au3Check.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Au3Info.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\AutoIt3\Uninstall.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Google\Update\Install\{EB80938B-EC00-4683-A2CC-456206E3A4E1}\117.0.5938.134_117.0.5938.132_chrome_updater.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source user\OSE.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\BHO\ie_to_edge_stub.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\Installer\setup.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\cookie_exporter.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\elevation_service.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\identity_helper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedge.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedge_proxy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedge_pwa_launcher.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedgewebview2.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\notification_helper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\pwahelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\Installer\setup.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\cookie_exporter.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\elevation_service.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedge.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedge_proxy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedge_pwa_launcher.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedgewebview2.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\notification_click_helper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\pwahelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Plat#U0103 revizuit#U0103_shrunk.exe.log

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\3582-490\Plat#U0103 revizuit#U0103_shrunk.exe

data

dropped

C:\Users\user\AppData\Local\Temp\chrome.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\tmpAD6D.tmp

XML 1.0 document, ASCII text

dropped

C:\Users\user\AppData\Roaming\iKHPXKiqI.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Windows\svchost.com

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_iKHPXKiqI.exe_8cf6f1bb73c4a69833becd4571ee63fd323f1b8_4f01b740_dd80d1a1-d7b2-44f8-9e93-df8a6108e173\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER99B6.tmp.dmp

Mini DuMP crash report, 15 streams, Wed Sep 25 16:51:27 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4F2.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5ED.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

modified

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ah5oilww.euw.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iwpa5zab.z24.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kusuwbis.xwi.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mr53nlb5.pu2.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rigokiaf.bho.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vprijzvl.exw.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x1ycrxc2.jxp.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ye04fsqm.luf.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp5023.tmp

data

modified

C:\Users\user\AppData\Local\Temp\tmpBF9D.tmp

XML 1.0 document, ASCII text

modified

C:\Users\user\AppData\Roaming\iKHPXKiqI.exe:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

There are 186 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe

"C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\iKHPXKiqI.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\iKHPXKiqI" /XML "C:\Users\user\AppData\Local\Temp\tmpAD6D.tmp"

C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe

"C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe"

C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe

"C:\Users\user\Desktop\Plat#U0103 revizuit#U0103_shrunk.exe"

C:\Users\user\AppData\Roaming\iKHPXKiqI.exe

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\wbem\WmiPrvSE.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 1748

There are 2 hidden processes, click here to show them.

URLs

Name

Malicious

https://api.telegram.org/bot7000875199:AAGcJDBHFcfVUBvhBO4xZLw34OXk1NWXSe0/

unknown

http://tempuri.org/IRoamingSettingsService/WriteSettings

unknown

http://www.autoitscript.com/autoit3/J

unknown

https://account.dyn.com/

unknown

http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.Service

unknown

http://tempuri.org/DataSet1.xsd

unknown

https://unitedstates1.ss.wd.microsoft.us/

unknown

http://tempuri.org/

unknown

http://tempuri.org/IRoamingSettingsService/DisableUserResponse

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

http://www.autoitscript.com/autoit3/

unknown

https://www.autoitscript.com/autoit3/

unknown

http://xml.org/sax/properties/lexical-handlerhttp://xml.org/sax/features/namespace-prefixeshttp://xm

unknown

http://tempuri.org/IRoamingSettingsService/WriteSettingsResponse

unknown

http://tempuri.org/IRoamingSettingsService/ReadSettings

unknown

http://canonicalizer.ucsuri.tcs/68007400740070003a002f002f00https://F

unknown

http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjectsItemsSortKeyArrayOfR

unknown

https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith

unknown

http://tempuri.org/IRoamingSettingsService/GetConfig

unknown

http://tempuri.org/IRoamingSettingsService/GetConfigResponse

unknown

http://tempuri.org/IRoamingSettingsService/WriteSettingshttp://tempuri.org/IRoamingSettingsService/R

unknown

http://tempuri.org/IRoamingSettingsService/DisableUser

unknown

http://%s/r/rlidVBASelfCert?clid=%d1.3.6.1.5.5.7.3.32.5.29.372.5.29.11.2.840.113549.1.1.5SelfSignedC

unknown

http://tempuri.org/IRoamingSettingsService/ReadSettingsResponse

unknown

http://www.autoitscript.com/autoit3/8

unknown

http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjects

unknown

http://tempuri.org/IRoamingSettingsService/EnableUser

unknown

https://unitedstates2.ss.wd.microsoft.us/

unknown

https://unitedstates4.ss.wd.microsoft.us/

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://tempuri.org/IRoamingSettingsService/EnableUserResponse

unknown

https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff

unknown

There are 22 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command

NULL

Details

TargetID:	10
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
Value name:	NULL
Value data:	C:\Windows\svchost.com "%1" %*

Signature Hits	Behavior Group	Mitre Attack
Creates an undocumented autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Sigma detected: Classes Autorun Keys Modification	System Summary

HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

LangID

HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

C:\Windows\svchost.com.FriendlyAppName

HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

C:\Windows\svchost.com.ApplicationCompany

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

Details

TargetID:	15
Path:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
Value name:	DeviceTicket
Value data:	01 00 00 00 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 FD 96 F6 B7 4C 73 21 4D A1 FD 36 D0 39 A9 45 F6 00 00 00 00 02 00 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 04 3C 2B D9 B2 A7 B2 43 9A D6 F8 0A 31 DE 4F 38 AA A2 CD C6 E0 A5 B2 4A 37 C4 18 31 1D B9 7B A9 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 C7 BF 4D D6 9A A0 62 21 44 64 C9 9E 13 82 F6 F1 8E 2C 6C CF 1E F6 59 E2 75 0F 57 D7 CB EB 14 13 20 08 00 00 3E 11 A8 E8 24 94 F0 40 58 EE 44 C2 57 4B 2E F8 53 0F 35 1D E7 53 6F AF F9 2B 92 81 45 DB 02 87 22 05 68 9F BC 66 C8 AE A1 D5 BA 05 B8 CB 23 4F 32 70 A9 28 A6 D6 0E 5B 7C 41 A7 30 6F CB 99 93 DB 2D 91 FF C4 13 A4 F7 43 8B 9D 48 32 58 3F 3D 1D D8 26 4D FA 19 D2 06 41 31 89 9B DB 10 E7 2F 9D 82 F3 5B 88 AA DC A2 E3 43 9E 7D E1 23 9E CA ED 9B 70 1C 02 0D 75 D6 49 06 B3 93 B0 98 0C 3B 6D 20 36 58 E1 C8 3D 70 C4 98 ED D4 41 D5 48 FB E1 4C 6D 83 AF E4 A4 3A A8 44 00 62 14 AF 41 EF 3D 6D 5D 9F 28 F8 B2 E6 27 0D 2C 9F 41 8B E5 FC CD BD 33 F4 E5 75 55 9C 44 3C A3 3A ED C8 87 0B BA 8B 9C 71 19 DD 25 F2 B8 15 BB F3 60 8F DC 6B AD B6 3E 12 E3 87 5C 5B CA A1 69 EB FB 35 FC 18 14 6C 4B FB BD A3 41 00 3D E2 29 45 80 5A 36 BA 51 93 9D 33 35 D0 5E 23 AF 95 B1 B4 AE BB 9F 2D A7 6A 80 77 99 72 0E A5 C0 FB 75 51 15 E5 E0 AD 74 BB 10 9F CA 4B 53 CE 1D D7 D7 39 70 16 F5 CE 7D 6B C9 AF 94 54 DA DD B1 13 F3 EB 63 0E 7B 5B 3A D0 0B 03 F4 BF 8B 7C C2 BD 03 82 48 31 67 13 36 46 D4 91 7D 29 CA EF FD 88 82 D0 58 D2 74 63 35 85 E6 FD 21 B9 B6 65 AA FD 83 89 49 8D DB 0E 5C 7C C9 1B 8C 12 07 AF 1C 1B B7 16 AC 37 0F 4E 16 47 FA 8B 96 23 B6 97 D2 EC CA 00 C8 05 CA 10 01 F0 D9 C9 6B 5A 11 73 42 7C DE E9 42 79 09 88 64 6C 1D 7D CF 22 7C 31 69 FF 8D F9 DB D2 DB C1 D3 DC D7 17 42 D1 0B 07 C4 3C 6B AC B2 88 EA 11 A7 18 B9 93 C8 F1 76 F1 75 BE 4D 8E B6 4D AF EF C2 F0 5A 96 88 3E 89 6C FC B7 8E 06 2E 0F 39 37 D9 88 A3 ED A0 77 B8 30 82 C0 DC 01 78 CB 5E A7 25 74 BF 23 B6 70 B3 D8 C3 45 5D 0A 24 CF F2 D0 71 F9 82 FC 01 79 71 6D 83 C4 18 78 A0 CA A9 41 8A A8 9B 57 F1 76 77 D0 A6 E8 E0 4D 8A 30 8A 5A 80 5D 39 47 62 AC 97 B2 D0 CC 2D 98 05 B1 42 D9 B6 6A CE 34 62 20 79 E6 25 1A 31 6F 12 52 E1 06 F4 42 D8 75 85 14 4E 08 D9 80 DD BF F8 D6 ED 16 97 9E 08 39 75 77 1F 1F 86 7E 38 32 1C 4A 74 30 A3 2C 8A F1 EE F8 AE C5 1E F4 EA F5 12 5E 42 57 D6 50 22 3A AF D2 C7 FA 9C 87 08 18 B5 DC 7C 6F F4 2A BD CD 3A BC EE 63 52 56 5B 74 F9 37 5F F5 8B D7 AD 83 19 91 7F 7F 14 50 FB E8 2E 2F 68 90 FF C2 83 32 6E 66 A3 96 B8 B4 19 80 B7 FE A7 14 B9 A5 71 86 DE 35 F2 C7 EC 1B 45 32 76 88 56 61 32 91 F1 7B 93 AD 65 F4 A5 64 30 3A EA 07 C4 C1 5A 48 9D 64 86 D7 19 CB B9 71 18 6D 80 C0 07 AD 4F F6 EC 16 9D C0 F1 1D 7C 74 C5 5B EE 28 75 04 F5 07 99 DB AC 8A 64 1C 45 B4 08 74 DE C9 F4 87 09 D4 F6 ED F6 96 75 2D 44 6A C6 5E 88 FE A6 97 69 25 09 BD 6A 6B F9 25 18 8E B4 C3 A6 79 5A AC 7D F4 69 6F 01 AD CD BA 12 EC AB 9A 0B BC E8 9A A2 DC 56 D0 A5 07 E3 46 BE EA 87 30 BA 45 9D C2 44 8E 41 09 47 05 84 7E 77 DF 55 EC 3F E4 F1 E5 4E DF 1D 81 B5 2E 97 AE 89 C4 31 82 81 AA F5 9E 76 5E BD 2C 2C 6C 08 B4 E1 38 13 84 91 0E 92 AE 0C 65 C0 E3 05 28 11 7D 55 71 3F C7 B6 C2 C1 94 F9 26 93 62 67 6D 8D 32 0C 49 94 72 87 B5 6D 99 38 F1 E2 09 22 EC D5 22 28 84 F6 63 75 3F E3 08 6F 4E 8C 3E 49 68 36 90 3E 55 55 1A 18 BB D2 BF F4 75 3D 68 5B 02 4D 88 73 0B 63 CF 6A 3F C9 28 B5 A2 85 61 B2 5A D3 69 5A 69 F2 A2 46 D3 8E 14 7D 8C 27 3E 91 CD C9 6B A3 72 7C 11 A3 A5 B2 88 52 98 9A 56 72 E4 F5 F7 58 60 76 5B A0 52 44 10 5F AD 5A BB FB 57 8D E0 B5 F3 75 F4 1F AF 3D 76 88 32 E8 8D 2E 95 E2 FF 46 03 59 9F 4B A7 27 C0 48 19 44 CF 8A 1D F6 54 FA FF 55 67 78 DA 73 02 4B F8 09 10 3F B9 CE D4 AB 43 1E 5C 8C F4 D4 B5 50 25 E9 F6 C9 01 FE AC 2F D6 B6 E5 48 A1 EF 75 C3 E7 14 AB E4 72 77 42 B9 A8 69 4B 1B 1F 12 AD 1E 03 AB 8F 36 D3 C5 44 1C BF D4 33 FC BC 78 58 DD 76 1D 6E 93 A9 E2 3C DA 5C 30 B7 A9 57 A9 96 5B 15 AC 9B 21 53 91 D9 01 DA 57 AF A3 69 FC A0 09 2F A5 A1 1A AD 05 EE C2 96 7A 30 61 5C 14 C3 CC 25 4A 2B 4F 37 67 4C 68 3F 8C F0 DE 16 A2 24 AB E0 E9 62 92 0B 77 B9 A8 A5 29 31 74 68 05 83 92 3D B7 C9 0C AB E4 1E D3 0F 22 FF C8 CB 0E 22 A2 1C B0 F1 E7 C6 86 B2 3A A3 79 9D 4F 65 12 CB DA C4 03 AE 3B 00 22 AE AB 17 4F 7E 94 E2 1F 95 0A 8B D1 B8 D0 E1 EB C2 30 27 3D 57 19 1B 19 1D 9B F9 D3 F5 E9 B8 E0 1C 32 61 72 14 FC 9F 8D 44 1E 52 D3 4B D6 47 10 95 38 A6 4C 06 6B 3D 99 F1 53 7B DB 09 3E A2 80 82 5D 0B A4 4E D9 81 90 FA 18 81 D5 1E B4 EE 2C BD 3E 6E BF E5 B1 50 76 D0 29 F6 88 29 66 3B 03 63 BC E1 7C AB 43 6A 91 2B 76 C4 F8 1F 12 8C C5 18 DD FE 1D 54 7B 3F 0B 04 55 5F D9 94 0D 53 32 1C F5 41 09 04 DA 84 BB 5F 6E 1B 95 02 1E D7 6F 20 FB 94 3B C1 69 13 CF 94 2D 50 12 41 21 DD 6A 10 97 41 ED 04 86 D3 91 B4 91 1D 64 0E 52 13 1F 92 9D 8D 62 47 D4 7F 73 70 B6 45 21 72 8C C8 55 5C 80 9F 2F C8 D3 C9 10 3F 10 95 45 47 48 25 7C 98 2C 80 4C 89 B1 42 BF B5 47 2A 9D 2A 8D 2A 52 15 A8 23 34 8B 1B C0 E8 92 DB 39 C4 9E 55 A1 7C 3D C8 3A 57 9D FB 20 EE 8C BE 51 3B B7 21 72 7F C5 7C 86 6F A3 91 3B D7 C2 DC 51 09 F0 AD D6 FE A0 05 AC CD 0B 95 8F 5D 96 BC 82 75 38 32 87 51 5D EC 16 12 61 55 92 F8 C5 0B 96 15 66 28 C8 02 57 4F 81 74 47 DE 35 9C B3 3C 4B BC FB 15 CD 67 9F 5F 24 9C 37 E2 2B 35 8E 69 0D 55 EA 28 3B 40 09 5E 4C E9 A9 FD 89 A4 CC 0C 1A 49 BE 4E B2 70 05 0F 12 5E 42 68 3C 10 86 BD 5C 26 AE CC E0 46 4C 48 F5 39 B4 A8 3E 23 B7 B4 F2 FF 5A 42 95 11 B4 D4 5D A9 02 C3 B4 69 67 E7 F4 02 DD 25 31 0C E0 12 0C 17 E2 E9 EC 89 43 6E 8F C7 2C DC 42 A1 8C D6 48 C7 DA 7B 42 1A 94 CB 6E 39 E6 88 3C BF 6F 06 C9 2B C3 EC 3B 11 ED 47 41 70 A1 82 71 7C 79 03 C1 B7 C5 A6 80 DC 0C 49 60 BE 16 6D 70 DB B3 AB 28 10 2E 8A CE D6 90 40 A2 AF 19 79 B9 A5 F5 FF 67 48 21 85 68 C0 6E 99 78 72 57 CA 87 8E 58 E7 E6 41 33 2C 4F CD 0F 2F 1B 4B 24 91 DE B8 65 12 68 1C AA C9 F5 80 73 69 4E 8A 71 50 B6 1C 11 C7 FB D9 BE 27 92 AB 85 94 24 CE 3C 0A 7A 8E 68 6E C9 FF 59 BA 50 B2 6C A6 5E 59 50 CD 81 44 9E CD 87 9C B2 15 43 2F 8F 1A F9 D3 A4 37 19 64 33 75 A4 5B D5 A9 AD DE DD 23 46 A5 AD 85 99 5C CB 8C 00 35 1A D6 F5 AF FF 87 F8 6A 20 DF B5 1C 90 F4 22 AB F4 80 15 12 15 38 99 E4 64 E4 AA 7C 5F 73 8B 2B FF E8 22 B6 0D 37 B5 CC 18 FC 96 AF A1 C5 36 CF AB 0E 90 A2 E3 59 EA 79 CF 7D 94 B9 25 E8 97 50 92 E2 68 13 BD FB 3C 18 44 9A 76 5B 61 AE 32 ED DA 8D 65 F2 F3 97 99 43 6E C9 C4 F4 E8 7E 40 93 4B 09 CF C5 03 80 DA C3 E5 91 15 69 37 D7 ED 55 B5 1E 81 85 CD C6 5C 1A B8 28 60 6B BD B4 17 93 21 A6 A8 D0 A2 95 0C 58 1F 54 1F FB 5F D7 C1 03 C8 61 16 91 76 85 0A 52 A2 FF B4 96 74 EE E4 6F 9C A8 4C 4E 27 F9 04 71 EB 43 99 6A 68 35 F2 9D 58 DB D5 F1 AD 2F 21 A7 58 68 1F A7 19 82 71 41 AE A3 F8 F5 0B 01 B7 E5 DE 7B 65 40 07 59 C6 4C 99 B8 65 FA BB 18 47 90 52 3F DA 46 63 86 FE 47 31 0A 49 2C B8 F9 66 82 DC 14 A0 BB 2E 2E 0F 1E 6C 04 F2 76 B2 66 E9 36 BE 6B C6 B2 68 CE D2 83 57 D1 B5 E3 EC 40 00 00 00 3D B2 D8 8F 1B 8F 06 FF CC E8 C8 06 82 02 C2 FC 52 A3 8E 4A 24 50 21 D1 88 C2 84 D9 48 C4 1D 10 48 5A 70 29 D4 E0 C8 5E 1C 38 A6 59 1A 98 4F 46 35 F1 8A E4 92 81 BB A6 CB 9A 09 63 C2 DD DF 80

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

ApplicationFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018000DDABBE6B3

Details

TargetID:	15
Path:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
Value name:	0018000DDABBE6B3
Value data:	01 00 00 00 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 FD 96 F6 B7 4C 73 21 4D A1 FD 36 D0 39 A9 45 F6 00 00 00 00 02 00 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 E7 CB 6F 64 F0 55 9E E9 CE 8B 8D 02 74 B1 8F BD 5D 21 5B AC 5A 92 F7 8E B4 1C AD C2 B8 EB 1B 50 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 E7 C1 E7 07 97 8A 2E 16 5F 8C 78 7B CB 2D E7 F8 D0 A0 87 02 2C 14 48 79 B7 22 B4 0B 24 00 68 C0 80 00 00 00 C1 24 FC 22 85 6F CB 28 F9 39 49 A2 C0 60 7C 05 A1 85 AE EB 02 74 FC 91 B4 AE C5 77 A9 09 77 CE FF 3B 32 23 11 F8 05 5E 32 61 65 35 02 70 88 B4 A5 07 43 BC 89 62 68 A8 F0 BC 1C 40 4D 78 6D 18 FC 12 D9 61 0D 49 4F 77 3B 86 E8 33 26 96 AE D3 6A 31 1B 69 0E 7F 54 76 B1 EE 69 83 86 75 01 4D A9 55 4B C1 11 F1 EC 42 30 A2 14 B9 71 66 F5 3A 14 37 77 8E 19 7D 5E C4 8D 3E 81 9E 94 2C 10 22 40 00 00 00 F4 B5 43 9C 37 66 5A FD 2A 58 DC 83 CF 75 BF AE D2 CC 0C 40 11 78 51 02 D1 81 1C 5C 37 B0 25 C9 61 C7 5A 75 A4 C4 BE CB 73 E9 7D 10 6F 00 45 C8 63 81 78 A6 B2 E2 00 F3 97 93 47 8A 2F E6 E5 50

Memdumps

Base Address

Regiontype

Protect

Malicious

400000

remote allocation

page execute and read and write

3C49000

trusted library allocation

page read and write

2CA7000

trusted library allocation

page read and write

3DDA000

trusted library allocation

page read and write

52A0000

trusted library section

page readonly

13A0000

heap

page read and write

7FDF0000

trusted library allocation

page execute and read and write

D42000

heap

page read and write

794E000

stack

page read and write

6F64000

heap

page read and write

4C48000

trusted library allocation

page read and write

11E7000

trusted library allocation

page execute and read and write

5426000

trusted library allocation

page read and write

1400000

heap

page read and write

2B9F000

stack

page read and write

CD9000

stack

page read and write

5360000

trusted library section

page read and write

D0E000

heap

page read and write

2F5E000

stack

page read and write

3CA0000

heap

page read and write

1451000

heap

page read and write

7BBF000

stack

page read and write

2F16000

heap

page read and write

2C20000

trusted library allocation

page read and write

34BE000

stack

page read and write

5450000

trusted library allocation

page read and write

2BA4000

trusted library allocation

page read and write

1370000

heap

page read and write

1365000

heap

page read and write

52C0000

heap

page read and write

7A7E000

stack

page read and write

5910000

heap

page read and write

5170000

trusted library allocation

page execute and read and write

11DA000

trusted library allocation

page execute and read and write

343E000

stack

page read and write

54CB000

trusted library allocation

page read and write

37CF000

stack

page read and write

152F000

stack

page read and write

34C4000

heap

page read and write

13B5000

heap

page read and write

5180000

trusted library allocation

page read and write

13C5000

heap

page read and write

1310000

heap

page read and write

D40000

heap

page read and write

722A000

heap

page read and write

12CE000

stack

page read and write

2B1A000

stack

page read and write

130D000

trusted library allocation

page execute and read and write

5310000

trusted library allocation

page read and write

11A0000

trusted library allocation

page read and write

7E50000

trusted library section

page read and write

2BF5000

trusted library allocation

page read and write

2CE2000

trusted library allocation

page read and write

307B000

heap

page read and write

543E000

stack

page read and write

13EF000

heap

page read and write

2CD0000

trusted library allocation

page read and write

30C1000

trusted library allocation

page read and write

5370000

heap

page execute and read and write

12E0000

trusted library allocation

page read and write

30B0000

heap

page execute and read and write

40C1000

trusted library allocation

page read and write

117E000

stack

page read and write

390E000

stack

page read and write

5440000

trusted library allocation

page read and write

A8CE000

stack

page read and write

5770000

trusted library allocation

page read and write

7532000

trusted library allocation

page read and write

2CC7000

trusted library allocation

page read and write

A60E000

stack

page read and write

A34D000

stack

page read and write

12D0000

trusted library allocation

page read and write

2CE6000

trusted library allocation

page execute and read and write

540E000

trusted library allocation

page read and write

2CE0000

trusted library allocation

page read and write

13F2000

heap

page read and write

420A000

trusted library allocation

page read and write

5404000

trusted library allocation

page read and write

3CB0000

heap

page read and write

11C0000

trusted library allocation

page read and write

A64E000

stack

page read and write

189E000

stack

page read and write

11B4000

trusted library allocation

page read and write

A89E000

stack

page read and write

13BE000

heap

page read and write

2BF0000

trusted library allocation

page read and write

1300000

trusted library allocation

page read and write

542D000

trusted library allocation

page read and write

2C30000

heap

page execute and read and write

5460000

heap

page read and write

7B0E000

heap

page read and write

13C5000

heap

page read and write

F1E000

stack

page read and write

2BD2000

trusted library allocation

page read and write

6F30000

heap

page read and write

5470000

trusted library allocation

page read and write

529C000

stack

page read and write

2E9D000

stack

page read and write

12C0000

trusted library allocation

page execute and read and write

2BA0000

trusted library allocation

page read and write

6F4B000

heap

page read and write

5300000

trusted library allocation

page read and write

11D2000

trusted library allocation

page read and write

71A0000

trusted library allocation

page read and write

1320000

heap

page read and write

1317000

heap

page read and write

2BC6000

trusted library allocation

page read and write

2EF8000

trusted library allocation

page read and write

36CE000

stack

page read and write

52F0000

trusted library allocation

page read and write

CF7000

stack

page read and write

2F0E000

stack

page read and write

2D5E000

stack

page read and write

54E0000

trusted library allocation

page read and write

11D0000

trusted library allocation

page read and write

1418000

heap

page read and write

7B07000

heap

page read and write

54C2000

trusted library allocation

page read and write

570F000

trusted library section

page readonly

74B0000

trusted library allocation

page read and write

54F0000

heap

page read and write

1412000

heap

page read and write

2CF0000

trusted library allocation

page read and write

34C0000

heap

page read and write

822000

unkown

page readonly

A54E000

stack

page read and write

54C8000

trusted library allocation

page read and write

5760000

heap

page read and write

A7CE000

stack

page read and write

58F0000

heap

page read and write

128F000

stack

page read and write

2CC5000

trusted library allocation

page read and write

107E000

stack

page read and write

1120000

heap

page read and write

5168000

trusted library allocation

page read and write

7AF5000

heap

page read and write

1330000

heap

page read and write

12A0000

heap

page read and write

71C0000

trusted library allocation

page execute and read and write

1140000

heap

page read and write

416F000

trusted library allocation

page read and write

3127000

trusted library allocation

page read and write

2EC0000

trusted library allocation

page execute and read and write

D9F000

heap

page read and write

5150000

heap

page read and write

1190000

heap

page read and write

6F7F000

heap

page read and write

131E000

stack

page read and write

D0B000

heap

page read and write

58F5000

heap

page read and write

1200000

trusted library allocation

page read and write

133A000

heap

page read and write

5700000

trusted library section

page readonly

1303000

trusted library allocation

page execute and read and write

77CF000

stack

page read and write

128C000

stack

page read and write

2C41000

trusted library allocation

page read and write

124E000

stack

page read and write

7C0E000

stack

page read and write

9D0000

heap

page read and write

5400000

trusted library allocation

page read and write

13F4000

heap

page read and write

3010000

heap

page read and write

2ED0000

heap

page read and write

2CFB000

trusted library allocation

page execute and read and write

5162000

trusted library allocation

page read and write

A9B0000

heap

page read and write

5335000

heap

page read and write

2EE0000

heap

page read and write

A9A0000

heap

page read and write

5890000

trusted library allocation

page read and write

52E0000

trusted library allocation

page read and write

2ED0000

trusted library allocation

page read and write

2BD0000

heap

page read and write

D00000

heap

page read and write

52D0000

heap

page read and write

3A0F000

stack

page read and write

541E000

trusted library allocation

page read and write

5E30000

heap

page read and write

56FB000

stack

page read and write

42B1000

trusted library allocation

page read and write

565D000

stack

page read and write

7BFE000

stack

page read and write

1290000

heap

page read and write

5740000

trusted library allocation

page read and write

11E0000

heap

page read and write

2F10000

heap

page read and write

5421000

trusted library allocation

page read and write

A85C000

stack

page read and write

2BCE000

unkown

page read and write

12F0000

heap

page read and write

F30000

heap

page read and write

2EE8000

heap

page read and write

118E000

stack

page read and write

DB5000

heap

page read and write

AAFE000

stack

page read and write

2BBE000

trusted library allocation

page read and write

38CF000

stack

page read and write

5660000

heap

page read and write

5445000

trusted library allocation

page read and write

52B0000

heap

page read and write

7D0F000

stack

page read and write

802E000

stack

page read and write

133E000

heap

page read and write

7160000

trusted library allocation

page execute and read and write

2BC1000

trusted library allocation

page read and write

11B0000

trusted library allocation

page read and write

ED0000

heap

page read and write

1330000

heap

page read and write

11E2000

trusted library allocation

page read and write

1405000

heap

page read and write

1373000

heap

page read and write

1145000

heap

page read and write

2F1B000

heap

page read and write

3138000

trusted library allocation

page read and write

9D5000

heap

page read and write

5432000

trusted library allocation

page read and write

780E000

stack

page read and write

2BE0000

trusted library allocation

page read and write

588E000

stack

page read and write

3090000

trusted library allocation

page read and write

2CF2000

trusted library allocation

page read and write

A99E000

stack

page read and write

D9A000

heap

page read and write

11BD000

trusted library allocation

page execute and read and write

2CEA000

trusted library allocation

page execute and read and write

11EB000

trusted library allocation

page execute and read and write

5900000

heap

page read and write

11C3000

trusted library allocation

page read and write

AC7C000

stack

page read and write

1130000

stack

page read and write

790F000

stack

page read and write

A9FE000

stack

page read and write

5690000

heap

page read and write

30A0000

trusted library allocation

page read and write

D35000

heap

page read and write

97A000

stack

page read and write

AB7C000

stack

page read and write

820000

unkown

page readonly

3C41000

trusted library allocation

page read and write

7160000

trusted library section

page read and write

5760000

trusted library allocation

page execute and read and write

103A000

stack

page read and write

12C0000

heap

page read and write

347E000

stack

page read and write

56A0000

trusted library allocation

page execute and read and write

51A0000

trusted library allocation

page execute and read and write

DD7000

stack

page read and write

7060000

heap

page read and write

12F0000

trusted library allocation

page read and write

13EF000

heap

page read and write

5450000

trusted library allocation

page read and write

1401000

heap

page read and write

54C0000

trusted library allocation

page read and write

2F1F000

unkown

page read and write

35CE000

stack

page read and write

308D000

stack

page read and write

13D3000

heap

page read and write

434C000

trusted library allocation

page read and write

7E0E000

stack

page read and write

A75C000

stack

page read and write

2BAB000

trusted library allocation

page read and write

5AA0000

trusted library allocation

page read and write

7A4E000

stack

page read and write

11E5000

heap

page read and write

5720000

heap

page read and write

54D0000

trusted library allocation

page execute and read and write

2EA0000

heap

page read and write

7380000

trusted library allocation

page read and write

5730000

trusted library allocation

page read and write

5330000

heap

page read and write

5300000

trusted library allocation

page execute and read and write

2D10000

trusted library allocation

page read and write

7F180000

trusted library allocation

page execute and read and write

418000

remote allocation

page execute and read and write

2CD3000

trusted library allocation

page read and write

40C9000

trusted library allocation

page read and write

7CFE000

stack

page read and write

A5CE000

stack

page read and write

2ADD000

stack

page read and write

159E000

stack

page read and write

52C3000

heap

page read and write

1040000

heap

page read and write

3094000

trusted library allocation

page read and write

11D6000

trusted library allocation

page execute and read and write

1304000

trusted library allocation

page read and write

7AD0000

heap

page read and write

2BCD000

trusted library allocation

page read and write

5440000

trusted library allocation

page read and write

2B80000

heap

page read and write

11E0000

trusted library allocation

page read and write

5780000

heap

page execute and read and write

54F3000

heap

page read and write

5860000

trusted library allocation

page read and write

2CDD000

trusted library allocation

page execute and read and write

720E000

stack

page read and write

54B0000

heap

page read and write

540B000

trusted library allocation

page read and write

4DDC000

stack

page read and write

9F0000

heap

page read and write

5710000

heap

page read and write

2CF7000

trusted library allocation

page execute and read and write

DCD000

heap

page read and write

762D000

stack

page read and write

72AE000

stack

page read and write

5750000

heap

page read and write

3070000

heap

page read and write

7ABE000

stack

page read and write

2C00000

trusted library allocation

page read and write

11B3000

trusted library allocation

page execute and read and write

103E000

stack

page read and write

7190000

trusted library allocation

page read and write

58EE000

stack

page read and write

11DE000

stack

page read and write

71AE000

stack

page read and write

7F2E000

stack

page read and write

5160000

trusted library allocation

page read and write

2F9F000

stack

page read and write

13A8000

heap

page read and write

12F7000

heap

page read and write

5670000

heap

page read and write

11CD000

trusted library allocation

page execute and read and write

2E5F000

stack

page read and write

There are 313 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Plat#U0103 revizuit#U0103_shrunk.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPlat#U0103 revizuit#U0103_shrunk.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
Plat#U0103 revizuit#U0103_shrunk.exe