Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4280
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1864192
MD5:	15A0533DBBD05872ADE7DB7AF70E20F0
Time:	10:52:59
Date:	23/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x750000
Modulesize:	4849664
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected LummaC Stealer	Stealing of Sensitive Information, Remote Access Functionality
Yara detected LummaC Stealer	Stealing of Sensitive Information, Remote Access Functionality
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information	Data from Local System
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

Details

Is windows:	true
Is dropped:	false
PID:	1068
Target ID:	4
Parent PID:	4280
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:53:35
Date:	23/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1992,i,4390689463259841264,4189081711849451839,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	5824
Target ID:	6
Parent PID:	1068
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1992,i,4390689463259841264,4189081711849451839,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:53:36
Date:	23/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

Details

Is windows:	true
Is dropped:	false
PID:	7668
Target ID:	7
Parent PID:	4280
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:53:39
Date:	23/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2016,i,11718227575472931439,6391638913668732061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	7860
Target ID:	8
Parent PID:	7668
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2016,i,11718227575472931439,6391638913668732061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	45DE480806D1B5D462A7DDE4DCEFC4E4
Time:	10:53:39
Date:	23/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff76e190000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

https://property-imper.sbs/api

172.67.162.84

https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/

unknown

https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.

unknown

https://www.linkedin.com/cws/share?url=$

unknown

http://185.215.113.16/O

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17

unknown

https://github.com/Youssef1313

unknown

https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0

unknown

https://aka.ms/msignite_docs_banner

unknown

https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9

unknown

http://polymer.github.io/AUTHORS.txt

unknown

https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml

unknown

https://management.azure.com/subscriptions?api-version=2016-06-01

unknown

https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

https://aka.ms/pshelpmechoose

unknown

https://aka.ms/feedback/report?space=61

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://learn-video.azurefd.net/vod/player

unknown

https://property-imper.sbs/::

unknown

https://twitter.com/intent/tweet?original_referer=$

unknown

https://github.com/gewarren

unknown

https://support.mozilla.org/products/firefoxgro.all

unknown

http://polymer.github.io/CONTRIBUTORS.txt

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94

unknown

https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md

unknown

https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725

unknown

https://client-api.arkoselabs.com/v2/api.js

unknown

https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl

unknown

https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg

unknown

https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://github.com/Thraka

unknown

http://crl.microH

unknown

http://polymer.github.io/PATENTS.txt

unknown

https://aka.ms/certhelp

unknown

http://185.215.113.16/steam/random.exe

unknown

https://property-imper.sbs/7

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://crl.rootca1.amazontrust.com/rootca1.crl0

unknown

https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta

unknown

https://github.com/mairaw

unknown

https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js

13.107.246.63

http://ocsp.rootca1.amazontrust.com0:

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016

unknown

https://schema.org

unknown

http://polymer.github.io/LICENSE.txt

unknown

https://www.ecosia.org/newtab/

unknown

http://31.41.244.11/files/rnd.exe

unknown

https://property-imper.sbs/

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

http://185.215.113.16/off/def.exesO?yI

unknown

https://aka.ms/yourcaliforniaprivacychoices

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://github.com/nschonni

unknown

http://185.215.113.16/

unknown

https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05

unknown

https://github.com/adegeo

unknown

http://185.215.113.16/D

unknown

https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg

unknown

https://property-imper.sbs/-int;

unknown

https://support.microsof

unknown

https://github.com/jonschlinkert/is-plain-object

unknown

http://crt.rootca1.amazontrust.com/rootca1.cer0?

unknown

https://octokit.github.io/rest.js/#throttling

unknown

https://github.com/js-cookie/js-cookie

unknown

http://185.215.113.16/off/def.exe

unknown

http://schema.org/Organization

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples

unknown

https://channel9.msdn.com/

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://github.com/dotnet/try

unknown

https://property-imper.sbs/r:UI1

unknown

There are 70 hidden URLs, click here to show them.

Domains

Name

Malicious

property-imper.sbs

172.67.162.84

Details

Name:	property-imper.sbs
IP:	172.67.162.84
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Suricata IDS alerts with low severity for network traffic	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.google.com

142.250.181.100

Details

Name:	www.google.com
IP:	142.250.181.100
TargetID:	6
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

s-part-0035.t-0009.t-msedge.net

13.107.246.63

js.monitor.azure.com

unknown

Details

Name:	js.monitor.azure.com
TargetID:	6
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

mdec.nelreports.net

unknown

IPs

Domain

Country

Malicious

192.168.2.4

unknown

Details

IP:	192.168.2.4
TargetID:	4
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Private:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.107.246.63

s-part-0035.t-0009.t-msedge.net

United States

Details

IP:	13.107.246.63
TargetID:	6
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	8068
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false
Domain:	s-part-0035.t-0009.t-msedge.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

185.215.113.16

unknown

Portugal

Details

IP:	185.215.113.16
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

142.250.181.100

www.google.com

United States

172.67.162.84

property-imper.sbs

United States

Details

IP:	172.67.162.84
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	property-imper.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

239.255.255.250

unknown

Reserved

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

SlowContextMenuEntries

Memdumps

Base Address

Regiontype

Protect

Malicious

27D0000

direct allocation

page read and write

521C000

trusted library allocation

page read and write

5875000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

51FA000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

E41000

heap

page read and write

57B6000

trusted library allocation

page read and write

E4F000

heap

page read and write

5225000

trusted library allocation

page read and write

43D1000

heap

page read and write

58CC000

trusted library allocation

page read and write

5873000

trusted library allocation

page read and write

59FD000

trusted library allocation

page read and write

58FE000

trusted library allocation

page read and write

49B0000

direct allocation

page execute and read and write

43D1000

heap

page read and write

58CF000

trusted library allocation

page read and write

51D9000

trusted library allocation

page read and write

730000

direct allocation

page read and write

4F4000

heap

page read and write

58B3000

trusted library allocation

page read and write

593D000

trusted library allocation

page read and write

730000

direct allocation

page read and write

57C0000

trusted library allocation

page read and write

5249000

trusted library allocation

page read and write

588E000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

51EF000

trusted library allocation

page read and write

DD1000

heap

page read and write

51EF000

trusted library allocation

page read and write

4F4000

heap

page read and write

43D1000

heap

page read and write

520C000

trusted library allocation

page read and write

55BC000

trusted library allocation

page read and write

5860000

trusted library allocation

page read and write

58EA000

trusted library allocation

page read and write

58FF000

trusted library allocation

page read and write

57B0000

trusted library allocation

page read and write

5893000

trusted library allocation

page read and write

5913000

trusted library allocation

page read and write

51D4000

trusted library allocation

page read and write

5221000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

4F4000

heap

page read and write

5225000

trusted library allocation

page read and write

5218000

trusted library allocation

page read and write

5266000

trusted library allocation

page read and write

51DC000

trusted library allocation

page read and write

58B0000

trusted library allocation

page read and write

E3C000

heap

page read and write

E52000

heap

page read and write

4F4000

heap

page read and write

4F4000

heap

page read and write

54E5000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

51E0000

trusted library allocation

page read and write

E41000

heap

page read and write

5880000

trusted library allocation

page read and write

49B0000

direct allocation

page execute and read and write

57B1000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

51EF000

trusted library allocation

page read and write

5238000

trusted library allocation

page read and write

58BA000

trusted library allocation

page read and write

58CB000

trusted library allocation

page read and write

51DF000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

4F4000

heap

page read and write

51E0000

trusted library allocation

page read and write

585E000

trusted library allocation

page read and write

5895000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

5218000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

57BE000

trusted library allocation

page read and write

5894000

trusted library allocation

page read and write

58E9000

trusted library allocation

page read and write

58C1000

trusted library allocation

page read and write

730000

direct allocation

page read and write

5207000

trusted library allocation

page read and write

4850000

direct allocation

page read and write

58AE000

trusted library allocation

page read and write

5874000

trusted library allocation

page read and write

5884000

trusted library allocation

page read and write

58F2000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

58E7000

trusted library allocation

page read and write

5246000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5222000

trusted library allocation

page read and write

59AB000

trusted library allocation

page read and write

587E000

trusted library allocation

page read and write

4F4000

heap

page read and write

E4B000

heap

page read and write

5204000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

523E000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

E52000

heap

page read and write

5A36000

trusted library allocation

page read and write

524E000

trusted library allocation

page read and write

5246000

trusted library allocation

page read and write

A4E000

unkown

page execute and write copy

51E9000

trusted library allocation

page read and write

5218000

trusted library allocation

page read and write

586D000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

51EF000

trusted library allocation

page read and write

58E6000

trusted library allocation

page read and write

51EA000

trusted library allocation

page read and write

5238000

trusted library allocation

page read and write

541C000

trusted library allocation

page read and write

43D1000

heap

page read and write

51DC000

trusted library allocation

page read and write

5416000

trusted library allocation

page read and write

730000

direct allocation

page read and write

57B2000

trusted library allocation

page read and write

730000

direct allocation

page read and write

51F8000

trusted library allocation

page read and write

5207000

trusted library allocation

page read and write

4F4000

heap

page read and write

57B5000

trusted library allocation

page read and write

5218000

trusted library allocation

page read and write

591C000

trusted library allocation

page read and write

5857000

trusted library allocation

page read and write

E60000

heap

page read and write

E3E000

heap

page read and write

594B000

trusted library allocation

page read and write

51DF000

trusted library allocation

page read and write

57BB000

trusted library allocation

page read and write

595A000

trusted library allocation

page read and write

526A000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

51F9000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

730000

direct allocation

page read and write

51F8000

trusted library allocation

page read and write

5227000

trusted library allocation

page read and write

730000

direct allocation

page read and write

51E5000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

5882000

trusted library allocation

page read and write

5246000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

58B5000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

E3C000

heap

page read and write

58A1000

trusted library allocation

page read and write

58E8000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

5981000

trusted library allocation

page read and write

5A34000

trusted library allocation

page read and write

57BE000

trusted library allocation

page read and write

523E000

trusted library allocation

page read and write

5860000

trusted library allocation

page read and write

E3C000

heap

page read and write

5419000

trusted library allocation

page read and write

58F0000

trusted library allocation

page read and write

5A48000

trusted library allocation

page read and write

586F000

trusted library allocation

page read and write

523B000

trusted library allocation

page read and write

584D000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

5229000

trusted library allocation

page read and write

730000

direct allocation

page read and write

57C0000

trusted library allocation

page read and write

58AC000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

57BA000

trusted library allocation

page read and write

E45000

heap

page read and write

5207000

trusted library allocation

page read and write

5272000

trusted library allocation

page read and write

58F3000

trusted library allocation

page read and write

587C000

trusted library allocation

page read and write

730000

direct allocation

page read and write

51D8000

trusted library allocation

page read and write

5211000

trusted library allocation

page read and write

5960000

trusted library allocation

page read and write

4F4000

heap

page read and write

E2F000

heap

page read and write

57BE000

trusted library allocation

page read and write

51EA000

trusted library allocation

page read and write

51D6000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

4840000

remote allocation

page read and write

5277000

trusted library allocation

page read and write

5235000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

DD1000

heap

page read and write

5861000

trusted library allocation

page read and write

58D1000

trusted library allocation

page read and write

591E000

trusted library allocation

page read and write

57B8000

trusted library allocation

page read and write

E4A000

heap

page read and write

51F8000

trusted library allocation

page read and write

5206000

trusted library allocation

page read and write

51EF000

trusted library allocation

page read and write

57BA000

trusted library allocation

page read and write

E52000

heap

page read and write

5A6A000

trusted library allocation

page read and write

51FA000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

5279000

trusted library allocation

page read and write

5257000

trusted library allocation

page read and write

49B0000

direct allocation

page execute and read and write

51F8000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

4990000

direct allocation

page execute and read and write

51E7000

trusted library allocation

page read and write

5233000

trusted library allocation

page read and write

5225000

trusted library allocation

page read and write

5872000

trusted library allocation

page read and write

7A7000

unkown

page write copy

585E000

trusted library allocation

page read and write

51FF000

trusted library allocation

page read and write

E3E000

heap

page read and write

57B6000

trusted library allocation

page read and write

4F4000

heap

page read and write

E3E000

heap

page read and write

5240000

trusted library allocation

page read and write

4F4000

heap

page read and write

E5B000

heap

page read and write

51D1000

trusted library allocation

page read and write

541C000

trusted library allocation

page read and write

596D000

trusted library allocation

page read and write

59ED000

trusted library allocation

page read and write

5BD9000

trusted library allocation

page read and write

5240000

trusted library allocation

page read and write

57B7000

trusted library allocation

page read and write

E4B000

heap

page read and write

5205000

trusted library allocation

page read and write

5207000

trusted library allocation

page read and write

43D1000

heap

page read and write

5230000

trusted library allocation

page read and write

5943000

trusted library allocation

page read and write

5A4E000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

5246000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

57C0000

trusted library allocation

page read and write

51DF000

trusted library allocation

page read and write

58D3000

trusted library allocation

page read and write

5A4A000

trusted library allocation

page read and write

43D1000

heap

page read and write

587E000

trusted library allocation

page read and write

57BA000

trusted library allocation

page read and write

43D1000

heap

page read and write

E4D000

heap

page read and write

43D1000

heap

page read and write

5911000

trusted library allocation

page read and write

593E000

trusted library allocation

page read and write

5855000

trusted library allocation

page read and write

58F1000

trusted library allocation

page read and write

49B0000

direct allocation

page execute and read and write

4840000

remote allocation

page read and write

5273000

trusted library allocation

page read and write

E40000

heap

page read and write

E46000

heap

page read and write

521D000

trusted library allocation

page read and write

588C000

trusted library allocation

page read and write

E1F000

heap

page read and write

5BF5000

trusted library allocation

page read and write

E4F000

heap

page read and write

57B0000

trusted library allocation

page read and write

57BB000

trusted library allocation

page read and write

57C0000

trusted library allocation

page read and write

27D0000

direct allocation

page read and write

E40000

heap

page read and write

5CEC000

trusted library allocation

page read and write

5A4C000

trusted library allocation

page read and write

57B7000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

59EB000

trusted library allocation

page read and write

5861000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

5418000

trusted library allocation

page read and write

5228000

trusted library allocation

page read and write

5249000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

43D1000

heap

page read and write

E52000

heap

page read and write

5A4E000

trusted library allocation

page read and write

43D1000

heap

page read and write

57B6000

trusted library allocation

page read and write

58D3000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

43D1000

heap

page read and write

58B4000

trusted library allocation

page read and write

523F000

trusted library allocation

page read and write

51D2000

trusted library allocation

page read and write

4894000

direct allocation

page read and write

54F5000

trusted library allocation

page read and write

5884000

trusted library allocation

page read and write

E54000

heap

page read and write

5209000

trusted library allocation

page read and write

58D1000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

E53000

heap

page read and write

57BB000

trusted library allocation

page read and write

585F000

trusted library allocation

page read and write

51E8000

trusted library allocation

page read and write

5226000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

57B9000

trusted library allocation

page read and write

49B0000

direct allocation

page execute and read and write

58D5000

trusted library allocation

page read and write

5220000

trusted library allocation

page read and write

5282000

trusted library allocation

page read and write

4F4000

heap

page read and write

57BD000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

4F4000

heap

page read and write

51E7000

trusted library allocation

page read and write

59DE000

trusted library allocation

page read and write

5A28000

trusted library allocation

page read and write

E52000

heap

page read and write

51F0000

trusted library allocation

page read and write

586B000

trusted library allocation

page read and write

58C8000

trusted library allocation

page read and write

E4A000

heap

page read and write

57B1000

trusted library allocation

page read and write

730000

direct allocation

page read and write

51F8000

trusted library allocation

page read and write

27F0000

direct allocation

page execute and read and write

57B6000

trusted library allocation

page read and write

595E000

trusted library allocation

page read and write

DD8000

heap

page read and write

58CE000

trusted library allocation

page read and write

57BC000

trusted library allocation

page read and write

43D1000

heap

page read and write

522C000

trusted library allocation

page read and write

51DC000

trusted library allocation

page read and write

5BD5000

trusted library allocation

page read and write

5949000

trusted library allocation

page read and write

59CB000

trusted library allocation

page read and write

5225000

trusted library allocation

page read and write

58CD000

trusted library allocation

page read and write

57B3000

trusted library allocation

page read and write

43D1000

heap

page read and write

5225000

trusted library allocation

page read and write

43D1000

heap

page read and write

5201000

trusted library allocation

page read and write

58AB000

trusted library allocation

page read and write

51D4000

trusted library allocation

page read and write

E3C000

heap

page read and write

5220000

trusted library allocation

page read and write

57BA000

trusted library allocation

page read and write

5A51000

trusted library allocation

page read and write

51DC000

trusted library allocation

page read and write

E3F000

heap

page read and write

5A68000

trusted library allocation

page read and write

5251000

trusted library allocation

page read and write

5221000

trusted library allocation

page read and write

4F4000

heap

page read and write

58EA000

trusted library allocation

page read and write

5206000

trusted library allocation

page read and write

57BA000

trusted library allocation

page read and write

5233000

trusted library allocation

page read and write

E41000

heap

page read and write

58A9000

trusted library allocation

page read and write

4F4000

heap

page read and write

51EB000

trusted library allocation

page read and write

49A0000

direct allocation

page execute and read and write

5207000

trusted library allocation

page read and write

57BB000

trusted library allocation

page read and write

51E2000

trusted library allocation

page read and write

43D1000

heap

page read and write

51E9000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

5869000

trusted library allocation

page read and write

E2F000

heap

page read and write

5200000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

E4F000

heap

page read and write

43D1000

heap

page read and write

51D1000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

5941000

trusted library allocation

page read and write

5231000

trusted library allocation

page read and write

5886000

trusted library allocation

page read and write

E53000

heap

page read and write

E3E000

heap

page read and write

51DC000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

5892000

trusted library allocation

page read and write

E4B000

heap

page read and write

E3E000

heap

page read and write

E64000

heap

page read and write

51E1000

trusted library allocation

page read and write

585F000

trusted library allocation

page read and write

43D1000

heap

page read and write

51E7000

trusted library allocation

page read and write

597F000

trusted library allocation

page read and write

5259000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

5435000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

E38000

heap

page read and write

57B4000

trusted library allocation

page read and write

58B6000

trusted library allocation

page read and write

750000

unkown

page readonly

51EF000

trusted library allocation

page read and write

522D000

trusted library allocation

page read and write

51E5000

trusted library allocation

page read and write

5204000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

E49000

heap

page read and write

5CEA000

trusted library allocation

page read and write

51EB000

trusted library allocation

page read and write

58AA000

trusted library allocation

page read and write

51DB000

trusted library allocation

page read and write

4F4000

heap

page read and write

58FD000

trusted library allocation

page read and write

E49000

heap

page read and write

59FB000

trusted library allocation

page read and write

593F000

trusted library allocation

page read and write

5A53000

trusted library allocation

page read and write

54BD000

trusted library allocation

page read and write

E60000

heap

page read and write

51DC000

trusted library allocation

page read and write

58D3000

trusted library allocation

page read and write

57B0000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

59E0000

trusted library allocation

page read and write

5235000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

E52000

heap

page read and write

5202000

trusted library allocation

page read and write

521F000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

5273000

trusted library allocation

page read and write

5240000

trusted library allocation

page read and write

523E000

trusted library allocation

page read and write

E3E000

heap

page read and write

5211000

trusted library allocation

page read and write

E4B000

heap

page read and write

51E2000

trusted library allocation

page read and write

57B8000

trusted library allocation

page read and write

5218000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

5209000

trusted library allocation

page read and write

E5B000

heap

page read and write

5216000

trusted library allocation

page read and write

E53000

heap

page read and write

5947000

trusted library allocation

page read and write

43D1000

heap

page read and write

59C9000

trusted library allocation

page read and write

5E26000

trusted library allocation

page read and write

57B5000

trusted library allocation

page read and write

587C000

trusted library allocation

page read and write

51F5000

trusted library allocation

page read and write

51DC000

trusted library allocation

page read and write

751000

unkown

page execute and write copy

51D6000

trusted library allocation

page read and write

54ED000

trusted library allocation

page read and write

57B8000

trusted library allocation

page read and write

59FD000

trusted library allocation

page read and write

584F000

trusted library allocation

page read and write

58FC000

trusted library allocation

page read and write

51FF000

trusted library allocation

page read and write

51D1000

trusted library allocation

page read and write

5238000

trusted library allocation

page read and write

51DF000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

5A26000

trusted library allocation

page read and write

51EE000

trusted library allocation

page read and write

5228000

trusted library allocation

page read and write

E40000

heap

page read and write

4F4000

heap

page read and write

59FF000

trusted library allocation

page read and write

43D1000

heap

page read and write

E65000

heap

page read and write

596B000

trusted library allocation

page read and write

544D000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

58BC000

trusted library allocation

page read and write

E41000

heap

page read and write

546D000

trusted library allocation

page read and write

E4A000

heap

page read and write

58C6000

trusted library allocation

page read and write

590F000

trusted library allocation

page read and write

58EC000

trusted library allocation

page read and write

5273000

trusted library allocation

page read and write

522E000

trusted library allocation

page read and write

51D6000

trusted library allocation

page read and write

5585000

trusted library allocation

page read and write

523E000

trusted library allocation

page read and write

5958000

trusted library allocation

page read and write

58BF000

trusted library allocation

page read and write

57B9000

trusted library allocation

page read and write

43D1000

heap

page read and write

E5B000

heap

page read and write

51EB000

trusted library allocation

page read and write

523E000

trusted library allocation

page read and write

51D8000

trusted library allocation

page read and write

4840000

remote allocation

page read and write

57B3000

trusted library allocation

page read and write

57B5000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

58E8000

trusted library allocation

page read and write

5240000

trusted library allocation

page read and write

E40000

heap

page read and write

E5B000

heap

page read and write

51D4000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

DD8000

heap

page read and write

730000

direct allocation

page read and write

57B4000

trusted library allocation

page read and write

51F9000

trusted library allocation

page read and write

730000

direct allocation

page read and write

51D1000

trusted library allocation

page read and write

5E77000

trusted library allocation

page read and write

57BC000

trusted library allocation

page read and write

E45000

heap

page read and write

E4C000

heap

page read and write

541B000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

5416000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

51F0000

trusted library allocation

page read and write

51F9000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

5207000

trusted library allocation

page read and write

5204000

trusted library allocation

page read and write

5238000

trusted library allocation

page read and write

44D0000

trusted library allocation

page read and write

58D1000

trusted library allocation

page read and write

5249000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

57BE000

trusted library allocation

page read and write

51D4000

trusted library allocation

page read and write

730000

direct allocation

page read and write

49B0000

direct allocation

page execute and read and write

E41000

heap

page read and write

57B4000

trusted library allocation

page read and write

49F4000

trusted library allocation

page read and write

55B2000

trusted library allocation

page read and write

57B7000

trusted library allocation

page read and write

59AD000

trusted library allocation

page read and write

5203000

trusted library allocation

page read and write

5273000

trusted library allocation

page read and write

520F000

trusted library allocation

page read and write

51EE000

trusted library allocation

page read and write

524E000

trusted library allocation

page read and write

E3C000

heap

page read and write

589F000

trusted library allocation

page read and write

4F4000

heap

page read and write

5202000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

57C1000

trusted library allocation

page read and write

730000

direct allocation

page read and write

57B1000

trusted library allocation

page read and write

587A000

trusted library allocation

page read and write

51D5000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

5219000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

5200000

trusted library allocation

page read and write

521D000

trusted library allocation

page read and write

523E000

trusted library allocation

page read and write

51F8000

trusted library allocation

page read and write

5246000

trusted library allocation

page read and write

5A4C000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

4F4000

heap

page read and write

57B8000

trusted library allocation

page read and write

4F4000

heap

page read and write

523F000

trusted library allocation

page read and write

522D000

trusted library allocation

page read and write

57BF000

trusted library allocation

page read and write

57B2000

trusted library allocation

page read and write

E4C000

heap

page read and write

57B8000

trusted library allocation

page read and write

57B4000

trusted library allocation

page read and write

51D6000

trusted library allocation

page read and write

51E7000

trusted library allocation

page read and write

There are 576 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML

IOC Report
file.exe