Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7500
Target ID:	0
Parent PID:	4056
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	405544
MD5:	CC94BE13BC24599E326D03CA246A61FA
Time:	21:26:15
Date:	02/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x380000
Modulesize:	434176
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file has nameless sections	System Summary
PE / OLE file has an invalid certificate	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7620
Target ID:	3
Parent PID:	7500
Name:	aspnet_regiis.exe
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Size:	43016
MD5:	5D1D74198D75640E889F0A577BBF31FC
Time:	21:26:16
Date:	02/10/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xf40000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7508
Target ID:	1
Parent PID:	7500
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	21:26:15
Date:	02/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff75da10000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://49.12.197.9/

49.12.197.9

https://49.12.197.9/freebl3.dll

49.12.197.9

https://49.12.197.9/sqlp.dll

49.12.197.9

https://49.12.197.9/softokn3.dll

49.12.197.9

https://49.12.197.9/vcruntime140.dll

49.12.197.9

https://49.12.197.9/nss3.dll

49.12.197.9

https://49.12.197.9/mozglue.dll

49.12.197.9

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0

unknown

https://49.12.197.9/Z

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://player.vimeo.com

unknown

https://49.12.197.9/QK

unknown

https://49.12.197.9/freebl3.dllpData

unknown

https://duckduckgo.com/ac/?q=

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

https://49.12.197.9/freebl3.dllG

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

https://www.gstatic.cn/recaptcha/

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6

unknown

https://steamcommunity.com/profiles/76561199780418869S

unknown

https://steamcommunity.com/profiles/76561199780418869/badges

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://www.youtube.com

unknown

https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://www.google.com

unknown

http://cowod.hopto.org_DEBUG.zip/c

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

unknown

https://49.12.197.9

unknown

https://49.12.197.9/B

unknown

https://49.12.197.9JJJECA

unknown

https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&

unknown

https://49.12.197.9GDHJDBKF--

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol

unknown

https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL

unknown

https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a

unknown

https://s.ytimg.com;

unknown

https://steam.tv/

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK

unknown

https://49.12.197.9/4

unknown

https://t.me/ae5ed

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

https://49.12.197.9/0Hw

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english

unknown

https://mozilla.org0/

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP

unknown

http://www.entrust.net/rpa03

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://store.steampowered.com/points/shop/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://sketchfab.com

unknown

https://www.ecosia.org/newtab/

unknown

https://49.12.197.9/msvcp140.dll=Bx

unknown

https://lv.queniujq.cn

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

https://www.youtube.com/

unknown

https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a

unknown

https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg

unknown

https://store.steampowered.com/privacy_agreement/

unknown

https://steamcommunity.com/profiles/765611997804188694-

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am

unknown

https://www.google.com/recaptcha/

unknown

https://checkout.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english

unknown

https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english

unknown

https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg

unknown

https://49.12.197.9/AR:

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis

unknown

http://crl.entrust.net/2048ca.crl0

unknown

https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC

unknown

https://store.steampowered.com/;

unknown

https://www.entrust.net/rpa0

unknown

https://store.steampowered.com/about/

unknown

https://steamcommunity.com/my/wishlist/

unknown

https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english

unknown

http://ocsp.entrust.net03

unknown

http://ocsp.entrust.net02

unknown

https://help.steampowered.com/en/

unknown

https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://community.akamai.steamstatic.com/

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

http://147.45.44.104/ldms/a43486128347.exe=----FBKFCFBFIDGCGDHJDBKFen

unknown

https://49.12.197.9/es

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1

unknown

https://recaptcha.net/recaptcha/;

unknown

https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en

unknown

https://steamcommunity.com/profiles/76561199780418869/inventory/

unknown

https://steamcommunity.com/discussions/

unknown

https://49.12.197.9//Hn

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

steamcommunity.com

104.102.49.254

Details

Name:	steamcommunity.com
IP:	104.102.49.254
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

49.12.197.9

unknown

Germany

Details

IP:	49.12.197.9
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

147.45.44.104

unknown

Russian Federation

Details

IP:	147.45.44.104
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

6D771000

unkown

page read and write

31A5000

heap

page read and write

400000

remote allocation

page execute and read and write

E04000

heap

page read and write

7E0000

heap

page read and write

3233000

heap

page read and write

21FD8000

direct allocation

page readonly

55541000

heap

page read and write

1BD59000

heap

page read and write

21DC0000

direct allocation

page execute and read and write

3236000

heap

page read and write

85D000

stack

page read and write

7F0000

heap

page read and write

33F5000

heap

page read and write

1BABC000

heap

page read and write

8CE000

heap

page read and write

264E000

stack

page read and write

3253000

heap

page read and write

6CC9D000

unkown

page readonly

E04000

heap

page read and write

3425000

heap

page read and write

50A4D000

stack

page read and write

E04000

heap

page read and write

323D000

heap

page read and write

63A000

remote allocation

page execute and read and write

277E000

stack

page read and write

34CA000

heap

page read and write

6CCC0000

unkown

page readonly

3187000

heap

page read and write

BF7000

trusted library allocation

page execute and read and write

31EF000

heap

page read and write

6D7D1000

unkown

page read and write

4BFE000

stack

page read and write

3F85000

trusted library allocation

page read and write

E04000

heap

page read and write

55D000

remote allocation

page execute and read and write

E04000

heap

page read and write

3240000

heap

page read and write

1946E000

stack

page read and write

E04000

heap

page read and write

563000

remote allocation

page execute and read and write

55528000

heap

page read and write

6CE5F000

unkown

page readonly

3243000

heap

page read and write

380000

unkown

page readonly

33F9000

heap

page read and write

E04000

heap

page read and write

1BE52000

heap

page read and write

4DFE000

stack

page read and write

3252000

heap

page read and write

E04000

heap

page read and write

31E3000

heap

page read and write

3272000

heap

page read and write

55539000

heap

page read and write

74216000

unkown

page readonly

3293000

heap

page read and write

31E3000

heap

page read and write

31A5000

heap

page read and write

5551A000

heap

page read and write

CEE000

stack

page read and write

340D000

heap

page read and write

E04000

heap

page read and write

4ED5E000

stack

page read and write

810000

heap

page read and write

340F000

heap

page read and write

31F6000

heap

page read and write

3242000

heap

page read and write

3257000

heap

page read and write

321B000

heap

page read and write

1B9DC000

heap

page read and write

3268000

heap

page read and write

6D741000

unkown

page execute read

E04000

heap

page read and write

E04000

heap

page read and write

3248000

heap

page read and write

3235000

heap

page read and write

4E8B2000

stack

page read and write

92D000

heap

page read and write

B8E000

stack

page read and write

6CCAE000

unkown

page read and write

2781000

trusted library allocation

page read and write

4027E000

heap

page read and write

74200000

unkown

page readonly

3187000

heap

page read and write

325B000

heap

page read and write

1BAA1000

heap

page read and write

31A5000

heap

page read and write

3272000

heap

page read and write

31A5000

heap

page read and write

220CC000

heap

page read and write

5553D000

heap

page read and write

220BE000

heap

page read and write

500F0000

heap

page read and write

E04000

heap

page read and write

3181000

heap

page read and write

E04000

heap

page read and write

31E8000

heap

page read and write

57890000

trusted library allocation

page read and write

3257000

heap

page read and write

326F000

heap

page read and write

E04000

heap

page read and write

31E4000

heap

page read and write

4E9BC000

stack

page read and write

3AAA000

trusted library allocation

page read and write

F00000

heap

page read and write

3406000

heap

page read and write

1BA2D000

heap

page read and write

3272000

heap

page read and write

E04000

heap

page read and write

3242000

heap

page read and write

E04000

heap

page read and write

31A5000

heap

page read and write

31E8000

heap

page read and write

3242000

heap

page read and write

317A000

heap

page read and write

3108000

heap

page read and write

74216000

unkown

page readonly

317A000

heap

page read and write

E04000

heap

page read and write

3253000

heap

page read and write

582000

remote allocation

page execute and read and write

3242000

heap

page read and write

323A000

heap

page read and write

BB0000

trusted library allocation

page read and write

4ECBB000

stack

page read and write

BDE0000

unclassified section

page read and write

3237000

heap

page read and write

31CD000

heap

page read and write

3248000

heap

page read and write

317A000

heap

page read and write

3441000

heap

page read and write

33C5000

heap

page read and write

55535000

heap

page read and write

4EB1F000

stack

page read and write

1BD40000

heap

page read and write

1B9AF000

stack

page read and write

7421F000

unkown

page readonly

E04000

heap

page read and write

3167000

heap

page read and write

19430000

remote allocation

page read and write

40DF000

trusted library allocation

page read and write

E04000

heap

page read and write

259D000

stack

page read and write

E04000

heap

page read and write

3246000

heap

page read and write

A0C1000

heap

page read and write

E04000

heap

page read and write

D4E000

stack

page read and write

CFC000

stack

page read and write

E04000

heap

page read and write

3233000

heap

page read and write

3264000

heap

page read and write

970000

heap

page read and write

E04000

heap

page read and write

937D000

stack

page read and write

74201000

unkown

page execute read

BD0000

trusted library allocation

page read and write

E04000

heap

page read and write

345B000

heap

page read and write

E04000

heap

page read and write

4E7F0000

heap

page read and write

4EA1C000

stack

page read and write

1BFB7000

heap

page read and write

6CE9F000

unkown

page write copy

3217000

heap

page read and write

380000

unkown

page execute and read and write

3296000

heap

page read and write

31A5000

heap

page read and write

2797000

trusted library allocation

page read and write

975000

heap

page read and write

4ED70000

trusted library allocation

page read and write

9F0000

heap

page read and write

3284000

heap

page read and write

3233000

heap

page read and write

327C000

heap

page read and write

55533000

heap

page read and write

A10B000

heap

page read and write

4CF0000

heap

page execute and read and write

382000

unkown

page readonly

74200000

unkown

page readonly

E04000

heap

page read and write

321C000

heap

page read and write

16E5F000

stack

page read and write

E04000

heap

page read and write

327C000

heap

page read and write

325B000

heap

page read and write

3288000

heap

page read and write

3284000

heap

page read and write

3271000

heap

page read and write

815000

heap

page read and write

7FE30000

trusted library allocation

page execute read

317F000

heap

page read and write

5552C000

heap

page read and write

321C000

heap

page read and write

3232000

heap

page read and write

3259000

heap

page read and write

3248000

heap

page read and write

31A5000

heap

page read and write

E04000

heap

page read and write

30E0000

heap

page read and write

727E000

stack

page read and write

E04000

heap

page read and write

3240000

heap

page read and write

3200000

heap

page read and write

3236000

heap

page read and write

220C2000

heap

page read and write

3234000

heap

page read and write

33A9000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

F0E000

stack

page read and write

326A000

heap

page read and write

3251000

heap

page read and write

6CEA0000

unkown

page read and write

E04000

heap

page read and write

3204000

heap

page read and write

3290000

heap

page read and write

2793000

trusted library allocation

page read and write

3414000

heap

page read and write

3248000

heap

page read and write

31E4000

heap

page read and write

25A0000

trusted library section

page read and write

8E7000

heap

page read and write

3242000

heap

page read and write

6D740000

unkown

page readonly

19430000

remote allocation

page read and write

3236000

heap

page read and write

3181000

heap

page read and write

4C3E000

stack

page read and write

3181000

heap

page read and write

DD0000

heap

page readonly

3246000

heap

page read and write

2200F000

direct allocation

page readonly

3240000

heap

page read and write

901000

heap

page read and write

3248000

heap

page read and write

3181000

heap

page read and write

3258000

heap

page read and write

21F26000

direct allocation

page execute read

E04000

heap

page read and write

BD4000

trusted library allocation

page read and write

220C6000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

31D0000

heap

page read and write

CEC000

stack

page read and write

3243000

heap

page read and write

BC4000

trusted library allocation

page read and write

31A5000

heap

page read and write

E04000

heap

page read and write

3229000

heap

page read and write

3422000

heap

page read and write

3278000

heap

page read and write

3272000

heap

page read and write

C40000

heap

page read and write

33EE000

heap

page read and write

7421D000

unkown

page read and write

3232000

heap

page read and write

2200D000

direct allocation

page readonly

1B9C2000

heap

page read and write

8EC000

heap

page read and write

3233000

heap

page read and write

74201000

unkown

page execute read

3181000

heap

page read and write

1481C000

stack

page read and write

95E000

heap

page read and write

E00000

heap

page read and write

322C000

heap

page read and write

322D000

heap

page read and write

E04000

heap

page read and write

31F2000

heap

page read and write

31A5000

heap

page read and write

3267000

heap

page read and write

77B000

stack

page read and write

3235000

heap

page read and write

50150000

trusted library allocation

page read and write

7421F000

unkown

page readonly

322D000

heap

page read and write

6CEA5000

unkown

page readonly

BC3000

trusted library allocation

page execute and read and write

67C000

stack

page read and write

A296000

heap

page read and write

8C8000

heap

page read and write

A27E000

stack

page read and write

220BA000

heap

page read and write

31F2000

heap

page read and write

325D000

heap

page read and write

E04000

heap

page read and write

4262000

trusted library allocation

page read and write

324B000

heap

page read and write

55541000

heap

page read and write

3247000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

260E000

stack

page read and write

21DC8000

direct allocation

page execute read

326B000

heap

page read and write

C30000

trusted library allocation

page read and write

5551F000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

43E7000

trusted library allocation

page read and write

55531000

heap

page read and write

8A0000

heap

page read and write

55545000

heap

page read and write

3288000

heap

page read and write

4E7FA000

heap

page read and write

E04000

heap

page read and write

3242000

heap

page read and write

E04000

heap

page read and write

55524000

heap

page read and write

3E4000

unkown

page readonly

E04000

heap

page read and write

322C000

heap

page read and write

1C060000

heap

page read and write

22002000

direct allocation

page read and write

31A5000

heap

page read and write

5552F000

heap

page read and write

3248000

heap

page read and write

2E429000

heap

page read and write

3476000

heap

page read and write

3232000

heap

page read and write

E04000

heap

page read and write

A23C000

stack

page read and write

50140000

heap

page read and write

E04000

heap

page read and write

6CCB2000

unkown

page readonly

BFB000

trusted library allocation

page execute and read and write

33F1000

heap

page read and write

947E000

stack

page read and write

3242000

heap

page read and write

21FCD000

direct allocation

page execute read

E04000

heap

page read and write

3236000

heap

page read and write

32AD000

heap

page read and write

1BE59000

heap

page read and write

8FF000

heap

page read and write

467000

remote allocation

page execute and read and write

2211A000

stack

page read and write

6CE9E000

unkown

page read and write

321C000

heap

page read and write

6CC20000

unkown

page readonly

284BB000

heap

page read and write

1BC50000

trusted library allocation

page read and write

CF0000

stack

page read and write

3268000

heap

page read and write

323B000

heap

page read and write

3186000

heap

page read and write

3232000

heap

page read and write

341B000

heap

page read and write

31CD000

heap

page read and write

57442000

trusted library allocation

page read and write

3187000

heap

page read and write

E04000

heap

page read and write

A0C1000

heap

page read and write

1BF99000

heap

page read and write

323D000

heap

page read and write

34393000

heap

page read and write

670000

remote allocation

page execute and read and write

4ED02000

heap

page read and write

31A5000

heap

page read and write

31F8000

heap

page read and write

22543000

heap

page read and write

487E000

stack

page read and write

1B9ED000

heap

page read and write

55A000

remote allocation

page execute and read and write

3251000

heap

page read and write

3187000

heap

page read and write

3232000

heap

page read and write

3200000

heap

page read and write

3100000

heap

page read and write

E04000

heap

page read and write

C20000

trusted library allocation

page execute and read and write

E04000

heap

page read and write

2670000

heap

page read and write

317A000

heap

page read and write

329C000

heap

page read and write

25C0000

heap

page execute and read and write

317A000

heap

page read and write

321D000

heap

page read and write

3187000

heap

page read and write

3781000

trusted library allocation

page read and write

3253000

heap

page read and write

E04000

heap

page read and write

EE0000

trusted library allocation

page read and write

31F4000

heap

page read and write

33FC000

heap

page read and write

3402000

heap

page read and write

3390000

heap

page read and write

19430000

remote allocation

page read and write

3236000

heap

page read and write

961000

heap

page read and write

255E000

stack

page read and write

3266000

heap

page read and write

1BB1B000

stack

page read and write

322A000

heap

page read and write

3248000

heap

page read and write

3AEA000

trusted library allocation

page read and write

E04000

heap

page read and write

A0C1000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

55549000

heap

page read and write

3785000

trusted library allocation

page read and write

1BAB4000

heap

page read and write

1BAC0000

heap

page read and write

193DE000

stack

page read and write

3248000

heap

page read and write

3187000

heap

page read and write

5A1000

remote allocation

page execute and read and write

6CC21000

unkown

page execute read

1BA3D000

heap

page read and write

32A4000

heap

page read and write

89E000

stack

page read and write

3268000

heap

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

8C0000

heap

page read and write

3238000

heap

page read and write

314A000

heap

page read and write

6D76A000

unkown

page readonly

122DF000

stack

page read and write

E04000

heap

page read and write

E04000

heap

page read and write

3258000

heap

page read and write

5553D000

heap

page read and write

55510000

heap

page read and write

326F000

heap

page read and write

32A8000

heap

page read and write

1BD44000

heap

page read and write

1BC1C000

stack

page read and write

31F8000

heap

page read and write

1BCA0000

trusted library allocation

page read and write

7421D000

unkown

page read and write

3232000

heap

page read and write

98C000

stack

page read and write

1B9CC000

heap

page read and write

6CCC1000

unkown

page execute read

3240000

heap

page read and write

E04000

heap

page read and write

3261000

heap

page read and write

3252000

heap

page read and write

3240000

heap

page read and write

DE0000

heap

page read and write

21DC1000

direct allocation

page execute read

3272000

heap

page read and write

16D5D000

stack

page read and write

E04000

heap

page read and write

31E3000

heap

page read and write

31E2000

heap

page read and write

3204000

heap

page read and write

3184000

heap

page read and write

3269000

heap

page read and write

3A30F000

heap

page read and write

323A000

heap

page read and write

E04000

heap

page read and write

349F000

heap

page read and write

3904000

trusted library allocation

page read and write

6D7D3000

unkown

page readonly

382000

unkown

page execute and read and write

31CD000

heap

page read and write

3291000

heap

page read and write

16E9E000

stack

page read and write

21FCF000

direct allocation

page readonly

E04000

heap

page read and write

1C05E000

heap

page read and write

8F4000

heap

page read and write

EA0000

trusted library allocation

page read and write

3242000

heap

page read and write

1BD0A000

stack

page read and write

E04000

heap

page read and write

3187000

heap

page read and write

A290000

heap

page read and write

2200A000

direct allocation

page readonly

3288000

heap

page read and write

326D000

heap

page read and write

278B000

trusted library allocation

page read and write

3242000

heap

page read and write

96A000

heap

page read and write

3BAA000

trusted library allocation

page read and write

A1FD000

stack

page read and write

31F8000

heap

page read and write

E04000

heap

page read and write

3242000

heap

page read and write

E04000

heap

page read and write

5548F000

stack

page read and write

3233000

heap

page read and write

E04000

heap

page read and write

3248000

heap

page read and write

E04000

heap

page read and write

1BAA5000

heap

page read and write

3232000

heap

page read and write

322E000

heap

page read and write

349A000

heap

page read and write

3229000

heap

page read and write

3815000

trusted library allocation

page read and write

E04000

heap

page read and write

463000

remote allocation

page execute and read and write

31CD000

heap

page read and write

3232000

heap

page read and write

E04000

heap

page read and write

3200000

heap

page read and write

E04000

heap

page read and write

46B000

remote allocation

page execute and read and write

3259000

heap

page read and write

3242000

heap

page read and write

31EF000

heap

page read and write

There are 498 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe