Analysis Overview
SHA256
8ac21fd5101245c481930e8a5adafb8d2a6b96ba54c5f43cab187059835aa5f9
Threat Level: Known bad
The file ab23d03dcf23220295648cfb245d2d6d.exe was found to be: Known bad.
Malicious Activity Summary
RedLine Payload
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-08-27 16:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-27 16:25
Reported
2021-08-27 16:27
Platform
win7v20210410
Max time kernel
151s
Max time network
153s
Command Line
Signatures
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
"C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe"
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 8.8.8.8:53 | api.ip.sb | udp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp |
Files
memory/308-60-0x0000000000340000-0x0000000000341000-memory.dmp
memory/308-62-0x00000000045B0000-0x00000000045B1000-memory.dmp
memory/1360-63-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1360-64-0x000000000041A616-mapping.dmp
memory/1360-65-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1360-67-0x0000000004A60000-0x0000000004A61000-memory.dmp
memory/1652-69-0x000000000041A616-mapping.dmp
memory/1652-72-0x0000000004930000-0x0000000004931000-memory.dmp
memory/316-74-0x000000000041A616-mapping.dmp
memory/316-77-0x0000000004B10000-0x0000000004B11000-memory.dmp
memory/884-79-0x000000000041A616-mapping.dmp
memory/884-82-0x0000000004880000-0x0000000004881000-memory.dmp
memory/516-84-0x000000000041A616-mapping.dmp
memory/516-87-0x0000000004450000-0x0000000004451000-memory.dmp
memory/1468-89-0x000000000041A616-mapping.dmp
memory/1468-92-0x0000000004810000-0x0000000004811000-memory.dmp
memory/1120-94-0x000000000041A616-mapping.dmp
memory/1120-97-0x0000000004A00000-0x0000000004A01000-memory.dmp
memory/1324-99-0x000000000041A616-mapping.dmp
memory/1324-102-0x00000000048E0000-0x00000000048E1000-memory.dmp
memory/624-104-0x000000000041A616-mapping.dmp
memory/624-107-0x0000000004AF0000-0x0000000004AF1000-memory.dmp
memory/792-109-0x000000000041A616-mapping.dmp
memory/792-112-0x0000000002190000-0x0000000002191000-memory.dmp
memory/1000-114-0x000000000041A616-mapping.dmp
memory/1000-117-0x0000000004B60000-0x0000000004B61000-memory.dmp
memory/968-119-0x000000000041A616-mapping.dmp
memory/968-122-0x0000000002160000-0x0000000002161000-memory.dmp
memory/884-124-0x000000000041A616-mapping.dmp
memory/884-127-0x0000000004880000-0x0000000004881000-memory.dmp
memory/2136-129-0x000000000041A616-mapping.dmp
memory/2136-132-0x0000000000600000-0x0000000000601000-memory.dmp
memory/2236-134-0x000000000041A616-mapping.dmp
memory/2236-137-0x0000000004580000-0x0000000004581000-memory.dmp
memory/2292-139-0x000000000041A616-mapping.dmp
memory/2292-142-0x0000000004970000-0x0000000004971000-memory.dmp
memory/2380-144-0x000000000041A616-mapping.dmp
memory/2380-147-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
memory/2448-149-0x000000000041A616-mapping.dmp
memory/2448-152-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
memory/2544-154-0x000000000041A616-mapping.dmp
memory/2544-157-0x0000000004780000-0x0000000004781000-memory.dmp
memory/2832-159-0x000000000041A616-mapping.dmp
memory/2832-162-0x00000000047F0000-0x00000000047F1000-memory.dmp
memory/2972-164-0x000000000041A616-mapping.dmp
memory/2972-167-0x0000000000BB0000-0x0000000000BB1000-memory.dmp
memory/3064-169-0x000000000041A616-mapping.dmp
memory/3064-172-0x0000000001EC0000-0x0000000001EC1000-memory.dmp
memory/2192-174-0x000000000041A616-mapping.dmp
memory/2192-177-0x00000000049A0000-0x00000000049A1000-memory.dmp
memory/2352-179-0x000000000041A616-mapping.dmp
memory/2352-182-0x0000000004960000-0x0000000004961000-memory.dmp
memory/1788-184-0x000000000041A616-mapping.dmp
memory/1788-187-0x0000000004230000-0x0000000004231000-memory.dmp
memory/2968-189-0x000000000041A616-mapping.dmp
memory/2968-192-0x0000000000670000-0x0000000000671000-memory.dmp
memory/2472-194-0x000000000041A616-mapping.dmp
memory/2472-197-0x00000000048D0000-0x00000000048D1000-memory.dmp
memory/2660-199-0x000000000041A616-mapping.dmp
memory/2660-202-0x0000000002040000-0x0000000002041000-memory.dmp
memory/2764-204-0x000000000041A616-mapping.dmp
memory/2764-207-0x0000000004800000-0x0000000004801000-memory.dmp
memory/3108-209-0x000000000041A616-mapping.dmp
memory/3108-212-0x0000000004AB0000-0x0000000004AB1000-memory.dmp
memory/3228-214-0x000000000041A616-mapping.dmp
memory/3228-217-0x0000000004C40000-0x0000000004C41000-memory.dmp
memory/3368-219-0x000000000041A616-mapping.dmp
memory/3368-222-0x0000000004870000-0x0000000004871000-memory.dmp
memory/3536-224-0x000000000041A616-mapping.dmp
memory/3536-227-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
memory/3712-229-0x000000000041A616-mapping.dmp
memory/3712-232-0x0000000002230000-0x0000000002231000-memory.dmp
memory/3856-234-0x000000000041A616-mapping.dmp
memory/3856-237-0x0000000004AF0000-0x0000000004AF1000-memory.dmp
memory/3980-239-0x000000000041A616-mapping.dmp
memory/3980-242-0x0000000004900000-0x0000000004901000-memory.dmp
memory/2508-244-0x000000000041A616-mapping.dmp
memory/2508-247-0x0000000004A60000-0x0000000004A61000-memory.dmp
memory/1472-249-0x000000000041A616-mapping.dmp
memory/1472-252-0x00000000049F0000-0x00000000049F1000-memory.dmp
memory/108-254-0x000000000041A616-mapping.dmp
memory/108-257-0x0000000004990000-0x0000000004991000-memory.dmp
memory/2996-259-0x000000000041A616-mapping.dmp
memory/2996-262-0x0000000004790000-0x0000000004791000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-27 16:25
Reported
2021-08-27 16:27
Platform
win10v20210410
Max time kernel
149s
Max time network
153s
Command Line
Signatures
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
"C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe"
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 24
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 24
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
C:\Users\Admin\AppData\Local\Temp\ab23d03dcf23220295648cfb245d2d6d.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 8.8.8.8:53 | api.ip.sb | udp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp | |
| N/A | 135.148.139.222:1494 | tcp |
Files
memory/3972-114-0x0000000000920000-0x0000000000921000-memory.dmp
memory/3972-116-0x00000000051E0000-0x00000000051E1000-memory.dmp
memory/3972-117-0x0000000002CD0000-0x0000000002CD1000-memory.dmp
memory/3972-118-0x0000000002D20000-0x0000000002D21000-memory.dmp
memory/2032-119-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2032-120-0x000000000041A616-mapping.dmp
memory/2032-123-0x0000000005760000-0x0000000005761000-memory.dmp
memory/2032-124-0x00000000051B0000-0x00000000051B1000-memory.dmp
memory/2032-125-0x00000000052E0000-0x00000000052E1000-memory.dmp
memory/2032-126-0x0000000005210000-0x0000000005211000-memory.dmp
memory/2032-127-0x0000000005250000-0x0000000005251000-memory.dmp
memory/2032-128-0x0000000005150000-0x0000000005756000-memory.dmp
memory/1196-130-0x000000000041A616-mapping.dmp
memory/1196-138-0x0000000005090000-0x0000000005696000-memory.dmp
memory/2076-140-0x000000000041A616-mapping.dmp
memory/2076-148-0x00000000050D0000-0x00000000056D6000-memory.dmp
memory/1132-150-0x000000000041A616-mapping.dmp
memory/2032-151-0x0000000006C20000-0x0000000006C21000-memory.dmp
memory/2032-152-0x0000000007320000-0x0000000007321000-memory.dmp
memory/2032-154-0x0000000006F10000-0x0000000006F11000-memory.dmp
memory/2032-155-0x0000000007D50000-0x0000000007D51000-memory.dmp
memory/2032-157-0x00000000072B0000-0x00000000072B1000-memory.dmp
memory/904-159-0x000000000041A616-mapping.dmp
memory/904-167-0x0000000004B40000-0x0000000005146000-memory.dmp
memory/3224-180-0x000000000041A616-mapping.dmp
memory/3224-191-0x00000000052A0000-0x00000000058A6000-memory.dmp
memory/784-193-0x000000000041A616-mapping.dmp
memory/784-201-0x0000000004CF0000-0x00000000052F6000-memory.dmp
memory/2072-203-0x000000000041A616-mapping.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ab23d03dcf23220295648cfb245d2d6d.exe.log
| MD5 | 14e0797ccb18df7a0a09f618d7fff67d |
| SHA1 | 0d735e7659fa20a28d551460dde8188dca5b930d |
| SHA256 | e2bdaddaf18237263a7e7fea990b3e5bd428eb81faef8fb3d16a150369aca407 |
| SHA512 | f9ae8492efd7d7c2f075b4927bc78f9d755c91f921d47e01153be7d59e5d45cc7defe6d810b1655fc695a51673d8f107dbf867998f7128c013b7da6122edbfd5 |
memory/2072-212-0x0000000005170000-0x0000000005776000-memory.dmp
memory/4000-214-0x000000000041A616-mapping.dmp
memory/4000-222-0x00000000052F0000-0x00000000058F6000-memory.dmp
memory/2672-224-0x000000000041A616-mapping.dmp
memory/2672-232-0x0000000004F00000-0x0000000005506000-memory.dmp
memory/1492-241-0x000000000041A616-mapping.dmp
memory/1196-243-0x000000000041A616-mapping.dmp
memory/1196-251-0x00000000051F0000-0x00000000057F6000-memory.dmp
memory/3880-253-0x000000000041A616-mapping.dmp
memory/3880-261-0x0000000005380000-0x0000000005986000-memory.dmp
memory/3872-263-0x000000000041A616-mapping.dmp
memory/3872-271-0x0000000005780000-0x0000000005D86000-memory.dmp
memory/1584-273-0x000000000041A616-mapping.dmp
memory/1584-281-0x0000000004EA0000-0x00000000054A6000-memory.dmp
memory/1808-283-0x000000000041A616-mapping.dmp
memory/1808-291-0x00000000055F0000-0x0000000005BF6000-memory.dmp
memory/2076-293-0x000000000041A616-mapping.dmp
memory/2076-299-0x0000000003090000-0x0000000003091000-memory.dmp
memory/996-303-0x000000000041A616-mapping.dmp
memory/996-318-0x0000000004FC0000-0x00000000055C6000-memory.dmp
memory/3136-320-0x000000000041A616-mapping.dmp
memory/3136-326-0x0000000004E10000-0x0000000005416000-memory.dmp
memory/2644-351-0x000000000041A616-mapping.dmp
memory/2644-359-0x0000000005110000-0x0000000005716000-memory.dmp
memory/4332-361-0x000000000041A616-mapping.dmp
memory/4332-375-0x0000000005420000-0x0000000005A26000-memory.dmp
memory/4524-378-0x000000000041A616-mapping.dmp
memory/4524-386-0x0000000005190000-0x0000000005796000-memory.dmp
memory/4548-388-0x000000000041A616-mapping.dmp
memory/4548-396-0x0000000004FC0000-0x00000000055C6000-memory.dmp
memory/4636-398-0x000000000041A616-mapping.dmp
memory/4636-406-0x0000000005800000-0x0000000005E06000-memory.dmp
memory/4828-408-0x000000000041A616-mapping.dmp
memory/4828-416-0x0000000005540000-0x0000000005B46000-memory.dmp
memory/4936-418-0x000000000041A616-mapping.dmp
memory/4936-426-0x0000000005200000-0x0000000005806000-memory.dmp
memory/4984-428-0x000000000041A616-mapping.dmp
memory/4984-436-0x00000000054A0000-0x0000000005AA6000-memory.dmp
memory/4256-438-0x000000000041A616-mapping.dmp
memory/4256-446-0x0000000005500000-0x0000000005B06000-memory.dmp
memory/4364-448-0x000000000041A616-mapping.dmp
memory/4364-456-0x00000000056F0000-0x0000000005CF6000-memory.dmp
memory/4420-458-0x000000000041A616-mapping.dmp
memory/4420-476-0x0000000004CE0000-0x00000000052E6000-memory.dmp
memory/4764-496-0x000000000041A616-mapping.dmp
memory/4764-504-0x0000000005320000-0x0000000005926000-memory.dmp
memory/3868-520-0x000000000041A616-mapping.dmp
memory/3868-528-0x0000000005530000-0x0000000005B36000-memory.dmp
memory/4400-544-0x000000000041A616-mapping.dmp
memory/4400-552-0x0000000005620000-0x0000000005C26000-memory.dmp
memory/4476-568-0x000000000041A616-mapping.dmp
memory/4476-576-0x0000000005050000-0x0000000005656000-memory.dmp
memory/5028-578-0x000000000041A616-mapping.dmp
memory/5028-589-0x0000000005520000-0x0000000005B26000-memory.dmp
memory/3676-609-0x000000000041A616-mapping.dmp
memory/4124-625-0x000000000041A616-mapping.dmp
memory/4124-633-0x00000000053E0000-0x00000000059E6000-memory.dmp
memory/5128-635-0x000000000041A616-mapping.dmp
memory/5128-643-0x0000000004DF0000-0x00000000053F6000-memory.dmp
memory/5312-647-0x000000000041A616-mapping.dmp
memory/5312-661-0x0000000005610000-0x0000000005C16000-memory.dmp
memory/5500-676-0x000000000041A616-mapping.dmp
memory/5500-694-0x00000000053E0000-0x00000000059E6000-memory.dmp
memory/5860-700-0x000000000041A616-mapping.dmp
memory/5860-708-0x0000000005380000-0x0000000005986000-memory.dmp