IOC Report
rp8s2rxD5lpuQAG.exe

loading gif

Files

File Path
Type
Category
Malicious
rp8s2rxD5lpuQAG.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rp8s2rxD5lpuQAG.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe
"C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe"
malicious
C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe
C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe
malicious

URLs

Name
IP
Malicious
https://reallyfreegeoip.org
unknown
http://checkip.dyndns.org
unknown
http://checkip.dyndns.org/
193.122.130.0
http://azvconsulting.com
unknown
http://checkip.dyndns.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://reallyfreegeoip.org/xml/173.254.250.90
188.114.97.3
https://reallyfreegeoip.org/xml/173.254.250.90p
unknown
http://checkip.dyndns.org/q
unknown
http://reallyfreegeoip.org
unknown
https://reallyfreegeoip.org/xml/
unknown
There are 1 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
azvconsulting.com
185.14.58.143
malicious
reallyfreegeoip.org
188.114.97.3
malicious
checkip.dyndns.org
unknown
malicious
checkip.dyndns.com
193.122.130.0

IPs

IP
Domain
Country
Malicious
188.114.97.3
reallyfreegeoip.org
European Union
malicious
185.14.58.143
azvconsulting.com
Spain
malicious
193.122.130.0
checkip.dyndns.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1418F000
trusted library allocation
page read and write
malicious
142F7000
trusted library allocation
page read and write
malicious
3C89000
trusted library allocation
page read and write
malicious
140002000
remote allocation
page execute and read and write
malicious
3DAF000
trusted library allocation
page read and write
malicious
3A41000
trusted library allocation
page read and write
malicious
1CBD0000
heap
page read and write
malicious
7FF848E3B000
trusted library allocation
page execute and read and write
A12000
unkown
page readonly
1CA0000
heap
page execute and read and write
1CDC0000
heap
page execute and read and write
3D34000
trusted library allocation
page read and write
1D1CD000
stack
page read and write
4046000
trusted library allocation
page read and write
1DDE0000
heap
page read and write
1D5CE000
stack
page read and write
3AD0000
trusted library section
page read and write
205AE000
stack
page read and write
1C541000
heap
page read and write
7FF849020000
trusted library allocation
page read and write
3D64000
trusted library allocation
page read and write
B90000
heap
page read and write
1240000
trusted library allocation
page read and write
7FF848F06000
trusted library allocation
page execute and read and write
1230000
trusted library allocation
page read and write
7FF848EF6000
trusted library allocation
page execute and read and write
1EFD0000
heap
page read and write
B40000
heap
page read and write
3BD5000
trusted library allocation
page read and write
1356000
heap
page read and write
7FF848EE0000
trusted library allocation
page execute and read and write
3BE5000
trusted library allocation
page read and write
7FF849034000
trusted library allocation
page read and write
42F6000
trusted library allocation
page read and write
1C613000
heap
page read and write
12D0000
trusted library allocation
page read and write
1DAE000
stack
page read and write
B50000
heap
page read and write
132A000
heap
page read and write
3F41000
trusted library allocation
page read and write
13D7000
heap
page read and write
3B3A000
heap
page read and write
7FF848E2D000
trusted library allocation
page execute and read and write
1CC0000
heap
page read and write
1580000
trusted library section
page read and write
13CE000
heap
page read and write
7FF848FC0000
trusted library allocation
page execute and read and write
7FF848ED0000
trusted library allocation
page execute and read and write
3C19000
trusted library allocation
page read and write
140A4000
trusted library allocation
page read and write
13DB000
heap
page read and write
1C500000
heap
page read and write
15A0000
heap
page read and write
1C565000
heap
page read and write
1D9CE000
stack
page read and write
7FF848F30000
trusted library allocation
page execute and read and write
7FF848E44000
trusted library allocation
page read and write
1C610000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
1CB5E000
stack
page read and write
7FF848E2D000
trusted library allocation
page execute and read and write
7FF848E3D000
trusted library allocation
page execute and read and write
1310000
heap
page execute and read and write
7FF848E20000
trusted library allocation
page read and write
13A41000
trusted library allocation
page read and write
1358000
heap
page read and write
1CCD0000
trusted library section
page read and write
1FDAD000
stack
page read and write
1386000
heap
page read and write
12F8000
heap
page read and write
136B000
heap
page read and write
7FF849030000
trusted library allocation
page read and write
3D26000
trusted library allocation
page read and write
1F5D2000
trusted library allocation
page read and write
4042000
trusted library allocation
page read and write
7FF849003000
trusted library allocation
page read and write
3D39000
trusted library allocation
page read and write
140000000
remote allocation
page execute and read and write
3B4E000
trusted library allocation
page read and write
1371000
heap
page read and write
7FF848FC0000
trusted library allocation
page read and write
1CBC0000
heap
page read and write
1BF70000
trusted library allocation
page read and write
1470000
trusted library section
page readonly
14F5000
heap
page read and write
3C2D000
trusted library allocation
page read and write
13AAD000
trusted library allocation
page read and write
7FF849000000
trusted library allocation
page read and write
7FF848E4D000
trusted library allocation
page execute and read and write
7FF848E32000
trusted library allocation
page read and write
1F0D0000
heap
page read and write
7FF848E12000
trusted library allocation
page read and write
11ED000
stack
page read and write
14A0000
trusted library allocation
page read and write
13F51000
trusted library allocation
page read and write
13ADE000
trusted library allocation
page read and write
B70000
heap
page read and write
1C568000
heap
page read and write
3C62000
trusted library allocation
page read and write
3F3E000
stack
page read and write
1CBB0000
heap
page read and write
7FF848FB0000
trusted library allocation
page read and write
131E000
heap
page read and write
7FF49DA10000
trusted library allocation
page execute and read and write
7FF849007000
trusted library allocation
page read and write
3A3E000
stack
page read and write
3D11000
trusted library allocation
page read and write
1EF55000
heap
page read and write
7FF848FE0000
trusted library allocation
page read and write
7FF848FFB000
trusted library allocation
page read and write
1EED0000
heap
page read and write
3B9C000
trusted library allocation
page read and write
1C1BD000
stack
page read and write
7FF849000000
trusted library allocation
page execute and read and write
3BD9000
trusted library allocation
page read and write
7FF848FE0000
trusted library allocation
page read and write
1340000
heap
page read and write
1D00000
heap
page read and write
7FF848ED6000
trusted library allocation
page read and write
1210000
trusted library allocation
page read and write
1C2F000
stack
page read and write
3B30000
heap
page read and write
3D76000
trusted library allocation
page read and write
1346000
heap
page read and write
7FF848E10000
trusted library allocation
page read and write
1C6BC000
stack
page read and write
B70000
heap
page read and write
201AB000
stack
page read and write
1480000
heap
page read and write
1440000
heap
page read and write
3D16000
trusted library allocation
page read and write
A10000
unkown
page readonly
7FF848E30000
trusted library allocation
page read and write
13AD2000
trusted library allocation
page read and write
7FF848EC0000
trusted library allocation
page read and write
130B000
heap
page read and write
13E1000
heap
page read and write
13B3000
heap
page read and write
1DDCE000
stack
page read and write
1383000
heap
page read and write
12DE000
stack
page read and write
1C56A000
heap
page read and write
17ED000
stack
page read and write
3B97000
trusted library allocation
page read and write
7FF848E34000
trusted library allocation
page read and write
7FF848EC6000
trusted library allocation
page read and write
1E35B000
stack
page read and write
1DE0D000
heap
page read and write
3B93000
trusted library allocation
page read and write
1CD70000
heap
page read and write
12F0000
heap
page read and write
7FF848E24000
trusted library allocation
page read and write
3D2F000
trusted library allocation
page read and write
1437000
heap
page read and write
3B8F000
trusted library allocation
page read and write
7FF848E3D000
trusted library allocation
page execute and read and write
3B10000
trusted library section
page read and write
13F41000
trusted library allocation
page read and write
3BEA000
trusted library allocation
page read and write
7FF848FF8000
trusted library allocation
page read and write
3D1C000
trusted library allocation
page read and write
7FF848E6C000
trusted library allocation
page execute and read and write
7FF848FD0000
trusted library allocation
page read and write
1430000
heap
page read and write
3B6E000
trusted library allocation
page read and write
7FF848E40000
trusted library allocation
page read and write
BB0000
heap
page read and write
3D6A000
trusted library allocation
page read and write
3C06000
trusted library allocation
page read and write
14F0000
heap
page read and write
1D05000
heap
page read and write
7FF848FF0000
trusted library allocation
page execute and read and write
7FF848E14000
trusted library allocation
page read and write
7FF848F40000
trusted library allocation
page execute and read and write
3BE1000
trusted library allocation
page read and write
3B33000
trusted library allocation
page read and write
7FF848FF0000
trusted library allocation
page read and write
7FF848E22000
trusted library allocation
page read and write
3BEE000
trusted library allocation
page read and write
3D70000
trusted library allocation
page read and write
7FF848E4B000
trusted library allocation
page execute and read and write
13AC9000
trusted library allocation
page read and write
7FF848E13000
trusted library allocation
page execute and read and write
3C5E000
trusted library allocation
page read and write
1CBC3000
heap
page read and write
15A5000
heap
page read and write
A90000
heap
page read and write
3C75000
trusted library allocation
page read and write
7FF848E20000
trusted library allocation
page read and write
7FF848FD0000
trusted library allocation
page execute and read and write
1318000
heap
page read and write
1F0E0000
heap
page read and write
7FF848E7C000
trusted library allocation
page execute and read and write
19AE000
stack
page read and write
7FF84902D000
trusted library allocation
page read and write
11F2000
stack
page read and write
7FF848E30000
trusted library allocation
page read and write
13F48000
trusted library allocation
page read and write
3630000
heap
page execute and read and write
BC0000
heap
page read and write
13AD000
heap
page read and write
7FF848ED0000
trusted library allocation
page read and write
B90000
heap
page read and write
7FF849029000
trusted library allocation
page read and write
143D000
heap
page read and write
3B86000
trusted library allocation
page read and write
1CD76000
heap
page read and write
21AE000
stack
page read and write
1F1A4000
heap
page read and write
1C53F000
heap
page read and write
7FF849010000
trusted library allocation
page execute and read and write
3AF0000
heap
page read and write
3BF2000
trusted library allocation
page read and write
1EB5E000
stack
page read and write
7FF848E1D000
trusted library allocation
page execute and read and write
7FF848ECC000
trusted library allocation
page execute and read and write
1243000
trusted library allocation
page read and write
7FF848E23000
trusted library allocation
page read and write
1EF5D000
stack
page read and write
1DDD0000
heap
page read and write
7FF848EDC000
trusted library allocation
page execute and read and write
BE0000
trusted library allocation
page read and write
BB5000
heap
page read and write
1C40000
heap
page read and write
1E75E000
stack
page read and write
3BDD000
trusted library allocation
page read and write
7FF848E23000
trusted library allocation
page execute and read and write
There are 217 hidden memdumps, click here to show them.