Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

$RMH4FA8.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.out

ASCII text, with very long lines (3008), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf\ISLConfiguration.ini

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf\cmdline.txt

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\ISLStaticConfiguration.ini

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\icon.ico

MS Windows icon resource - 10 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\logo.bmp

PC bitmap, Windows 3.x format, 311 x 80 x 24, cbSize 74694, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\VNC-blue-ikone.bmp

PC bitmap, Windows 3.x format, 330 x 30 x 32, image size 39602, resolution 2834 x 2834 px/m, cbSize 39656, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\background.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, resolution 2834 x 2834 px/m, cbSize 3126, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-ctrl-dsk-small.bmp

PC bitmap, Windows 3.x format, 120 x 29 x 24, image size 10440, resolution 3780 x 3780 px/m, cbSize 10494, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-dsk-vnc-ex.bmp

PC bitmap, Windows 3.x format, 190 x 34 x 24, image size 19448, resolution 2834 x 2834 px/m, cbSize 19502, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-dsk-vnc.bmp

PC bitmap, Windows 3.x format, 500 x 34 x 24, image size 51000, resolution 2834 x 2834 px/m, cbSize 51054, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-vnc-top.bmp

PC bitmap, Windows 3.x format, 96 x 24 x 24, image size 6914, resolution 2834 x 2834 px/m, cbSize 6968, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btns-ft.bmp

PC bitmap, Windows 3.x format, 550 x 32 x 24, image size 52866, resolution 2834 x 2834 px/m, cbSize 52920, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-chooser.bmp

PC bitmap, Windows 3.x format, 750 x 38 x 24, image size 85576, resolution 3780 x 3780 px/m, cbSize 85630, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-connect.bmp

PC bitmap, Windows 3.x format, 750 x 38 x 24, image size 85576, resolution 2834 x 2834 px/m, cbSize 85630, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-start-frame.bmp

PC bitmap, Windows 3.x format, 144 x 36 x 24, image size 15552, resolution 2834 x 2834 px/m, cbSize 15606, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-start.bmp

PC bitmap, Windows 3.x format, 144 x 36 x 32, image size 20736, resolution 2834 x 2834 px/m, cbSize 20790, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons.bmp

PC bitmap, Windows 3.x format, 550 x 32 x 24, image size 52866, resolution 2834 x 2834 px/m, cbSize 52920, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-bk-black.bmp

PC bitmap, Windows 3.x format, 55 x 58 x 24, image size 9744, cbSize 9798, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-bk-gray-top.bmp

PC bitmap, Windows 3.x format, 63 x 45 x 24, image size 8640, cbSize 8694, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-bk-gray.bmp

PC bitmap, Windows 3.x format, 47 x 30 x 24, image size 4320, resolution 2834 x 2834 px/m, cbSize 4374, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-edit.bmp

PC bitmap, Windows 3.x format, 180 x 24 x 24, image size 12960, resolution 2834 x 2834 px/m, cbSize 13014, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\close_info.bmp

PC bitmap, Windows 3.x format, 16 x 16 x 32, image size 1026, resolution 2834 x 2834 px/m, cbSize 1080, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\custom_texts.ini

ASCII text

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\dialog_205.xml

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\dlgframe.bmp

PC bitmap, Windows 3.x format, 85 x 80 x 24, image size 20480, resolution 2834 x 2834 px/m, cbSize 20534, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ic-backspace.bmp

PC bitmap, Windows 3.x format, 24 x 24 x 32, image size 2304, resolution 3780 x 3780 px/m, cbSize 2358, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ic-enter.bmp

PC bitmap, Windows 3.x format, 24 x 24 x 32, image size 2304, resolution 3780 x 3780 px/m, cbSize 2358, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-enter.bmp

PC bitmap, Windows 3.x format, 24 x 24 x 32, image size 2304, resolution 2835 x 2835 px/m, cbSize 2358, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-exit.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-play.bmp

PC bitmap, Windows 3.x format, 84 x 28 x 32, image size 9410, resolution 2834 x 2834 px/m, cbSize 9464, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-settings.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\incurves.bmp

PC bitmap, Windows 3.x format, 81 x 72 x 24, image size 17570, resolution 2834 x 2834 px/m, cbSize 17624, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\mail.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\outcurves.bmp

PC bitmap, Windows 3.x format, 95 x 83 x 24, image size 23904, resolution 2834 x 2834 px/m, cbSize 23958, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\pin.bmp

PC bitmap, Windows 3.x format, 40 x 20 x 32, image size 3200, resolution 2835 x 2835 px/m, cbSize 3254, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\skin_data.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\slider_btns.bmp

PC bitmap, Windows 3.x format, 90 x 18 x 24, image size 4898, resolution 2834 x 2834 px/m, cbSize 4952, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\slider_inner.bmp

PC bitmap, Windows 3.x format, 36 x 26 x 24, image size 2810, resolution 2834 x 2834 px/m, cbSize 2864, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-audio.bmp

PC bitmap, Windows 3.x format, 13 x 12 x 24, image size 482, resolution 3779 x 3779 px/m, cbSize 536, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-desktop.bmp

PC bitmap, Windows 3.x format, 12 x 11 x 24, image size 398, resolution 2834 x 2834 px/m, cbSize 452, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-file.bmp

PC bitmap, Windows 3.x format, 16 x 14 x 24, image size 674, resolution 2834 x 2834 px/m, cbSize 728, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-video.bmp

PC bitmap, Windows 3.x format, 12 x 10 x 24, image size 362, resolution 3779 x 3779 px/m, cbSize 416, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\titlebar-vnc-top.bmp

PC bitmap, Windows 3.x format, 640 x 29 x 24, image size 55680, resolution 2834 x 2834 px/m, cbSize 55734, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\titlebar-vnc.bmp

PC bitmap, Windows 3.x format, 320 x 28 x 24, image size 26880, resolution 2834 x 2834 px/m, cbSize 26934, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_arrow-up.bmp

PC bitmap, Windows 3.x format, 20 x 20 x 32, image size 1600, resolution 2835 x 2835 px/m, cbSize 1654, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_arrow.bmp

PC bitmap, Windows 3.x format, 20 x 20 x 32, image size 1600, resolution 2835 x 2835 px/m, cbSize 1654, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_files.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_chat_audio.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_chat_video.bmp

PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_start_sharing.bmp

PC bitmap, Windows 3.x format, 18 x 18 x 32, image size 1296, resolution 2835 x 2835 px/m, cbSize 1350, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_stop_sharing.bmp

PC bitmap, Windows 3.x format, 18 x 18 x 32, image size 1296, resolution 2835 x 2835 px/m, cbSize 1350, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_ik-VNC-top.bmp

PC bitmap, Windows 3.x format, 30 x 14 x 32, image size 1680, resolution 2835 x 2835 px/m, cbSize 1734, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\white.bmp

PC bitmap, Windows 3.x format, 17 x 17 x 24, image size 884, cbSize 938, bits offset 54

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\source_pkg.dat

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\trace.out

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\translations\LangAll.tr2

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\address

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\port

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\query

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\use_http

very short file (no magic)

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\use_https

very short file (no magic)

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf_static\caption

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\connection_keys\connection_keys

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

ASCII text, with very long lines (3008), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\translations\translations

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_043065b2e452ce2cf70257bf9425894cba1c5de87ed10248a2b672c5c399c723 (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_3ed70ed34cf00c10cc154e384abd36a689ae85d7c5b9bae1ab71608ebbb9fb8c (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_419ef57f0b28960c833825d468211467de332c0e3dfadec7b6e72b82ed3c04b7 (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_45390ea339a822941ab593a53883383e16a0d5f46ac05d5b9c7b49218cb8014e (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_68e7d0a5d2fbad6a95db87b21edc997063a5b30d2660721392f4498ac45d20b5 (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_b5ca13e92e299006b18361a251e52720a13c30ba0c08a23fc19e6b6ba3b0c01f (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_ccc40b01224b537ac32e8a9ac7abe0c619020bafddf89f6f60f98345b23e5563 (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_e05fc368b8b5e4bdfc11af1c131268794ca22b3ce2da363e9d7d1418b807ce98 (copy)

data

dropped

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\tmp_7564_7596

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\ISL Light Client.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 1 02:38:49 2024, mtime=Tue Oct 1 02:38:49 2024, atime=Tue Oct 1 02:38:49 2024, length=14648, window=hide

dropped

There are 74 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

ISL_Light_Client_4_4_2332_44_49919761.exe

Details

Is windows:	false
Is dropped:	true
PID:	7664
Target ID:	1
Parent PID:	7564
Name:	ISL_Light_Client_4_4_2332_44 49919761.exe
Path:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
Commandline:	ISL_Light_Client_4_4_2332_44_49919761.exe
Size:	1974240
MD5:	D84CB294555A00A98C35FE808177007E
Time:	23:38:48
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc40000
Modulesize:	114688
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\Desktop\$RMH4FA8.exe

"C:\Users\user\Desktop\$RMH4FA8.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7564
Target ID:	0
Parent PID:	2580
Name:	$RMH4FA8.exe
Path:	C:\Users\user\Desktop\$RMH4FA8.exe
Commandline:	"C:\Users\user\Desktop\$RMH4FA8.exe"
Size:	594944
MD5:	BE23DC8179B9AA8DDCFE08BE342C27CB
Time:	23:38:43
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x470000
Modulesize:	114688
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary

URLs

Name

Malicious

http://www.apache.org/licenses/LICENSE-2.0).P

unknown

http://www.islonline.com

unknown

http://www.islonline.com/help?%5%

unknown

http://www.islonline.com/r301?

unknown

Details

Name:	http://www.islonline.com/r301?
TargetID:	-1
From Memory:	true
Source:	ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.apache.org/licenses/LICENSE-2.0).

unknown

http://www.islonline.com/r301?&topic=SETTINGS_PLUGINS_AVAILABLESETTINGS_PLUGINS_LOADEDplugin

unknown

Details

Name:	http://www.islonline.com/r301?&topic=SETTINGS_PLUGINS_AVAILABLESETTINGS_PLUGINS_LOADEDplugin
TargetID:	-1
From Memory:	true
Source:	ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.apache.org/licenses/LICENSE-2.0).6L

unknown

Details

Name:	http://www.apache.org/licenses/LICENSE-2.0).6L
TargetID:	1
From Memory:	true
Current Path:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
Source:	ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1829930988.000000000330F000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.apache.org/licenses/LICENSE-2.0).invalid

unknown

Details

Name:	http://www.apache.org/licenses/LICENSE-2.0).invalid
TargetID:	-1
From Memory:	true
Source:	$RMH4FA8.exe, 00000000.00000002.1703433838.000000006D002000.00000002.00000001.01000000.00000004.sdmp, $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.islonline.com/help?p=isl-light&v=3-2&f=html&l=%5%

unknown

Domains

Name

Malicious

isllight-myipaicohlcbrbhl.islonline.net

139.144.234.209

Details

Name:	isllight-myipaicohlcbrbhl.islonline.net
IP:	139.144.234.209
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

networkstart-ivfqcxy.islonline.net

195.201.59.111

Details

Name:	networkstart-ivfqcxy.islonline.net
IP:	195.201.59.111
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

networkstart-myipaicohlcbpwnb.islonline.net

170.187.160.42

Details

Name:	networkstart-myipaicohlcbpwnb.islonline.net
IP:	170.187.160.42
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

170.187.160.42

networkstart-myipaicohlcbpwnb.islonline.net

United States

Details

IP:	170.187.160.42
TargetID:	0
Current Path:	C:\Users\user\Desktop\$RMH4FA8.exe
Country:	United States
Countrycode:	USA
ASN number:	7018
ASN name:	ATT-INTERNET4US
Private:	false
Domain:	networkstart-myipaicohlcbpwnb.islonline.net

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

139.144.234.209

isllight-myipaicohlcbrbhl.islonline.net

United States

Details

IP:	139.144.234.209
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
Country:	United States
Countrycode:	USA
ASN number:	8968
ASN name:	BT-ITALIAIT
Private:	false
Domain:	isllight-myipaicohlcbrbhl.islonline.net

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

195.201.59.111

networkstart-ivfqcxy.islonline.net

Germany

Details

IP:	195.201.59.111
TargetID:	0
Current Path:	C:\Users\user\Desktop\$RMH4FA8.exe
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false
Domain:	networkstart-ivfqcxy.islonline.net

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network

grid_id

HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network

cp_protocol

HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network

key_cs

Details

TargetID:	0
Path:	HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Value name:	key_cs
Value data:	2D 2D 2D 2D 2D 42 45 47 49 4E 20 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D 2D 2D 0D 0A 4D 49 49 42 6A 6A 43 42 2B 41 49 4A 41 4E 69 77 6A 53 75 4A 76 76 4A 6A 4D 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 42 51 55 41 4D 41 77 78 43 6A 41 49 42 67 4E 56 42 41 4D 54 41 54 45 77 0D 0A 48 68 63 4E 4D 44 6B 77 4D 54 49 7A 4D 44 67 30 4F 54 51 31 57 68 63 4E 4D 7A 59 77 4E 6A 41 35 4D 44 67 30 4F 54 51 31 57 6A 41 4D 4D 51 6F 77 43 41 59 44 56 51 51 44 45 77 45 78 4D 49 47 66 0D 0A 4D 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 41 51 55 41 41 34 47 4E 41 44 43 42 69 51 4B 42 67 51 44 4B 65 58 4F 50 6D 2F 30 2F 70 55 37 33 67 6C 35 67 79 6F 6E 2B 7A 4F 43 76 55 54 75 50 0D 0A 4B 72 59 54 55 39 34 47 31 4D 7A 42 35 53 6C 56 55 6A 77 61 4B 46 48 66 43 62 65 66 67 2B 4A 6B 65 43 66 6F 38 4E 4C 74 2B 73 72 69 4F 31 4C 41 70 70 43 4B 6D 4C 68 4C 65 63 66 30 4B 4E 51 4E 0D 0A 6F 33 78 72 7A 31 48 45 6A 61 43 61 71 6B 63 58 61 67 77 4A 65 68 71 37 4B 45 51 49 6D 37 33 71 38 42 67 6E 71 48 6E 4E 79 41 55 43 70 57 67 32 4A 6F 76 45 4D 41 63 58 44 51 59 2B 4F 45 64 6E 0D 0A 47 5A 46 31 49 77 4D 35 54 45 52 31 6C 77 49 44 41 51 41 42 4D 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 42 51 55 41 41 34 47 42 41 42 66 77 46 67 64 73 6E 69 33 55 6F 6F 79 55 36 53 5A 34 0D 0A 30 43 4A 68 57 64 75 33 65 41 2F 68 43 38 58 59 75 49 47 61 52 64 6B 31 4E 4A 6C 6E 49 75 4B 6D 33 33 45 70 6D 7A 30 6E 45 2B 36 34 57 53 74 2B 77 7A 31 44 4B 38 39 50 4B 51 57 58 55 65 52 55 0D 0A 75 53 7A 4B 35 52 51 6D 48 71 4E 37 66 41 7A 7A 58 4A 68 58 4F 48 2F 4F 44 48 56 5A 73 71 54 54 2F 44 70 79 70 6A 48 65 6F 55 45 61 44 32 45 33 6A 47 72 71 61 48 36 4D 38 43 4F 74 62 76 72 43 0D 0A 46 32 54 4D 4E 4C 61 62 43 46 63 50 2F 54 6E 66 71 50 43 38 58 38 62 6B 0D 0A 2D 2D 2D 2D 2D 45 4E 44 20 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D 2D 2D 0D 0A

HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network

key_cs_latest

Details

TargetID:	0
Path:	HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network
Value name:	key_cs_latest
Value data:	2D 2D 2D 2D 2D 42 45 47 49 4E 20 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D 2D 2D 0D 0A 4D 49 49 43 76 7A 43 43 41 61 65 67 41 77 49 42 41 67 49 57 41 4A 66 49 75 68 56 32 78 49 79 77 68 4B 35 47 58 4D 43 76 6B 38 6F 51 41 59 51 44 41 6A 41 4E 42 67 6B 71 68 6B 69 47 39 77 30 42 0D 0A 41 51 73 46 41 44 41 52 4D 51 38 77 44 51 59 44 56 51 51 44 44 41 5A 70 63 32 78 66 59 33 4D 77 48 68 63 4E 4D 54 63 77 4F 54 45 78 4D 54 51 7A 4E 44 49 78 57 68 63 4E 4E 44 55 77 4D 6A 49 31 0D 0A 4D 54 51 7A 4E 44 49 78 57 6A 41 52 4D 51 38 77 44 51 59 44 56 51 51 44 44 41 5A 70 63 32 78 66 59 33 4D 77 67 67 45 69 4D 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 41 51 55 41 41 34 49 42 0D 0A 44 77 41 77 67 67 45 4B 41 6F 49 42 41 51 43 35 79 32 30 56 59 6A 2F 50 44 6B 4A 54 41 32 4E 65 4A 4C 2B 6D 30 38 68 42 6F 54 4E 4D 4F 59 56 58 6F 50 61 57 51 35 43 68 42 78 4B 68 54 35 71 6F 0D 0A 55 4E 73 75 6A 68 46 42 78 33 5A 47 50 51 48 79 61 55 73 48 6D 46 4D 42 64 4E 79 69 6B 45 35 4C 58 53 5A 38 58 32 31 4F 62 71 51 6A 65 46 44 4E 6F 64 4D 50 45 4B 4B 79 6D 47 31 4B 44 78 7A 2B 0D 0A 56 64 58 6B 5A 4C 4B 2F 52 58 44 4C 49 6D 51 76 69 73 72 31 5A 49 58 4F 4A 43 34 39 46 4B 6C 38 7A 30 72 30 6C 7A 32 4F 54 4B 38 77 35 62 4C 45 42 32 6D 78 32 39 35 53 53 65 4E 4F 2B 30 48 39 0D 0A 47 71 73 6D 50 4E 74 46 57 6A 72 34 72 46 41 53 72 63 34 4F 79 79 63 66 67 6D 66 6B 6F 6B 4C 74 2F 56 4C 37 6A 66 7A 4C 47 55 39 6D 57 54 2F 61 4E 71 68 4A 6C 6A 48 34 4C 75 6C 43 54 76 72 77 0D 0A 45 45 59 4F 36 49 38 71 67 75 45 73 41 52 44 6D 72 58 6B 77 47 62 7A 51 69 47 66 53 73 6F 6D 55 6E 4F 53 52 7A 43 6A 32 50 43 32 30 62 6D 43 62 57 41 6D 55 41 39 4A 31 38 67 45 59 33 35 34 67 0D 0A 6A 77 7A 58 74 6A 44 61 73 41 61 44 30 2B 7A 56 30 48 48 35 64 73 6A 73 72 54 6D 4F 74 33 63 30 57 75 38 42 41 67 4D 42 41 41 47 6A 44 54 41 4C 4D 41 6B 47 41 31 55 64 45 77 51 43 4D 41 41 77 0D 0A 44 51 59 4A 4B 6F 5A 49 68 76 63 4E 41 51 45 4C 42 51 41 44 67 67 45 42 41 4A 34 54 62 37 31 6D 43 2F 38 56 38 65 6D 53 73 49 53 63 72 6B 79 50 41 38 67 4E 35 2B 62 2F 30 55 79 53 32 48 4F 55 0D 0A 54 6B 61 4F 71 55 50 30 5A 69 57 6B 32 68 48 58 4D 55 51 58 78 70 66 79 35 34 5A 45 4A 5A 42 4C 46 5A 45 4C 7A 37 7A 57 53 4F 45 35 68 78 2B 53 6E 52 49 6D 74 37 46 57 34 46 36 48 67 45 6D 4F 0D 0A 64 48 57 46 72 4E 6C 4D 77 6E 71 45 45 35 74 33 58 34 6F 53 4C 57 7A 48 4D 67 58 2B 64 75 6E 63 4A 6C 6F 34 6C 34 46 45 49 4B 36 6F 61 66 68 73 61 66 71 37 6F 6E 69 4A 4F 78 35 70 44 4D 38 71 0D 0A 69 4E 6F 2F 55 39 6A 37 44 48 53 73 56 74 4A 77 44 66 7A 6E 31 65 39 2B 69 54 52 52 50 6D 34 71 32 6F 54 4F 4C 4C 6C 6F 75 36 78 59 7A 35 32 41 72 48 39 71 33 43 7A 6B 55 6D 6E 65 39 36 31 44 0D 0A 39 5A 7A 2B 73 69 4B 4C 69 74 71 51 35 46 4D 72 32 59 75 71 39 36 68 73 6F 76 6B 75 33 71 36 43 53 78 6E 38 57 64 6C 62 7A 4C 6D 53 45 58 41 78 36 59 6D 63 64 71 2F 63 62 48 6D 53 77 34 67 75 0D 0A 37 69 37 74 73 2B 49 72 77 34 58 63 68 2B 71 39 4D 43 77 30 76 50 72 51 67 34 34 6D 6C 49 6D 41 6F 7A 33 56 61 36 4E 4C 77 4E 42 69 61 34 41 3D 0D 0A 2D 2D 2D 2D 2D 45 4E 44 20 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D 2D 2D 0D 0A

HKEY_CURRENT_USER\SOFTWARE\ISL Online\AutoTransport\Last public IP

.islonline.net

HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network

key_hash

HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid\ISL Online Network

key_ss

HKEY_CURRENT_USER\SOFTWARE\ISL Online\AutoTransport\Boost transport type

HKEY_CURRENT_USER\SOFTWARE\ISL Online\AutoTransport\HTTP proxy PAC

Memdumps

Base Address

Regiontype

Protect

Malicious

3A5A000

heap

page read and write

6500000

heap

page read and write

30D3000

heap

page read and write

300D000

heap

page read and write

2E39000

heap

page read and write

35F0000

unkown

page readonly

2EAF000

heap

page read and write

6D05A000

unkown

page readonly

29B6000

heap

page read and write

2884000

heap

page read and write

51C8000

heap

page read and write

2DDF000

heap

page read and write

394F000

heap

page read and write

32D9000

heap

page read and write

3606000

unkown

page readonly

395A000

heap

page read and write

BAF000

heap

page read and write

B74000

heap

page read and write

6A3E000

stack

page read and write

306D000

heap

page read and write

4F88000

heap

page read and write

2E3F000

heap

page read and write

2EFE000

stack

page read and write

2812000

heap

page read and write

2E3B000

heap

page read and write

2D00000

unkown

page readonly

5238000

heap

page read and write

36C0000

heap

page read and write

3600000

unkown

page readonly

6D002000

unkown

page readonly

3085000

heap

page read and write

2F7F000

heap

page read and write

5038000

heap

page read and write

2F97000

heap

page read and write

6B3F000

stack

page read and write

960000

heap

page read and write

312D000

heap

page read and write

2F9B000

heap

page read and write

5018000

heap

page read and write

3E08000

heap

page read and write

30DD000

heap

page read and write

3600000

unkown

page readonly

300F000

heap

page read and write

39E1000

heap

page read and write

5068000

heap

page read and write

3DAC000

heap

page read and write

470000

unkown

page readonly

27F6000

heap

page read and write

8FA000

stack

page read and write

5188000

heap

page read and write

30AD000

heap

page read and write

311D000

heap

page read and write

3600000

unkown

page readonly

5218000

heap

page read and write

3600000

unkown

page readonly

8FC000

stack

page read and write

5098000

heap

page read and write

3600000

unkown

page readonly

E7E000

stack

page read and write

3DA7000

heap

page read and write

E4E000

heap

page read and write

9F5000

heap

page read and write

3011000

heap

page read and write

34EE000

stack

page read and write

27B0000

heap

page read and write

302D000

heap

page read and write

63ED000

stack

page read and write

C40000

unkown

page readonly

4A82000

heap

page read and write

4F7E000

stack

page read and write

3091000

heap

page read and write

36F0000

unkown

page readonly

5118000

heap

page read and write

ADC000

stack

page read and write

2DD5000

heap

page read and write

39BD000

heap

page read and write

970000

heap

page read and write

BE6000

heap

page read and write

3600000

unkown

page readonly

67BE000

stack

page read and write

3600000

unkown

page readonly

D7E000

stack

page read and write

3600000

unkown

page readonly

2CBE000

stack

page read and write

9BE000

stack

page read and write

390E000

heap

page read and write

2DFA000

heap

page read and write

3A7D000

heap

page read and write

5198000

heap

page read and write

2B4A000

heap

page read and write

3E08000

heap

page read and write

36E0000

heap

page read and write

470000

unkown

page readonly

2EAF000

heap

page read and write

3DA2000

heap

page read and write

3025000

heap

page read and write

38FA000

heap

page read and write

50B8000

heap

page read and write

3A8D000

heap

page read and write

3600000

unkown

page readonly

3949000

heap

page read and write

C41000

unkown

page execute read

3A1B000

heap

page read and write

2F28000

heap

page read and write

2890000

heap

page read and write

3600000

unkown

page readonly

6CF30000

unkown

page readonly

51B8000

heap

page read and write

30FB000

heap

page read and write

2E68000

heap

page read and write

30F1000

heap

page read and write

3A07000

heap

page read and write

3600000

unkown

page readonly

E4A000

heap

page read and write

38EA000

heap

page read and write

3047000

heap

page read and write

E40000

heap

page read and write

390E000

heap

page read and write

304D000

heap

page read and write

6D036000

unkown

page write copy

50E8000

heap

page read and write

E70000

heap

page read and write

50C8000

heap

page read and write

3051000

heap

page read and write

3601000

unkown

page readonly

5228000

heap

page read and write

3696000

heap

page read and write

5158000

heap

page read and write

3600000

unkown

page readonly

B70000

heap

page read and write

301B000

heap

page read and write

3320000

heap

page read and write

5108000

heap

page read and write

4FB8000

heap

page read and write

30C7000

heap

page read and write

3270000

heap

page read and write

33AE000

stack

page read and write

3600000

unkown

page readonly

333E000

heap

page read and write

8CB000

stack

page read and write

2C7E000

stack

page read and write

43D0000

heap

page read and write

5208000

heap

page read and write

3600000

unkown

page readonly

6D065000

unkown

page read and write

2B4D000

heap

page read and write

30ED000

heap

page read and write

4E7D000

stack

page read and write

B80000

heap

page read and write

2E62000

heap

page read and write

372E000

stack

page read and write

2815000

heap

page read and write

8EC000

stack

page read and write

3870000

heap

page read and write

2EF7000

heap

page read and write

BF7000

heap

page read and write

30CB000

heap

page read and write

3DFF000

heap

page read and write

4F98000

heap

page read and write

C3D000

stack

page read and write

AF2000

stack

page read and write

3600000

unkown

page readonly

AFC000

stack

page read and write

333E000

heap

page read and write

30E3000

heap

page read and write

30F3000

heap

page read and write

68FE000

stack

page read and write

328F000

heap

page read and write

2EAE000

heap

page read and write

30EB000

heap

page read and write

2E62000

heap

page read and write

5078000

heap

page read and write

6B5F000

heap

page read and write

44EA000

heap

page read and write

39A7000

heap

page read and write

9F0000

heap

page read and write

36E4000

heap

page read and write

3005000

heap

page read and write

4F7B000

stack

page read and write

3069000

heap

page read and write

2E55000

heap

page read and write

30D9000

heap

page read and write

3DA5000

heap

page read and write

AE7000

stack

page read and write

5058000

heap

page read and write

30F7000

heap

page read and write

6D07E000

unkown

page readonly

30A3000

heap

page read and write

3600000

unkown

page readonly

304B000

heap

page read and write

30E7000

heap

page read and write

30D1000

heap

page read and write

4FA8000

heap

page read and write

6C7F000

stack

page read and write

64EF000

stack

page read and write

3DA1000

heap

page read and write

38A4000

heap

page read and write

38EA000

heap

page read and write

2F67000

heap

page read and write

4FC8000

heap

page read and write

2896000

heap

page read and write

3600000

unkown

page readonly

3A6A000

heap

page read and write

5288000

heap

page read and write

2F74000

heap

page read and write

39F5000

heap

page read and write

30EF000

heap

page read and write

3A1C000

heap

page read and write

2877000

heap

page read and write

2FA3000

heap

page read and write

3942000

heap

page read and write

32E0000

heap

page read and write

390B000

heap

page read and write

312F000

heap

page read and write

3600000

unkown

page readonly

3031000

heap

page read and write

50A8000

heap

page read and write

D9E000

stack

page read and write

311B000

heap

page read and write

3949000

heap

page read and write

C4D000

unkown

page readonly

3940000

heap

page read and write

2EF7000

heap

page read and write

2DBD000

stack

page read and write

59F0000

trusted library allocation

page read and write

308B000

heap

page read and write

5168000

heap

page read and write

5128000

heap

page read and write

3315000

heap

page read and write

4D3E000

stack

page read and write

2E52000

heap

page read and write

5138000

heap

page read and write

3620000

unkown

page readonly

4FD8000

heap

page read and write

471000

unkown

page execute read

360D000

unkown

page readonly

B0D000

stack

page read and write

6D061000

unkown

page read and write

6CD50000

unkown

page readonly

3600000

unkown

page readonly

390B000

heap

page read and write

30F5000

heap

page read and write

5088000

heap

page read and write

3302000

heap

page read and write

3600000

unkown

page readonly

27F0000

heap

page read and write

6D03D000

unkown

page read and write

5F8000

stack

page read and write

2E4F000

heap

page read and write

3A66000

heap

page read and write

27E4000

heap

page read and write

38F2000

heap

page read and write

2E68000

heap

page read and write

2854000

heap

page read and write

3600000

unkown

page readonly

2E47000

heap

page read and write

32CA000

heap

page read and write

3600000

unkown

page readonly

C4D000

unkown

page readonly

30CF000

heap

page read and write

30A5000

heap

page read and write

799000

stack

page read and write

6F0E000

heap

page read and write

3E45000

heap

page read and write

3013000

heap

page read and write

2E65000

heap

page read and write

B00000

heap

page read and write

5048000

heap

page read and write

38FA000

heap

page read and write

3600000

unkown

page readonly

3600000

unkown

page readonly

2DF0000

heap

page read and write

3600000

unkown

page readonly

6CF31000

unkown

page execute read

4E3F000

stack

page read and write

677F000

stack

page read and write

3295000

heap

page read and write

3600000

unkown

page readonly

32BE000

heap

page read and write

B8A000

heap

page read and write

7119000

heap

page read and write

3039000

heap

page read and write

50F8000

heap

page read and write

3600000

unkown

page readonly

103E000

stack

page read and write

2888000

heap

page read and write

3073000

heap

page read and write

667E000

stack

page read and write

6D032000

unkown

page read and write

3023000

heap

page read and write

64CA000

stack

page read and write

BE6000

heap

page read and write

6D07C000

unkown

page readonly

32D4000

heap

page read and write

32B4000

heap

page read and write

6B7E000

stack

page read and write

2B41000

heap

page read and write

30E5000

heap

page read and write

5028000

heap

page read and write

2EF4000

heap

page read and write

30F9000

heap

page read and write

51E8000

heap

page read and write

52BD000

heap

page read and write

69FF000

stack

page read and write

2EAF000

heap

page read and write

BBB000

heap

page read and write

398C000

heap

page read and write

2F8A000

heap

page read and write

44EC000

heap

page read and write

50D8000

heap

page read and write

3601000

unkown

page readonly

6CD51000

unkown

page execute read

30D7000

heap

page read and write

BE6000

heap

page read and write

3125000

heap

page read and write

30B3000

heap

page read and write

D5F000

stack

page read and write

35ED000

stack

page read and write

30CD000

heap

page read and write

2E4F000

heap

page read and write

5278000

heap

page read and write

5008000

heap

page read and write

B20000

heap

page read and write

2F30000

unclassified section

page read and write

30A9000

heap

page read and write

30C9000

heap

page read and write

3600000

unkown

page readonly

8F2000

stack

page read and write

3DA0000

heap

page read and write

51F8000

heap

page read and write

3021000

heap

page read and write

36B0000

heap

page read and write

3101000

heap

page read and write

394A000

heap

page read and write

376D000

stack

page read and write

B8E000

heap

page read and write

C41000

unkown

page execute read

3071000

heap

page read and write

286C000

heap

page read and write

BEF000

heap

page read and write

2861000

heap

page read and write

6DC5000

heap

page read and write

6D046000

unkown

page read and write

44EE000

heap

page read and write

2FFE000

stack

page read and write

51A8000

heap

page read and write

2E47000

heap

page read and write

3029000

heap

page read and write

3600000

unkown

page readonly

30B7000

heap

page read and write

304F000

heap

page read and write

2E07000

heap

page read and write

3942000

heap

page read and write

3067000

heap

page read and write

3949000

heap

page read and write

3045000

heap

page read and write

2B7E000

stack

page read and write

3600000

unkown

page readonly

AD4000

stack

page read and write

32AC000

heap

page read and write

307F000

heap

page read and write

BAF000

heap

page read and write

3520000

heap

page read and write

3DFF000

heap

page read and write

3337000

heap

page read and write

3620000

unkown

page readonly

3600000

unkown

page readonly

3059000

heap

page read and write

390B000

heap

page read and write

7520000

heap

page read and write

316E000

stack

page read and write

4B4C000

heap

page read and write

2FA9000

heap

page read and write

B60000

heap

page read and write

29B9000

heap

page read and write

5178000

heap

page read and write

2F25000

heap

page read and write

6D063000

unkown

page write copy

2E68000

heap

page read and write

3E39000

heap

page read and write

36F0000

unkown

page readonly

3942000

heap

page read and write

300B000

heap

page read and write

5298000

heap

page read and write

47D000

unkown

page readonly

386E000

stack

page read and write

29B0000

heap

page read and write

47D000

unkown

page readonly

2940000

direct allocation

page read and write

BE0000

heap

page read and write

3602000

unkown

page readonly

4FE8000

heap

page read and write

3600000

unkown

page readonly

BB5000

heap

page read and write

BF0000

heap

page read and write

26C2000

heap

page read and write

AFA000

stack

page read and write

309F000

heap

page read and write

2DC0000

heap

page read and write

27E0000

heap

page read and write

34AF000

stack

page read and write

27ED000

heap

page read and write

4FF8000

heap

page read and write

3600000

unkown

page readonly

62EF000

stack

page read and write

3600000

unkown

page readonly

3109000

heap

page read and write

3600000

unkown

page readonly

30DF000

heap

page read and write

6C7B000

heap

page read and write

5148000

heap

page read and write

30E9000

heap

page read and write

C40000

unkown

page readonly

396B000

heap

page read and write

2EF7000

heap

page read and write

326E000

stack

page read and write

3601000

unkown

page readonly

471000

unkown

page execute read

330F000

heap

page read and write

330D000

heap

page read and write

68BF000

stack

page read and write

3093000

heap

page read and write

51D8000

heap

page read and write

3600000

unkown

page readonly

3600000

unkown

page readonly

There are 415 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
$RMH4FA8.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report$RMH4FA8.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
$RMH4FA8.exe