Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\rPRESUPUESTO.exe

"C:\Users\user\Desktop\rPRESUPUESTO.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3180
Target ID:	0
Parent PID:	1028
Name:	rPRESUPUESTO.exe
Path:	C:\Users\user\Desktop\rPRESUPUESTO.exe
Commandline:	"C:\Users\user\Desktop\rPRESUPUESTO.exe"
Size:	713736
MD5:	E78D43A26913CF101B98D1D04839EEE2
Time:	10:15:11
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x4e0000
Modulesize:	729088
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Adds a directory exclusion to Windows Defender	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet	System Summary
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Powershell Defender Exclusion	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\rPRESUPUESTO.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7092
Target ID:	3
Parent PID:	3180
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\rPRESUPUESTO.exe"
Size:	433152
MD5:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Time:	10:15:15
Date:	01/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x700000
Modulesize:	446464
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Adds a directory exclusion to Windows Defender	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Powershell Defender Exclusion	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\Desktop\rPRESUPUESTO.exe

"C:\Users\user\Desktop\rPRESUPUESTO.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5144
Target ID:	5
Parent PID:	3180
Name:	rPRESUPUESTO.exe
Path:	C:\Users\user\Desktop\rPRESUPUESTO.exe
Commandline:	"C:\Users\user\Desktop\rPRESUPUESTO.exe"
Size:	713736
MD5:	E78D43A26913CF101B98D1D04839EEE2
Time:	10:15:15
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc40000
Modulesize:	729088
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Adds a directory exclusion to Windows Defender	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet	System Summary
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Powershell Defender Exclusion	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe

"C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5908
Target ID:	8
Parent PID:	5144
Name:	MqDMLUHvZmSMqiwTfIsHo.exe
Path:	C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe
Commandline:	"C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	10:15:26
Date:	01/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x980000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\ktmutil.exe

"C:\Windows\SysWOW64\ktmutil.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6608
Target ID:	9
Parent PID:	5908
Name:	ktmutil.exe
Path:	C:\Windows\SysWOW64\ktmutil.exe
Commandline:	"C:\Windows\SysWOW64\ktmutil.exe"
Size:	15360
MD5:	AC387D5962B2FE2BF4D518DD57BA7230
Time:	10:15:27
Date:	01/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7b0000
Modulesize:	28672
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe

"C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3608
Target ID:	10
Parent PID:	6608
Name:	MqDMLUHvZmSMqiwTfIsHo.exe
Path:	C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe
Commandline:	"C:\Program Files (x86)\HuaxilgvNMlvjXqnbAUTDSsPYLOkyuWgMOeQybdntYYLGjJr\MqDMLUHvZmSMqiwTfIsHo.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	10:15:40
Date:	01/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x980000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4268
Target ID:	13
Parent PID:	6608
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	10:15:52
Date:	01/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff79f9e0000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6528
Target ID:	4
Parent PID:	7092
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	10:15:15
Date:	01/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\wbem\WmiPrvSE.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	1272
Target ID:	6
Parent PID:	752
Name:	WmiPrvSE.exe
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Size:	496640
MD5:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Time:	10:15:18
Date:	01/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff6ef0c0000
Modulesize:	516096
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.rlplatro.sbs/hpa2/

109.123.121.243

http://www.transelva.com/edi4/

74.208.236.72

http://www.coinmao.com/irbt/

192.227.175.142

http://www.xsemckm.sbs/pyns/

47.242.109.15

http://www.quantumvoil.xyz/gb2c/

203.161.62.199

http://www.genesiestudios.online/s29p/

31.186.11.254

http://www.203av.com/dy54/

45.207.12.95

http://www.gsdaluan.shop/8urb/

192.207.62.21

http://www.hydrogenmovie.com/vi6c/

81.95.96.29

http://www.atmpla.net/n983/

103.224.182.246

http://www.europedriveguide.com/2pcd/

72.52.179.174

http://www.mommysdaycare.net/k4dg/

199.59.243.226

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

https://faq.active24.com/cz/162807-DNS-hosting?l=cs

unknown

https://gui.active24.cz/img/icon/a24-favicon-16x16.png

unknown

https://webftp.active24.com/

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-57x57.png

unknown

https://gui.active24.cz/img/icon/a24-favicon-32x32.png

unknown

https://faq.active24.com/cz/806087-Z%c3%a1kladn%c3%ad-informace

unknown

https://www.active24.com/webforward-mailforward

unknown

https://mssql.active24.com/

unknown

https://www.active24.com/domeny#m-certifikace

unknown

https://gui.active24.cz/img/default-domain/free.png

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://active24.com/cssc/a21/main.less?v=7d8e320747f67055c1a1008fbc40d0c1

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-152x152.png

unknown

https://www.active24.com/domeny

unknown

https://www.google.com

unknown

http://gq64q4.cn/user/design/clas/euse/sksueqquqf/81

unknown

https://www.active24.com/o-spolecnosti/obchodni-podminky

unknown

https://gui.active24.cz/library/theme/hp16/style.css

unknown

https://customer.active24.com/

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-114x114.png

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-180x180.png

unknown

https://active24.cz/objednavka/domain/availability/list

unknown

https://gui.active24.cz/font/active24-icons.eot

unknown

https://www.active24.com/o-spolecnosti/media

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://faq.active24.com/cz/045021-Webov%c3%a9-str%c3%a1nky-a-E-shopy

unknown

https://faq.active24.com/cz/085122-Hosting-a-Servery

unknown

https://gui.active24.cz/font/active24-icons.woff

unknown

https://www.active24.com/o-spolecnosti/kontakty

unknown

https://www.active24.com/weby/mojestranky

unknown

https://gui.active24.cz/img/icon/a24-favicon-96x96.png

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-76x76.png

unknown

https://www.transelva.com/edi4/?4dV43tA=NUWN0h33C1Yyooj/Nqm5TKnDvFAfPsTlu/xXoo6GTaC/958/rmN21lJSbp33

unknown

https://www.active24.com/jak-na-tvorbu-webu

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://www.genesiestudios.online

unknown

https://www.active24.com/o-spolecnosti/rikaji-o-nas-zakaznici

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-60x60.png

unknown

https://www.active24.com/o-spolecnosti/kariera

unknown

https://gui.active24.cz/img/default-domain/dnssec.png

unknown

https://faq.active24.com/cz/808905-E-mailov%c3%a1-%c5%99e%c5%a1en%c3%ad

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-120x120.png

unknown

https://gui.active24.cz/font/active24-icons.svg

unknown

https://gui.active24.cz/img/webmail_ikony_vlajky.png)

unknown

https://www.active24.com/o-spolecnosti

unknown

https://gui.active24.cz/img/icon/a24-ms-icon-144x144.png

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://faq.active24.com/cz/932337-Spolupr%c3%a1ce

unknown

https://faq.active24.com/cz/939671-Fakturace-a-platby

unknown

https://www.active24.com/dnssec

unknown

https://gui.active24.cz/font/active24-icons.ttf

unknown

https://www.active24.com/klientska-zona/zakaznicka-podpora

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://faq.active24.com/cz/757409-Bezpe%c4%8dnost

unknown

https://gui.active24.cz/img/default-domain/dns.png

unknown

https://blog.active24.cz//

unknown

http://ww7.europedriveguide.com/2pcd/?4dV43tA=tIH23YAAyU0vk1VwVlLsnDkrzub9KGyrHgMKKMQURaOCIZhbg0Upzh

unknown

https://www.ecosia.org/newtab/

unknown

https://gui.active24.cz/img/default-domain/superpage.png

unknown

https://www.chiark.greenend.org.uk/~sgtatham/putty/0

unknown

https://faq.active24.com/cz/920729-Dom%c3%a9ny-a-DNS

unknown

https://www.active24.com/objednavka/login

unknown

https://webmail.active24.com/

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://gui.active24.cz/img/default-domain/image.png

unknown

https://mysql.active24.com/

unknown

https://gui.active24.cz/css/landing.css

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-144x144.png

unknown

https://gui.active24.cz/img/default-domain/redirect.png

unknown

https://gui.active24.cz/img/default-domain/notify.png

unknown

https://gui.active24.cz/img/icon/a24-favicon-192x192.png

unknown

https://gui.active24.cz/img/icon/a24-apple-favicon-72x72.png

unknown

https://www.active24.com

unknown

https://www.superstranka.cz/

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://www.active24.com/spoluprace

unknown

https://www.active24.com/upozorneni

unknown

There are 81 hidden URLs, click here to show them.

Domains

Name

Malicious

225.jtrhc.fun

192.207.62.21

www.mommysdaycare.net

199.59.243.226

www.coinmao.com

192.227.175.142

www.quantumvoil.xyz

203.161.62.199

genesiestudios.online

31.186.11.254

www.atmpla.net

103.224.182.246

2xin3.zhanghonghong.com

122.10.13.122

www.203av.com

45.207.12.95

www.b6fbly7u.shop

121.254.178.238

www.europedriveguide.com

72.52.179.174

www.xsemckm.sbs

47.242.109.15

www.rlplatro.sbs

109.123.121.243

www.transelva.com

74.208.236.72

www.hydrogenmovie.com

81.95.96.29

www.tcqlk.com

unknown

www.genesiestudios.online

unknown

www.gsdaluan.shop

unknown

There are 7 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

122.10.13.122

2xin3.zhanghonghong.com

Hong Kong

74.208.236.72

www.transelva.com

United States

121.254.178.238

www.b6fbly7u.shop

Korea Republic of

192.207.62.21

225.jtrhc.fun

United States

72.52.179.174

www.europedriveguide.com

United States

192.227.175.142

www.coinmao.com

United States

199.59.243.226

www.mommysdaycare.net

United States

203.161.62.199

www.quantumvoil.xyz

Malaysia

109.123.121.243

www.rlplatro.sbs

United Kingdom

103.224.182.246

www.atmpla.net

Australia

31.186.11.254

genesiestudios.online

Turkey

45.207.12.95

www.203av.com

Seychelles

81.95.96.29

www.hydrogenmovie.com

Czech Republic

47.242.109.15

www.xsemckm.sbs

United States

There are 4 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4

Blob

Details

TargetID:	3
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Value name:	Blob
Value data:	19 00 00 00 01 00 00 00 10 00 00 00 82 21 8F FB 91 73 3E 64 13 6B E5 71 9F 57 C3 A1 03 00 00 00 01 00 00 00 14 00 00 00 AF E5 D2 44 A8 D1 19 42 30 FF 47 9F E2 F8 97 BB CD 7A 8C B4 1D 00 00 00 01 00 00 00 10 00 00 00 CB 39 C3 D4 27 2C DF 63 77 4E 1D B8 10 C5 A8 9E 14 00 00 00 01 00 00 00 14 00 00 00 BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC D9 32 32 D4 62 00 00 00 01 00 00 00 20 00 00 00 52 F0 E1 C4 E5 8E C6 29 29 1B 60 31 7F 07 46 71 B8 5D 7E A8 0D 5B 07 27 34 63 53 4B 32 B4 02 34 0B 00 00 00 01 00 00 00 3A 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 66 00 6F 00 72 00 6D 00 65 00 72 00 6C 00 79 00 20 00 43 00 6F 00 6D 00 6F 00 64 00 6F 00 20 00 43 00 41 00 29 00 00 00 53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 0F 00 00 00 01 00 00 00 30 00 00 00 76 16 13 F4 CD 86 07 50 8C 3D 52 0F BE FE 68 77 37 35 FC 73 74 6F 42 A9 FD 62 54 BA 3B 72 F0 04 79 94 E5 AF 57 67 7C F6 D2 C1 96 59 84 96 5D F1 20 00 00 00 01 00 00 00 DC 05 00 00 30 82 05 D8 30 82 03 C0 A0 03 02 01 02 02 10 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 13 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 13 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 13 11 43 4F 4D 4F 44 4F 20 43 41 20 4C 69 6D 69 74 65 64 31 2B 30 29 06 03 55 04 03 13 22 43 4F 4D 4F 44 4F 20 52 53 41 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 31 30 30 31 31 39 30 30 30 30 30 30 5A 17 0D 33 38 30 31 31 38 32 33 35 39 35 39 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 13 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 13 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 13 11 43 4F 4D 4F 44 4F 20 43 41 20 4C 69 6D 69 74 65 64 31 2B 30 29 06 03 55 04 03 13 22 43 4F 4D 4F 44 4F 20 52 53 41 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 91 E8 54 92 D2 0A 56 B1 AC 0D 24 DD C5 CF 44 67 74 99 2B 37 A3 7D 23 70 00 71 BC 53 DF C4 FA 2A 12 8F 4B 7F 10 56 BD 9F 70 72 B7 61 7F C9 4B 0F 17 A7 3D E3 B0 04 61 EE FF 11 97 C7 F4 86 3E 0A FA 3E 5C F9 93 E6 34 7A D9 14 6B E7 9C B3 85 A0 82 7A 76 AF 71 90 D7 EC FD 0D FA 9C 6C FA DF B0 82 F4 14 7E F9 BE C4 A6 2F 4F 7F 99 7F B5 FC 67 43 72 BD 0C 00 D6 89 EB 6B 2C D3 ED 8F 98 1C 14 AB 7E E5 E3 6E FC D8 A8 E4 92 24 DA 43 6B 62 B8 55 FD EA C1 BC 6C B6 8B F3 0E 8D 9A E4 9B 6C 69 99 F8 78 48 30 45 D5 AD E1 0D 3C 45 60 FC 32 96 51 27 BC 67 C3 CA 2E B6 6B EA 46 C7 C7 20 A0 B1 1F 65 DE 48 08 BA A4 4E A9 F2 83 46 37 84 EB E8 CC 81 48 43 67 4E 72 2A 9B 5C BD 4C 1B 28 8A 5C 22 7B B4 AB 98 D9 EE E0 51 83 C3 09 46 4E 6D 3E 99 FA 95 17 DA 7C 33 57 41 3C 8D 51 ED 0B B6 5C AF 2C 63 1A DF 57 C8 3F BC E9 5D C4 9B AF 45 99 E2 A3 5A 24 B4 BA A9 56 3D CF 6F AA FF 49 58 BE F0 A8 FF F4 B8 AD E9 37 FB BA B8 F4 0B 3A F9 E8 43 42 1E 89 D8 84 CB 13 F1 D9 BB E1 89 60 B8 8C 28 56 AC 14 1D 9C 0A E7 71 EB CF 0E DD 3D A9 96 A1 48 BD 3C F7 AF B5 0D 22 4C C0 11 81 EC 56 3B F6 D3 A2 E2 5B B7 B2 04 22 52 95 80 93 69 E8 8E 4C 65 F1 91 03 2D 70 74 02 EA 8B 67 15 29 69 52 02 BB D7 DF 50 6A 55 46 BF A0 A3 28 61 7F 70 D0 C3 A2 AA 2C 21 AA 47 CE 28 9C 06 45 76 BF 82 18 27 B4 D5 AE B4 CB 50 E6 6B F4 4C 86 71 30 E9 A6 DF 16 86 E0 D8 FF 40 DD FB D0 42 88 7F A3 33 3A 2E 5C 1E 41 11 81 63 CE 18 71 6B 2B EC A6 8A B7 31 5C 3A 6A 47 E0 C3 79 59 D6 20 1A AF F2 6A 98 AA 72 BC 57 4A D2 4B 9D BB 10 FC B0 4C 41 E5 ED 1D 3D 5E 28 9D 9C CC BF B3 51 DA A7 47 E5 84 53 02 03 01 00 01 A3 42 30 40 30 1D 06 03 55 1D 0E 04 16 04 14 BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC D9 32 32 D4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00 03 82 02 01 00 0A F1 D5 46 84 B7 AE 51 BB 6C B2 4D 41 14 00 93 4C 9C CB E5 C0 54 CF A0 25 8E 02 F9 FD B0 A2 0D F5 20 98 3C 13 2D AC 56 A2 B0 D6 7E 11 92 E9 2E BA 9E 2E 9A 72 B1 BD 19 44 6C 61 35 A2 9A B4 16 12 69 5A 8C E1 D7 3E A4 1A E8 2F 03 F4 AE 61 1D 10 1B 2A A4 8B 7A C5 FE 05 A6 E1 C0 D6 C8 FE 9E AE 8F 2B BA 3D 99 F8 D8 73 09 58 46 6E A6 9C F4 D7 27 D3 95 DA 37 83 72 1C D3 73 E0 A2 47 99 03 38 5D D5 49 79 00 29 1C C7 EC 9B 20 1C 07 24 69 57 78 B2 39 FC 3A 84 A0 B5 9C 7C 8D BF 2E 93 62 27 B7 39 DA 17 18 AE BD 3C 09 68 FF 84 9B 3C D5 D6 0B 03 E3 57 9E 14 F7 D1 EB 4F C8 BD 87 23 B7 B6 49 43 79 85 5C BA EB 92 0B A1 C6 E8 68 A8 4C 16 B1 1A 99 0A E8 53 2C 92 BB A1 09 18 75 0C 65 A8 7B CB 23 B7 1A C2 28 85 C3 1B FF D0 2B 62 EF A4 7B 09 91 98 67 8C 14 01 CD 68 06 6A 63 21 75 03 80 88 8A 6E 81 C6 85 F2 A9 A4 2D E7 F4 A5 24 10 47 83 CA CD F4 8D 79 58 B1 06 9B E7 1A 2A D9 9D 01 D7 94 7D ED 03 4A CA F0 DB E8 A9 01 3E F5 56 99 C9 1E 8E 49 3D BB E5 09 B9 E0 4F 49 92 3D 16 82 40 CC CC 59 C6 E6 3A ED 12 2E 69 3C 6C 95 B1 FD AA 1D 7B 7F 86 BE 1E 0E 32 46 FB FB 13 8F 75 7F 4C 8B 4B 46 63 FE 00 34 40 70 C1 C3 B9 A1 DD A6 70 E2 04 B3 41 BC E9 80 91 EA 64 9C 7A E1 22 03 A9 9C 6E 6F 0E 65 4F 6C 87 87 5E F3 6E A0 F9 75 A5 9B 40 E8 53 B2 27 9D 4A B9 C0 77 21 8D FF 87 F2 DE BC 8C EF 17 DF B7 49 0B D1 F2 6E 30 0B 1A 0E 4E 76 ED 11 FC F5 E9 56 B2 7D BF C7 6D 0A 93 8C A5 D0 C0 B6 1D BE 3A 4E 94 A2 D7 6E 6C 0B C2 8A 7C FA 20 F3 C4 E4 E5 CD 0D A8 CB 91 92 B1 7C 85 EC B5 14 69 66 0E 82 E7 CD CE C8 2D A6 51 7F 21 C1 35 53 85 06 4A 5D 9F AD BB 1B 5F 74

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

Memdumps

Base Address

Regiontype

Protect

Malicious

1600000

unclassified section

page execute and read and write

5560000

system

page execute and read and write

180000

system

page execute and read and write

720000

trusted library allocation

page read and write

760000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

44C8000

unkown

page read and write

75C4000

heap

page read and write

5340000

heap

page read and write

1F4179C4000

trusted library allocation

page read and write

1F415C53000

heap

page read and write

C9A000

trusted library allocation

page execute and read and write

603000

heap

page read and write

C8D000

trusted library allocation

page execute and read and write

36C6000

unclassified section

page read and write

CAB000

trusted library allocation

page execute and read and write

2C4D000

direct allocation

page execute and read and write

1F415C4C000

heap

page read and write

27C1000

heap

page read and write

1F415C53000

heap

page read and write

7551000

heap

page read and write

4E30000

heap

page execute and read and write

4260000

unkown

page execute and read and write

27C1000

heap

page read and write

28C0000

heap

page read and write

7550000

heap

page read and write

27C1000

heap

page read and write

1110000

unkown

page read and write

1320000

heap

page read and write

282D000

trusted library allocation

page read and write

44E8000

unclassified section

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

1F415A90000

system

page execute and read and write

27C1000

heap

page read and write

8148000

heap

page read and write

7C9F000

stack

page read and write

27C1000

heap

page read and write

2AB0000

trusted library allocation

page read and write

8122000

heap

page read and write

55B8000

system

page execute and read and write

CFA000

stack

page read and write

DFD000

stack

page read and write

27C1000

heap

page read and write

4D00000

unkown

page execute and read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

645000

heap

page read and write

1070000

unkown

page read and write

27C1000

heap

page read and write

5390000

trusted library allocation

page read and write

1120000

unkown

page readonly

1191000

unkown

page readonly

2E3C000

unkown

page read and write

659000

heap

page read and write

27C1000

heap

page read and write

5F3000

heap

page read and write

1AE8000

direct allocation

page execute and read and write

2821000

trusted library allocation

page read and write

1040000

unkown

page readonly

98E000

unkown

page readonly

27C1000

heap

page read and write

5D60000

trusted library allocation

page read and write

2D70000

unkown

page readonly

2DF1000

direct allocation

page execute and read and write

1030000

unkown

page readonly

27C1000

heap

page read and write

53A0000

trusted library allocation

page execute and read and write

27C1000

heap

page read and write

5FC000

heap

page read and write

27C1000

heap

page read and write

2E62000

direct allocation

page execute and read and write

6B0000

heap

page read and write

4E43000

heap

page read and write

DF0000

heap

page read and write

1347000

heap

page read and write

27C1000

heap

page read and write

76A0000

trusted library allocation

page read and write

27C1000

heap

page read and write

7C5E000

stack

page read and write

995000

unkown

page read and write

1F41780F000

trusted library allocation

page read and write

10FE000

stack

page read and write

27C1000

heap

page read and write

6CF000

heap

page read and write

5700000

unkown

page execute and read and write

27C1000

heap

page read and write

1120000

trusted library allocation

page read and write

1F417690000

heap

page read and write

2976000

heap

page read and write

15CFC000

system

page read and write

75C9000

heap

page read and write

2D60000

heap

page read and write

5CDD000

stack

page read and write

DFD000

stack

page read and write

7880000

trusted library allocation

page read and write

28ED000

heap

page read and write

1010000

unkown

page readonly

2AA3000

heap

page read and write

1F417803000

trusted library allocation

page read and write

27C1000

heap

page read and write

B60000

trusted library allocation

page read and write

8151000

heap

page read and write

27C1000

heap

page read and write

9D0000

heap

page read and write

1AF0000

unclassified section

page execute and read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

1F415C27000

heap

page read and write

3951000

trusted library allocation

page read and write

4D95000

trusted library allocation

page read and write

6B5000

heap

page read and write

11E4000

heap

page read and write

602000

heap

page read and write

4336000

unkown

page read and write

654000

heap

page read and write

C90000

unkown

page readonly

2CB0000

unkown

page read and write

62B000

heap

page read and write

53C8000

trusted library allocation

page read and write

7595000

heap

page read and write

27C1000

heap

page read and write

6E0000

heap

page read and write

1130000

heap

page read and write

5F1000

heap

page read and write

4D90000

trusted library allocation

page read and write

135D000

heap

page read and write

CC0000

trusted library allocation

page read and write

1060000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

7B00000

heap

page read and write

820E000

stack

page read and write

480C000

unclassified section

page read and write

1F4000

heap

page read and write

53DA000

trusted library allocation

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

997000

unkown

page readonly

27C1000

heap

page read and write

C80000

unkown

page readonly

2CAF000

stack

page read and write

1F417901000

trusted library allocation

page read and write

683000

heap

page read and write

574C000

unkown

page read and write

D8C000

stack

page read and write

27C1000

heap

page read and write

654000

heap

page read and write

2D04000

heap

page read and write

1F415C3D000

heap

page read and write

27C1000

heap

page read and write

1100000

trusted library allocation

page execute and read and write

1130000

trusted library allocation

page read and write

27C1000

heap

page read and write

677000

heap

page read and write

132E000

heap

page read and write

1F4000

heap

page read and write

7590000

heap

page read and write

1340000

heap

page read and write

640000

heap

page read and write

3B5C000

unkown

page read and write

75D5000

heap

page read and write

C92000

trusted library allocation

page read and write

1028000

heap

page read and write

98E000

unkown

page readonly

AEE000

stack

page read and write

2A9F000

heap

page read and write

11C0000

unkown

page readonly

1761000

unkown

page readonly

1050000

unkown

page readonly

78DE000

stack

page read and write

75B9000

heap

page read and write

294E000

stack

page read and write

512F000

stack

page read and write

1F4179CE000

trusted library allocation

page read and write

281E000

trusted library allocation

page read and write

FFE000

unkown

page read and write

C40000

unkown

page readonly

27C1000

heap

page read and write

C90000

trusted library allocation

page read and write

C83000

trusted library allocation

page read and write

27C1000

heap

page read and write

1F4179BE000

trusted library allocation

page read and write

27C1000

heap

page read and write

4012000

unkown

page read and write

6100000

unkown

page execute and read and write

CFA000

stack

page read and write

5B0B000

stack

page read and write

1F4000

heap

page read and write

BB5000

heap

page read and write

314C000

unclassified section

page read and write

27C1000

heap

page read and write

C73000

trusted library allocation

page execute and read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

55D6000

system

page execute and read and write

1310000

unkown

page readonly

27C1000

heap

page read and write

5D85000

heap

page read and write

27C1000

heap

page read and write

2AB0000

trusted library allocation

page read and write

C74000

trusted library allocation

page read and write

75D2000

heap

page read and write

1F417815000

trusted library allocation

page read and write

5EE0000

heap

page read and write

815F000

heap

page read and write

27C1000

heap

page read and write

C70000

trusted library allocation

page read and write

11E0000

heap

page read and write

1F417800000

trusted library allocation

page read and write

53B0000

trusted library allocation

page read and write

4E2000

unkown

page readonly

27C1000

heap

page read and write

7495000

heap

page read and write

1210000

heap

page read and write

5E8000

heap

page read and write

41A4000

unkown

page read and write

2E72000

unclassified section

page read and write

1130000

heap

page read and write

132A000

heap

page read and write

27C1000

heap

page read and write

75CF000

heap

page read and write

5FC000

heap

page read and write

18CD000

direct allocation

page execute and read and write

5E8E000

stack

page read and write

CA7000

trusted library allocation

page execute and read and write

18B1000

unkown

page readonly

27C1000

heap

page read and write

1F417813000

trusted library allocation

page read and write

27C1000

heap

page read and write

6F0000

heap

page read and write

BB3000

heap

page read and write

BA4000

heap

page read and write

2A10000

trusted library allocation

page execute and read and write

1310000

unkown

page readonly

8260000

trusted library section

page read and write

27C1000

heap

page read and write

C2A000

heap

page read and write

2B14000

heap

page read and write

27C1000

heap

page read and write

1000000

unkown

page readonly

10FB000

stack

page read and write

824B000

stack

page read and write

516E000

stack

page read and write

11E0000

heap

page read and write

5310000

trusted library allocation

page read and write

27C1000

heap

page read and write

1A51000

direct allocation

page execute and read and write

D60000

heap

page read and write

27C1000

heap

page read and write

780F000

stack

page read and write

1F415C20000

heap

page read and write

689000

heap

page read and write

5350000

trusted library allocation

page read and write

C7D000

trusted library allocation

page execute and read and write

27C1000

heap

page read and write

1010000

unkown

page readonly

C2905FF000

stack

page read and write

117E000

stack

page read and write

5398000

trusted library allocation

page read and write

B2E000

stack

page read and write

755B000

heap

page read and write

2EF0000

unclassified section

page execute and read and write

981000

unkown

page execute read

27C1000

heap

page read and write

817C000

heap

page read and write

3AAA000

trusted library allocation

page read and write

7890000

trusted library allocation

page read and write

36A6000

unkown

page read and write

27C1000

heap

page read and write

52FE000

stack

page read and write

75D7000

heap

page read and write

27C1000

heap

page read and write

640000

heap

page read and write

27C1000

heap

page read and write

1349000

heap

page read and write

27C1000

heap

page read and write

5AB0000

trusted library allocation

page read and write

1F415C50000

heap

page read and write

839000

stack

page read and write

C80000

trusted library allocation

page read and write

AE6C000

stack

page read and write

C1E000

heap

page read and write

8112000

heap

page read and write

11E4000

heap

page read and write

B30000

heap

page read and write

710000

heap

page read and write

27C1000

heap

page read and write

980000

unkown

page readonly

27C1000

heap

page read and write

27C1000

heap

page read and write

720000

trusted library allocation

page read and write

502E000

stack

page read and write

4390000

unclassified section

page execute and read and write

27C1000

heap

page read and write

400000

heap

page read and write

27C1000

heap

page read and write

770E000

stack

page read and write

27C1000

heap

page read and write

535E000

trusted library allocation

page read and write

27C1000

heap

page read and write

5360000

trusted library allocation

page execute and read and write

C60000

unkown

page readonly

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

1130000

heap

page read and write

27C1000

heap

page read and write

1040000

unkown

page readonly

7FBB0000

trusted library allocation

page execute and read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

1580000

direct allocation

page read and write

2768000

trusted library allocation

page read and write

7480000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

5F07000

heap

page read and write

27C1000

heap

page read and write

1180000

unkown

page read and write

5F8000

heap

page read and write

6AA000

heap

page read and write

3534000

unclassified section

page read and write

27C1000

heap

page read and write

562B000

system

page execute and read and write

27C1000

heap

page read and write

5F3000

heap

page read and write

157F000

stack

page read and write

758E000

heap

page read and write

55D4000

system

page execute and read and write

5B30000

heap

page read and write

27C1000

heap

page read and write

7C82000

trusted library allocation

page read and write

2CE0000

unkown

page read and write

3B94000

trusted library allocation

page read and write

981000

unkown

page execute read

1650000

heap

page read and write

98E000

unkown

page readonly

27C1000

heap

page read and write

CD0000

heap

page execute and read and write

7830000

trusted library allocation

page read and write

2E60000

unkown

page execute and read and write

2E52000

unkown

page read and write

75CE000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

6BB000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

535B000

trusted library allocation

page read and write

2CB0000

unkown

page read and write

75DD000

heap

page read and write

F6F000

stack

page read and write

756A000

heap

page read and write

7A3E000

stack

page read and write

39CA000

unkown

page read and write

39EA000

unclassified section

page read and write

1F4179B4000

trusted library allocation

page read and write

AA8E000

stack

page read and write

27C1000

heap

page read and write

2800000

trusted library allocation

page read and write

5FC000

heap

page read and write

27C1000

heap

page read and write

17A0000

direct allocation

page execute and read and write

650000

heap

page read and write

55AE000

system

page execute and read and write

659000

heap

page read and write

5D70000

trusted library allocation

page execute and read and write

2D10000

unkown

page readonly

10BE000

stack

page read and write

58E000

unkown

page readonly

2970000

trusted library allocation

page read and write

C70000

unkown

page readonly

132A000

heap

page read and write

759A000

heap

page read and write

27C1000

heap

page read and write

312C000

unkown

page read and write

24F0000

unclassified section

page execute and read and write

5CCE000

stack

page read and write

2CBE000

direct allocation

page execute and read and write

2B20000

direct allocation

page execute and read and write

27C1000

heap

page read and write

75C6000

heap

page read and write

27C1000

heap

page read and write

981000

unkown

page execute read

2F12000

unkown

page read and write

2BAE000

stack

page read and write

1101000

unkown

page readonly

27C1000

heap

page read and write

27C1000

heap

page read and write

41C4000

unclassified section

page read and write

5ECE000

stack

page read and write

52BE000

stack

page read and write

467A000

unclassified section

page read and write

7568000

heap

page read and write

C80000

unkown

page readonly

53B9000

trusted library allocation

page read and write

27C1000

heap

page read and write

1050000

unkown

page readonly

8193000

heap

page read and write

27C1000

heap

page read and write

2F32000

unclassified section

page read and write

5B10000

heap

page read and write

695000

heap

page read and write

2BCB000

trusted library allocation

page read and write

27C1000

heap

page read and write

4356000

unclassified section

page read and write

1030000

unkown

page readonly

3514000

unkown

page read and write

53E4000

trusted library allocation

page read and write

1F4174D0000

trusted library allocation

page read and write

27C1000

heap

page read and write

2D70000

unkown

page readonly

C40000

unkown

page readonly

27C1000

heap

page read and write

312C000

unkown

page read and write

997000

unkown

page readonly

27C1000

heap

page read and write

27C1000

heap

page read and write

981000

unkown

page execute read

B8F000

heap

page read and write

11F0000

heap

page read and write

4E0E000

stack

page read and write

1520000

unkown

page readonly

11F0000

heap

page read and write

130E000

stack

page read and write

5E0000

heap

page read and write

2951000

trusted library allocation

page read and write

4C60000

unkown

page execute and read and write

1120000

unkown

page readonly

27C1000

heap

page read and write

1F415BB0000

heap

page read and write

1F415B70000

heap

page read and write

1101000

unkown

page readonly

465A000

unkown

page read and write

7580000

heap

page read and write

27C1000

heap

page read and write

4FEE000

stack

page read and write

27C1000

heap

page read and write

2C49000

direct allocation

page execute and read and write

1F417821000

trusted library allocation

page read and write

27C1000

heap

page read and write

175F000

stack

page read and write

D1E000

stack

page read and write

27CA000

heap

page read and write

C28F5FD000

stack

page read and write

75B3000

heap

page read and write

3CEE000

unkown

page read and write

18C9000

direct allocation

page execute and read and write

2832000

trusted library allocation

page read and write

5D5E000

stack

page read and write

9A0000

heap

page read and write

7870000

trusted library allocation

page execute and read and write

10BE000

stack

page read and write

666000

heap

page read and write

18B1000

unkown

page readonly

27C1000

heap

page read and write

1200000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

990000

heap

page read and write

83EF000

stack

page read and write

27C1000

heap

page read and write

5ED0000

heap

page read and write

27C1000

heap

page read and write

7820000

trusted library section

page read and write

2D10000

unkown

page readonly

27C1000

heap

page read and write

4DA0000

trusted library allocation

page read and write

1F41780A000

trusted library allocation

page read and write

27C1000

heap

page read and write

4E0000

unkown

page readonly

7810000

heap

page read and write

11A0000

unkown

page read and write

27C1000

heap

page read and write

C50000

unkown

page readonly

7540000

trusted library allocation

page read and write

27C1000

heap

page read and write

C90000

unkown

page readonly

AD6E000

stack

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

3990000

unclassified section

page execute and read and write

2E52000

unkown

page read and write

1F4174D0000

trusted library allocation

page read and write

1F415B60000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

9D5000

heap

page read and write

C50000

unkown

page readonly

27C1000

heap

page read and write

27C1000

heap

page read and write

C28FDFE000

stack

page read and write

2D04000

heap

page read and write

27C1000

heap

page read and write

2804000

trusted library allocation

page read and write

27C1000

heap

page read and write

CCA000

stack

page read and write

27C1000

heap

page read and write

59D0000

trusted library allocation

page read and write

1110000

unkown

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

980000

unkown

page readonly

995000

unkown

page read and write

1A66000

direct allocation

page execute and read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

1020000

heap

page read and write

1000000

unkown

page readonly

27C1000

heap

page read and write

27C1000

heap

page read and write

1191000

unkown

page readonly

2E40000

heap

page read and write

27C1000

heap

page read and write

53E0000

trusted library allocation

page read and write

27C1000

heap

page read and write

7560000

heap

page read and write

5B20000

trusted library section

page readonly

27C1000

heap

page read and write

526E000

stack

page read and write

27C1000

heap

page read and write

1020000

heap

page read and write

AACE000

stack

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

75D8000

heap

page read and write

27C1000

heap

page read and write

53DF000

trusted library allocation

page read and write

15A22000

system

page read and write

2AB0000

trusted library allocation

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

3D0E000

unclassified section

page read and write

DCC000

stack

page read and write

27C1000

heap

page read and write

2DED000

direct allocation

page execute and read and write

7B5E000

stack

page read and write

7565000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

749E000

heap

page read and write

132E000

heap

page read and write

76C0000

trusted library allocation

page read and write

788B000

trusted library allocation

page read and write

C70000

unkown

page readonly

4E40000

heap

page read and write

27C1000

heap

page read and write

7810000

trusted library allocation

page execute and read and write

27C1000

heap

page read and write

80D0000

heap

page read and write

1140000

heap

page read and write

4D90000

unclassified section

page execute and read and write

1F4174D0000

trusted library allocation

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

67F000

heap

page read and write

937000

stack

page read and write

27C1000

heap

page read and write

53D0000

trusted library allocation

page read and write

E6F000

stack

page read and write

53B5000

trusted library allocation

page read and write

15FE000

stack

page read and write

DCC000

stack

page read and write

11A0000

unkown

page read and write

27C1000

heap

page read and write

76B0000

trusted library section

page read and write

2D60000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

B97000

heap

page read and write

8146000

heap

page read and write

53F0000

trusted library allocation

page read and write

671000

heap

page read and write

27C1000

heap

page read and write

53D5000

trusted library allocation

page read and write

758A000

heap

page read and write

27C1000

heap

page read and write

602000

heap

page read and write

2D00000

heap

page read and write

1F417700000

trusted library allocation

page read and write

75AE000

heap

page read and write

38F0000

unclassified section

page execute and read and write

130F000

stack

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

5AA0000

trusted library allocation

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

997000

unkown

page readonly

4A4C000

stack

page read and write

818F000

heap

page read and write

2D00000

heap

page read and write

15AE2000

system

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

997000

unkown

page readonly

11D0000

heap

page read and write

3961000

trusted library allocation

page read and write

10B000

stack

page read and write

5FC000

heap

page read and write

1180000

unkown

page read and write

C60000

unkown

page readonly

2CD0000

unkown

page read and write

1110000

trusted library allocation

page read and write

98E000

unkown

page readonly

1A6D000

direct allocation

page execute and read and write

1060000

heap

page read and write

27C1000

heap

page read and write

151F000

stack

page read and write

27C1000

heap

page read and write

5FC000

heap

page read and write

5D1E000

stack

page read and write

C28EDFB000

stack

page read and write

75C9000

heap

page read and write

1761000

unkown

page readonly

13D0000

unkown

page readonly

55C8000

system

page execute and read and write

27C1000

heap

page read and write

2F6C000

unkown

page read and write

7556000

heap

page read and write

7562000

heap

page read and write

27C1000

heap

page read and write

1145000

heap

page read and write

27C1000

heap

page read and write

53B2000

trusted library allocation

page read and write

CA2000

trusted library allocation

page read and write

27C1000

heap

page read and write

3EA0000

unclassified section

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

3860000

unkown

page execute and read and write

51E000

stack

page read and write

53FB000

trusted library allocation

page read and write

13CF000

stack

page read and write

5C8E000

stack

page read and write

1130000

heap

page read and write

3B7C000

unclassified section

page read and write

B7E000

heap

page read and write

27C1000

heap

page read and write

645000

heap

page read and write

4032000

unclassified section

page read and write

B70000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

2826000

trusted library allocation

page read and write

147E000

stack

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

995000

unkown

page read and write

980000

unkown

page readonly

27C1000

heap

page read and write

666000

heap

page read and write

3E80000

unkown

page read and write

ABCE000

stack

page read and write

5F1000

heap

page read and write

1F415C30000

heap

page read and write

27C1000

heap

page read and write

47EC000

unkown

page read and write

5D80000

heap

page read and write

11C0000

unkown

page readonly

1F415AC5000

system

page execute and read and write

980000

unkown

page readonly

1070000

unkown

page read and write

CCA000

stack

page read and write

27C1000

heap

page read and write

5370000

heap

page read and write

27C1000

heap

page read and write

793E000

stack

page read and write

5FC000

heap

page read and write

148000

stack

page read and write

27C1000

heap

page read and write

7480000

trusted library allocation

page read and write

27C1000

heap

page read and write

995000

unkown

page read and write

27C1000

heap

page read and write

55F000

stack

page read and write

27C1000

heap

page read and write

53BD000

trusted library allocation

page read and write

650000

heap

page read and write

2840000

heap

page read and write

C96000

trusted library allocation

page execute and read and write

2CD0000

unkown

page read and write

75BF000

heap

page read and write

27C1000

heap

page read and write

1F0000

heap

page read and write

1028000

heap

page read and write

27C1000

heap

page read and write

2F8C000

unclassified section

page read and write

1520000

unkown

page readonly

27C1000

heap

page read and write

13D0000

unkown

page readonly

2E40000

heap

page read and write

1320000

heap

page read and write

27C1000

heap

page read and write

27C1000

heap

page read and write

27C0000

heap

page read and write

193E000

direct allocation

page execute and read and write

7574000

heap

page read and write

D5C000

stack

page read and write

There are 705 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
rPRESUPUESTO.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportrPRESUPUESTO.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
rPRESUPUESTO.exe